This topic provides an overview of the authentication methods supported by cloud-native gateways.
In the microservices architecture, external users (clients) send requests to services. However, the services are not exposed to the clients. Gateways are deployed between clients and servers to control access. The gateways authenticate external requests based on customizable access control policies.
Gateway authentication methods
Cloud-native gateways support multiple authentication methods, including JSON Web Token (JWT), OpenID Connect (OIDC), Identity as a Service (IDaaS), and custom authentication.
Cloud-native gateways provide a mechanism for authorized access to your APIs based on JWTs. You can use this mechanism to customize security settings. Cloud-native gateways verify the identities of requesters who make API calls and determine whether to return requested resources to the requesters. Tokens are used for identity authentication. When tokens are used, applications do not need to retain user authentication information or session information on the server side. This implements stateless and distributed web application authorization and facilitates application extension.
For more information about how to configure JWT authentication in cloud-native gateways, see Configure JWT authentication.
OIDC is an authentication protocol. Based on this protocol, third-party applications can connect to identity providers to obtain user information, and then identity providers send the obtained user information to the third-party applications in a secure and reliable manner. OIDC extends the OAuth2.0 protocol to provide basic user identity information by using the extended ID Token field. ID Token is encapsulated in JSON Web Token (JWT) format to provide a self-contained and tamper-proof mechanism. This ensures that ID Token can be securely transmitted to third-party applications and easily verified.
For more information about how to configure OIDC authentication in cloud-native gateways, see Configure OIDC authentication.
IDaaS provides a set of services that help you manage identities, permissions, and applications in a centralized manner. Cloud-native gateways are seamlessly connected to IDaaS to provide a comprehensive solution for identity authentication.
For more information about how to configure IDaaS authentication in cloud-native gateways, see Configure IDaaS authentication.
If tokens contained in client-side requests are in a custom format, after your servers receive requests, the servers must access a unified authentication service to authenticate the tokens. You can connect cloud-native gateways with a custom authentication service to centrally manage the authentication of all your backend services.
For more information about how to configure custom authentication in cloud-native gateways, see Configure custom authentication.