In my web application architecture, I would like to separate the application layer from the authentication/authorization layer.
My initial idea would be this:
Some requirements of this system:
- I need to authenticate the user by generating and validating JWT tokens
- It would be interesting to store them for revocation
- Additionally, I need to have a specific authorization system, such as quota system and allowed modules
That said, from what I understand, it would be impractical to just use NGinx, and not an intermediary server/service.
Nginx provides some features, but to me it seems insufficient for the whole purpose: Setting up JWT Authentication, Authentication Based on Subrequest Result
Following the image, the flow would be:
- Client accesses Nginx
- Nginx forwards the entire request to an intermediate server/service that must perform validations and return the original request, possibly modified.
- If the intermediary server returns success to Nginx, Nginx must forward the request to the application server/service
- The application service returns the response to the client.
I believe this is a common architecture, but what are the best practices and ideal tools to use? Is it possible with NGinx? As?
App Server: PHP
Auth Server: any