I’ve read the JWT Sessionless Authentication article and I am still not sure if its functionality can be used to get the following. If it is possible, I will appreciate a code example.
We have microservices API where each request is expected to include a valid token which can be checked for claims vs. some 3rd party. It is up to client to get the token and send it within the request.
We do not want to have auth request requirement. We do want to check the token for specific claim(s) depending on the request before we process the request.
The suggested solution is not good due its complexity. Instead of adding and removing stuff it is simpler just to implement pre-request filter that will do the whole authorization logic. However, if something like above can be achieved by using JWT Auth it will be even better.
So, can we?