Hello everyone. Hope you are doing well.
I need some support about a scenario I am currently working on. I know here is the best place I can take help to solve the issue I am wondering. So here is what I’m involved:
I have an application that uses NodeJS on the backend and ReactJS on the frontend. This application has microservice architecture. I use Apollo Server to provide communication between backend services and ReactJS. All services use RabbitMQ and they have their own exchange. One of these services is the user authorization and authentication service which has also used AMQP to deliver and send messages. So when a user tries to log in, Apollo Server receives the credentials, sends them to the message broker, and a consumer in the user authentication service consumes the message which includes the user credentials, produces a JSONWebToken, and then sends the token to the message broker. A subscriber in the Apollo Client which is in ReactJS handles the token and makes the user login.
So here is what I am wondering:
- Is this scenario a good and preferred scenario to use in the user authentication - authorization process?
- What if 1000 users make the same request at the same time with different internet connection speeds? Could the Apollo Client receive the wrong token? I mean let’s imagine 2 users make a request to login, Apollo Server receives them, sends the credentials which are request includes to MQ, user auth service consume the credentials, reproduce token, send them to MQ. Is it possible that UserA receives UserB’s token?