I'm working on a project where I am using microservices to handle various portions of my business logic. My current implementation uses JWT tokens to authenticate requests. For performance reasons, I need intermodule requests to skip the token generation or authentication step and always be allowed.
One approach I thought of was configuring my project modules to use a token with an "infinite" expiry so to speak. Is this an appropriate approach or is there a better way to achieve what I want.
Thanks in advance!
The final approach that ended up working for me was a service which creates a refreshed JWT token at an interval that's a few seconds shorter than the token expiry.
Then a RestInterceptor adds this Bearer token to all requests that are for intermodule communication (which is detected by matching hostnames).
All of this is contained in a security JAR which is used in each module. This also has the advantage of allowing every module to have it's own authentication endpoint (the private key is shared) so even if one service is somehow down, the other services can still be accessed.