I've multiple clients which they have an API, my micro service send them a post request with a JWT token. I was thinking of using IdentityServer4 to generate my JWT token (RSA256) and have one configuration per client. Each client, can validate the token thanks to JWKS_URI.
It is a good approach to do this ?
Thanks for yours comments
CodePudding user response:
In IdentityServer terms the MicroService is a client and client1/2 is an ApiResource (tied to an ApiScope).
If there is no user involved and the Microservice should on its own be able to send requests to the API, then you should use the client_credentials flow. With with flow, there is no ID-token.
If there is a user who is logs in at your microservice, then you should use the authorization code flow.
Otherwise than that I think its a good plan, you should think about the naming of things. I would call the Microservice a WebClient or WebApplication if there are users who logs in through it.