Securing Microservices with Auth0 and MicroProfile in Kubernetes without a hassle | Ondro Mihalyi

Security

Secure microservices with Auth0 and MicroProfile in Kubernetes without complexity, using JSON Web Tokens (JWT) for authentication, authorization, and claims-based security.

Key takeaways
  • To secure microservices, you can use Auth0 and MicroProfile in Kubernetes.
  • You can override the default configurations for the command in the Dockerfile.
  • JSON Web Tokens (JWT) can be used to encrypt authentication information.
  • JWT can be used to authorize access to REST endpoints.
  • MicroProfile JWT specification can be used to validate JWT tokens.
  • Auth0 provides single sign-on, multi-factor authentication, and supports external services such as Google authentication.
  • To secure microservices, you need to think about how to do that, including how to secure calls between services.
  • Using JWT, you can authenticate against an issuer, such as Auth0.
  • JWT contains standard claims, such as the caller’s identity and permissions.
  • To implement JWT authentication, you need to specify the list of URLs that are allowed.
  • MicroProfile allows you to use annotations on JAX-RS resources to specify roles allowed and restrict access.
  • You can use the MaX Micro Maven plugin to simplify building and deploying applications.
  • JWT is a web standard specified by RFC 7519.
  • When using JWT, you need to manage token expiration and revocation.
  • Auth0 provides a free tier and supports Gmail or Google authentication.
  • You can use Pyomicro or other libraries to simplify JWT authentication.
  • JWT allows you to carry authentication information between services without storing the token.
  • Microservices are mostly stateless, so you need to carry authentication tokens between services.
  • JWT can be used to identify the caller and the permissions they have.
  • You can configure the lifetime of JWT tokens, such as specifying a short lifetime or a long lifetime.
  • JWT can be used to detect and prevent security breaches.
  • To secure microservices, you need to think about how to do that, including how to secure calls between services.
  • You can use Auth0 or other identity platforms to simplify security and focus on business features.

More talks

DeveloperWeek 2020 KEYNOTE: Lessons in Building a Platform: How to Grow & Scale a Commerce Platform

From Java to Kotlin: migrating microservices at Grindr

Locknote: Conclusions and Key Takeaways from Day 1

Building that glorious monolith. And carving it too. - Glenn F. Henriksen - NDC Porto 2023

Battle of the frameworks : Quarkus vs SpringBoot by Giorgos Andrianakis & Christos Sotiriou

Introduction to Kubernetes Security - Marc Boorshtein

SAINTCON 2023 - Roberto Mello - Alice, this is Bob

Sarah Drasner - The State of the JAMstack Nation