We may not realize it, but the Single Sign-On (SSO) is much more present in our day-to-day lives than we can imagine. A good example is when we use the user account of a service to log in to another totally different service.

With JWT, which we looked at in the previous topic, it is entirely possible to create an application that provides SSO. In the following diagram, you can see the general behavior of the SSO using JWT:

With SSO, we can provide more dynamics to the application, and not only as a product; we can also offer the authentication and authorization service.

Something important to understand is that a specialized microservice in authentication needs to be very optimized as it can become a bottleneck on a large scale. To reduce the friction that can be generated by an authentication microservice, it is common to separate the authentication microservice into two parts. The first part is responsible for token validation, and the second is responsible for token generation.

The following diagram shows two distinct streams, one for creating the JWT token and another stream to verify that the received token is valid:

As you can see in the preceding diagram, we are using Nginx with a plugin to do the validation part of the token. This type of strategy reduces stress on the logical layer, thus reducing bottlenecks.