7 Securing east/west traffic with JWT

 

This chapter covers

  • Using JWTs in securing service-to-service communications
  • Using JWT to carry user context among microservices
  • Using JWT for cross-domain authentication

In chapter 6, we discussed securing service-to-service communications in a microservices deployment with mTLS. mTLS is, in fact, the most popular option for authenticating one microservice to another. JSON Web Token (JWT), which provides a way to carry a set of claims or attributes from one party to another in a cryptographically secure way, also plays a key role in securing service-to-service communications in a microservices deployment.

You can use JWT to carry the identity of the calling microservice, or the identity of the end user or system that initiated the request. JWT can also be used to propagate identity attributes between multiple trust domains. In this chapter, we explore the role that JWT plays in securing service-to-service communications in a microservices deployment. If you’re not familiar with JWT, we recommend you first read appendix B, which provides a comprehensive overview of JWT.

7.1 Use cases for securing microservices with JWT

7.1.1 Sharing user context between microservices with a shared JWT

7.1.2 Sharing user context with a new JWT for each service-to-service interaction

7.1.3 Sharing user context between microservices in different trust domains

7.1.4 Self-issued JWTs

7.1.5 Nested JWTs

7.2 Setting up an STS to issue a JWT

7.3 Securing microservices with JWT

7.4 Using JWT as a data source for access control

7.5 Securing service-to-service communications with JWT

7.6 Exchanging a JWT for a new one with a new audience

Summary

sitemap