Final Thesis: Token-based Authentication and Authorization in Microservices
Abstract: Microservices represent an architectural approach that is gaining more and more importance to realize highly scalable, reliable and maintainable systems within an agile development process. The advantages of microservice architecture are accompanied by the challenge of designing a distributed system. In such a distributed system, authorization and authentication pose a particular problem. This is because not only the calls of the users to a single service have to be secured, as is the case with a classic monolithic architecture. Instead, end-to-end authorization and authentication must be ensured for every API that can be accessed by a user, as well as for communication between microservices. One approach to solving this problem is token-based authentication and authorization. This provides an efficient and scalable mechanism to ensure security and access control in microservice systems. In this work, we investigate how to implement a token-based authentication and authorization in a microservice architecture. To this end, a structured literature review is first conducted to build theory. The resulting findings serve as the basis for the subsequent demonstration of token-based authentication and authorization in practice. In the demonstration, an authentication and authorization concept for an Open Data ETL platform based on an Open Source IAM solution is designed and subsequently implemented in a prototype. Finally, the lessons learned from the design and implementation are compared to the results of the literature review.
Keywords: microservices, security, authentication, authorization
PDF: Master Thesis
Reference: Christoff Schaub. Token-based Authentication and Authorization in Microservices. Master Thesis. Friedrich-Alexander-Universität Erlangen-Nürnberg: 2023.