Monolithic applications resources share the same execution environment. This attribute allows the application's resources to share a common authentication and authorization mechanism. However, in a microservice, each service runs in its own execution environment and cannot share a common authentication and authentication mechanism. This article introduces an approach that divides the authentication and authorization responsibilities in the application. Authentication is handled by an Authentication Service that verifies a user's credentials and issues the caller a JSON Web Token (JWT), representing the authenticated user. Any service that contains secured resources is responsible for handling access authorization. The service performs access authorization by comparing claims contained in the JWT against the required resource privileges.
