Currently, we are designing a unified authority mid-stage system for the group's business systems. Due to the large number of systems designed, the corresponding authority division business rules are fine. From the previous "distributed across various business systems", it is now planned to be "unified in the authority center Assign User Behavior. " When doing architecture design, an architecture diagram is roughly divided as follows:
Thx~😊
Once aggregation service authenticated user than no need to send request to aggregation micro service, token creation time you can set token's TTL.
However, request can be send to any micro service through ingress gateway directly, destination service can check token from REDIS with TTL , if token expired then send revocation notice, remove key in REDIS otherwise continue to use any micro service based on role.
Yes, you need ingress gateway, and aggregation micro service can be treat as micro service not as upper layer of all micro service.