Splitting an application into smaller ones is part of the concept of Microservices, but that’s not all. There are several definitions, but one important is that each microservice should reflect a relevant aspect of the system.
Communication between services is usually done using HTTP and some higher-level protocol. It may be a ad hoc with REST and even JSON or something more elaborate like Google Protobuf.
When it comes to authentication, you can study theAuth and look for some implementation of Single Sign-On (SSO). There are several ways to implement this and there are some frameworks ready (I remember the Josso, but it’s been a while, there must be something better today).
The basic functioning is more or less like this:
- Users authenticate to the SSO server and return a token to the client/user/browser.
- With each request for another service, the customer includes the token.
- Other services validate with the SSO server if the token is actually valid.
But, remembering, all this can be abstracted. There are even some services available on the internet that can be used if you want more productivity to focus on the business and not waste time creating your own solution, such as Auth0.
A common technique in Microservices is to create an "Façade" service containing the entire external API of your application. She may be responsible for authenticating and authorizing each request. So you don’t need to expose each service on the internet at different ports and the implementation of Microservices becomes transparent to customers.
Yes it has how to do, the most primitive form is with an Httpclint, but there are implementations that abstract a little this.
– Marcondes
Can you comment a little more? or send a link reference?
– Edward Segnowd
Welcome to [en.so]! Just to conceptualize things, what you’re describing is called microservices, several small cooperating services, with single-Sign-on (or SSO) - a login goes for all applications. Unfortunately I don’t have time to elaborate a complete response on the subject, but a start would be to have an application responsible for the login that generates a token for the customer that is then validated when the request goes to other services.
– utluiz