JWT Security Model π
This document explains how JSON Web Tokens (JWT) are used in ShopVerse to provide secure, stateless authentication and authorization across microservices.
JWT is a core security mechanism in ShopVerse and forms the foundation of the API Gatewayβbased security design.
π― Why JWT in ShopVerse?β
JWT was chosen because it provides:
- Stateless authentication
- High performance (no session lookup)
- Easy horizontal scaling
- Secure identity propagation across services
- Industry-standard security model
JWT fits naturally with microservices architecture.
π§ High-Level JWT Strategyβ
ShopVerse uses JWT with the following principles:
- JWT is issued only by Auth Service
- JWT is validated only at API Gateway
- Downstream services never parse JWT
- Services trust gateway-injected headers
This avoids duplication and security inconsistencies.
π JWT Lifecycleβ
π§Ύ JWT Token Structureβ
JWT consists of three parts:
HEADER.PAYLOAD.SIGNATURE
π JWT Headerβ
{
"alg": "HS512",
"typ": "JWT"
}
HS512β HMAC with SHA-512- Ensures strong cryptographic signing
π¦ JWT Payload (Claims)β
{
"sub": "user@example.com",
"role": "CUSTOMER",
"name": "John Doe",
"iat": 1710000000,
"exp": 1710003600
}
| Claim | Purpose |
|---|---|
sub | User identity (email) |
role | Authorization role |
iat | Issued at |
exp | Expiration time |
π JWT Signatureβ
- Created using server-side secret key
- Prevents token tampering
- Validated at API Gateway
β± Token Expiration Strategyβ
- Tokens have short expiration
- Reduces risk if token is compromised
- Forces periodic re-authentication
Example:
Expiration: 1 hour
π‘οΈ API Gateway JWT Validationβ
The API Gateway performs:
- Signature validation
- Token expiration check
- Claim extraction
- Role extraction
- Request rejection on failure
If JWT is invalid:β
401 Unauthorized
π Header-Based Identity Propagationβ
After successful validation, the gateway:
- Removes Authorization header
- Injects trusted headers:
X-User-Email: user@example.com
X-User-Role: CUSTOMER
Downstream services trust only these headers.
π Service-Level Authorizationβ
Each service:
- Uses a custom security filter
- Builds
SecurityContext - Enforces RBAC
Example:
ADMINβ Create / Update / DeleteCUSTOMERβ Read / Order / Pay
β οΈ Security Threat Mitigationsβ
| Threat | Mitigation |
|---|---|
| Token tampering | Signature validation |
| Replay attack | Token expiration |
| Credential theft | BCrypt hashing |
| Service bypass | Gateway-only access |
| JWT leakage | Header removal |
β Why JWT Is NOT Parsed in Servicesβ
Parsing JWT in every service causes:
- Code duplication
- Security drift
- Performance overhead
Centralizing JWT validation:
- Improves security
- Simplifies services
- Makes auth changes easier
π Failure Scenariosβ
β Expired Tokenβ
- Gateway rejects request
- Client must re-login
β Invalid Signatureβ
- Request blocked immediately
β Missing Headersβ
- Service returns
403 Forbidden
π Scalability Benefitsβ
- No session storage
- Stateless services
- Easy horizontal scaling
- Load-balancer friendly
π Best Practices Followedβ
- Strong signing algorithm (HS512)
- Short-lived tokens
- Centralized validation
- No sensitive data in payload
- Secure secret management
π§ Interview Explanation (One-Liner)β
βWe use JWT for stateless authentication, validate it centrally at the API Gateway, and propagate trusted identity headers to downstream services for RBAC.β
π Summaryβ
The JWT security model in ShopVerse provides:
- Strong authentication
- Clean authorization
- Centralized security control
- Microservices-friendly scalability
JWT acts as the security backbone of the entire system.