Search results

Hello everyone! The classic approach to authorization is when its control is placed inside a specific service in the form of static rules. That is, the role and rights check from the JWT token is hardcoded into the code. In the first versions of our services, this was done. Later, the idea was born to remove this load from them and transfer it to a thin proxy service, which DevOps will deploy as a sidecar to the protected service. GraphQL was chosen as the technology.