REST Service Authorization with JWTs

Many companies are adopting micro-services based architectures to promote decoupling and separation of concerns in their applications. One inherent challenge with breaking applications up into small services is that now each service needs to deal with authenticating and authorizing requests made to it. Json Web Tokens (JWTs) offer a clean solution to this problem along with TLS client authentication lower down in the stack.

Wils Dawson and I presented these topics to the Java User Group at Okta’s HQ in December and are thrilled to offer the slides, code, and the following recording of the presentation. In the talk, we cover authentication and authorization both at a server level with TLS and a user level with OAuth 2.0. In addition, we explain claims based auth and federation while walking through demos for these concepts using Java and Dropwizard. We purposely skipped over client (e.g. browser) side authentication as it’s enough material for a future talk and focused on solutions for authentication and authorization between services within an application.