7 Securing service-to-service communication with JWT
This chapter covers
- The role of JSON Web Token (JWT) in securing service-to-service communication among microservices
- Using JWT to carry user context between microservices
- Using JWT for cross-domain authentication
- Using JWT for message level encryption and signature
In chapter 6, we discussed securing service-to-service communication in a microservices deployment with mutual Transport Layer Security (mTLS). mTLS is in fact the most popular option for authenticating one microservice to another, in building a zero-trust network. JWT too plays a key role in securing service-to-service communication. It can be used to carry the identity of the calling microservice, or the identity of the end user or the system that initiated the request. The JWT can also be used to propagate identity attributes between multiple trust domains. We explore in this chapter the role that JWT plays in securing service-to-service communication in a microservices deployment. If you are not familiar with JWT, we recommend you first go through appendix H. Appendix H provides a comprehensive overview of JWT.