1
00:00:01,320 --> 00:00:05,820
We've now taken a look at fundamental option number one and number two for handling the question of

2
00:00:05,880 --> 00:00:09,150
whether or not a user is authenticated inside of our application.

3
00:00:09,150 --> 00:00:13,920
So just to summarize these two things one fundamental option number one we said that every individual

4
00:00:13,920 --> 00:00:19,470
service was going to rely upon some central auth service either as some outside service or as a central

5
00:00:19,470 --> 00:00:20,730
gateway.

6
00:00:20,820 --> 00:00:26,460
The benefits to this approach reflected here in green is that times that we made changes to our authentication

7
00:00:26,460 --> 00:00:32,100
state or the access of a user it would be immediately reflected throughout the rest of our cluster or

8
00:00:32,100 --> 00:00:34,010
throughout the rest of our services.

9
00:00:34,020 --> 00:00:38,880
So if we set a user was beyond as soon as the next service came and asked about the status of a user

10
00:00:38,940 --> 00:00:43,440
or whether or not they were actually signed in we could absolutely say this person is banned do not

11
00:00:43,440 --> 00:00:44,920
allow them access.

12
00:00:45,120 --> 00:00:49,740
The really big downside to this approach was that if the service ever went down our entire app would

13
00:00:49,740 --> 00:00:56,540
be broken now fundamental option were to really is the exact opposite in nature with the fundamental

14
00:00:56,540 --> 00:01:00,500
option were to we were going to teach each service how to authenticate a user.

15
00:01:00,500 --> 00:01:03,890
So in this case if the service ever went down Who cares.

16
00:01:03,890 --> 00:01:05,270
Doesn't matter.

17
00:01:05,330 --> 00:01:11,010
Our other services don't even have to understand that the authentication service exists.

18
00:01:11,030 --> 00:01:13,120
That was the big upside to this approach.

19
00:01:13,310 --> 00:01:18,320
However the downside was that if some user ever got banned there was gonna be a window or a period of

20
00:01:18,320 --> 00:01:23,630
time where we were going to continue to trust that that user was actually signed in so we can imagine

21
00:01:23,630 --> 00:01:28,100
that someone might come to us and say hey that person was just banned and we would respond.

22
00:01:28,240 --> 00:01:33,170
Man I just gave them keys to my bank account or something like that five minutes ago because we are

23
00:01:33,170 --> 00:01:40,070
being told too late that this user is now banned so the real question here as it really comes to us

24
00:01:40,100 --> 00:01:43,420
as it applies to us which option are we going to go with.

25
00:01:43,430 --> 00:01:48,040
Well the answer is we are going to go with option number two so we're going to go with option number

26
00:01:48,040 --> 00:01:53,770
two specifically because I want to promote this idea of making independent services.

27
00:01:53,770 --> 00:01:58,060
Remember in all things micro services there really is a spectrum throughout this course.

28
00:01:58,060 --> 00:02:03,970
We've been following this idea of async communication which really leads to a huge amount of independence

29
00:02:03,970 --> 00:02:07,870
between our different services but we absolutely can't have a hybrid of sorts.

30
00:02:07,870 --> 00:02:13,930
We can have a setup where we've got a ton of async communication going on but we can also have some

31
00:02:14,350 --> 00:02:17,330
little instances of sync communication as well.

32
00:02:17,410 --> 00:02:22,040
So regardless of that I do want to promote this idea of independent services.

33
00:02:22,150 --> 00:02:25,260
So we're going to go with option number two.

34
00:02:25,300 --> 00:02:30,320
Now you still might say Steven wait a minute there's like a fundamental security issue here.

35
00:02:30,340 --> 00:02:31,750
How would we solve that.

36
00:02:31,750 --> 00:02:32,650
Well don't sweat it.

37
00:02:32,650 --> 00:02:34,510
I got your back I got an answer for you.

38
00:02:34,540 --> 00:02:39,670
There is a way that we can solve this entire problem of banning users or updating their authentication

39
00:02:39,670 --> 00:02:41,140
state in some way.

40
00:02:41,140 --> 00:02:43,870
However it is kind of a little bit longer explanation.

41
00:02:43,870 --> 00:02:47,840
So we're going to take a pause right here and the next video I can give you an optional lecture.

42
00:02:47,860 --> 00:02:50,050
So you do not have to listen to it if you do not want to.

43
00:02:50,170 --> 00:02:54,700
But I going to tell you about one strategy we could use to get over this really big issue with option

44
00:02:54,700 --> 00:02:55,610
number two.

45
00:02:55,660 --> 00:02:58,230
So quick pause and we'll take a look at that in just a moment.