This is a two-part article where we are going to analyze an option to secure RESTful web services through the JWT standard, also analyzing the option to use public keys that can be rotated to increase the security model.
In this first part we will analyze the standard for JWT and JWK from a theoretical standpoint. Our part two of the article will focus on a simple practical example about how to implement this security standard to protect your own microservices.
In the contemporary environment of software development, securing microservices has become increasingly important. Since RESTful microservices run over HTTP protocol, anyone having access to the web API exposed by a microservices application can invoke its services simply using a web browser, or even more sophisticated invocations can be done using tools like Postman. This is mainly the reason to have a robust security mechanism protecting and controlling the access to any service within an organization infrastructure.