Auth Server vs User Server

User server contains CRUD apis and checking basic authentication logic

• CRUD user
• check if email & password matches user information Auth server contains logic related to issuing token & verifying token
• Issue Access & Refresh token
• Verify token

Authentication Flow (2023.11.19)

Currently, auth guards in gateway goes through several microservices

1. Go to auth service
2. Auth service calls user service to verify the user
3. Auth service responds back to the gateway service.

Can we reduce the steps?

1. Verify the jwt token from the auth service only. In order to achieve this, auth service also needs information about user id and email.
2. We need a separate database that contains user email and user id. This can be efficiently improved using in-memory db, which contains key-value pairs of email and id.
3. If we use in-memory database, we do not have to sync the data with the database in the user table. Every time a user logs in, we can simply put email, username in the in-memory database.
4. How should I set the duration? Not sure. Maybe the expiration time equal to the access-token expiration?

Database (2023.11.19)

For now, I'm just using one database server, since the service isn't too large and the business logic is not that complicated. However, in the future, we would have to refactor/migrate database server for each server instance.