Home > Enterprise >  Can I use mTLS for authentication instead of Open ID Connect?
Can I use mTLS for authentication instead of Open ID Connect?

Time:03-14

I would like to use mTLS to protect microservices instead of Open ID Connect.
As I understand how mTLS works, it encrypts the communications between two services via SSL handshake.

However, can I use mTLS as authentication mechanism instead protect services through Open ID Connect?

CodePudding user response:

You can use mTLS as an infrastructure security solution between microservices, but it will have limitations, and will not be able to manage user level security. So it depends who the clients of your microservices are, and how you need to authorize API requests.

USER LEVEL SECURITY

This is where OAuth and OIDC are used, and often there is a web or mobile app as a client:

  • The client runs a code flow and gets tokens
  • The client sends an access token to microservices
  • Microservices receive a JWT access token that identifies the user
  • Microservices can forward this to other microservices when required

Because of the user identity in the access token, the API can perform user level authorization, eg to. ensure that a user can only view their own purchase history.

COMBINING mTLS AND OAUTH

It is common to combine these two building blocks, and security standards / regulations sometimes require this. See this financial-grade security overview for some example scenarios.

Page link:https//www.codepudding.com/Enterprise/333730.html

Prev:Spring Security - Stolen JWT token
Next:C# - SQLCMD didn't recognised standard input
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding