alt Hacker NewsThe trick is to have your gateway handle authn, and then proxy authz data upstream so those services can decide how to handle it without needing to make a second call to the identity service.
The trick is to have your gateway handle authn, and then proxy authz data upstream so those services can decide how to handle it without needing to make a second call to the identity service.
You probably want to have a UI for account creation and password resets, right? There's a frontend that has to talk directly to identity service.
You may want to bill based on # of active users - well that's interactive with the identity service (you can do this without billing calling the identity services' API, but the alternatives are just other common dependencies.
You may want a tool for the support team to search identity service to find a user or their account status.
If you have a sharing feature, you may want that to verify you are sharing with an account that exists.