Menu
Back to Discussions

api gateway: centralized auth or distributed auth

hey everyone, i've been thinking about auth patterns for microservices. we're setting up a new system and kind of debating where to handle the auth. one idea is to centralize all auth logic in the API Gateway. another is to spread the auth logic out, maybe with each service handling its own JWT validation, or calling a dedicated auth service. what's your experience been like? what are the pros and cons you've actually seen, especially when it comes to complexity and how easy it is to maintain as the system grows
37 comments

Comments

Loading comments...