spring - Communication between user-service and auth-service in microservice architecture

问题描述

Scenario:

This is my login scenario for my microservice application:

1. The user enters his phone number
2. A verification code will be sent
3. The user must send the received code to verify it
4. The user must enter his password
5. A JWT Token will be received

REST Implementation

For implementing the given scenario, I've created three services: auth, sms, and user. From my point of view, I think it's better to handle requests for sending verification code and generating JWT token from user-service. Here is the detail of my implementation:

• User calls POST /user/sms to send his phone number to the user-service. Inside that, a request will be made to the sms-service to send the verification code.

• Then user calls POST /user/verify to verify the code, again this request will be handled inside the user-service. If the code is valid, user-service will generate a temporary token and pass it to the header response (assume that the user is already registered into the system)

• Now the user passes his password with the temporary token via POST /user/password. If the credentials are valid, user-service will call auth-service to get a JWT token and append it to the response header of POST /user/password.

Question

Are there right communications between user<->auth and user<->sms services?

标签： springsecurityspring-securitymicroservicesrestful-authentication