(This is for a university project so keep in mind that there is slightly less security than in a real-world application and its only an API no front-end)
I am implementing a microservices-based app and need to implement authentication and authorization. I was thinking of using JWTs since I can authenticate the user and also add their privileges into the JWT. However, I saw that they can be altered fairly easily due to the not ideal algorithms used for the signature. I looked at this article
However I can't seem to find whether spring has functionality for mapping opaque keys to JWTs in the gateway service, so I can give my user an opaque key and use a JWT internally.
as slauth mentioned in the comments, the need for an opaque token can be avoided by using an asymmetric algorithm for signing the JWTs thus making them tamper-proof