> On 22 Jul 2016, at 16:17, Norbert Hartl <[email protected]> wrote:
>
Hi!
> Taking the assumption of having 20 service images, every image would need to
> get back to A in order to check authorization information. The more services
> images you have the more load it will put on A. In a JWT use case scenario
> the same would look like
>
> 1. client C authenticates and receives a JWT containing authorization
> information. The token is signed by A
> 2. client C hands out JWT to service S
> 3. S checks the signature of A and knows that the authorization information
> contained is valid.
> 4. S grants C access
thank you for the information! I have one rather specific question. How is the
token normally transported from C to S? Part of the body/data of a
POST/PUT/GET? A custom header inside the HTTP request?
kind regards
holger
