IG as a microgateway
IG is optimized to run as a microgateway in containerized environments. Use IG with business microservices to separate the security concerns of your applications from their business logic. For example, use IG with the ForgeRock Token Validation Microservice to provide access token validation at the edge of your namespace.
For an example, refer to IG as a microgateway. The following image illustrates the request flow in an example deployment:
IG processes the request in the following steps:
-
A client requests access to Secured Microservice A, providing a stateful OAuth 2.0 access token as credentials.
-
Microgateway A intercepts the request, and passes the access token for validation to the Token Validation Microservice, using the
/introspect
endpoint. -
The Token Validation Microservice requests the Authorization Server to validate the token.
-
The Authorization Server introspects the token, and sends the introspection result to the Token Validation Microservice.
-
The Token Validation Microservice caches the introspection result, and sends it to Microgateway A, which forwards the result to Secured Microservice A.
-
Secured Microservice A uses the introspection result to decide how to process the request. In this case, it continues processing the request. Secured Microservice A asks for additional information from Secured Microservice B, providing the validated token as credentials.
-
Microgateway B intercepts the request, and passes the access token to the Token Validation Microservice for validation, using the
/introspect
endpoint. -
The Token Validation Microservice retrieves the introspection result from the cache, and sends it back to Microgateway B, which forwards the result to Secured Microservice B.
-
Secured Microservice B uses the introspection result to decide how to process the request. In this case it passes its response to Secured Microservice A, through Microgateway B.
-
Secured Microservice A passes its response to the client, through Microgateway A.