Hi Guys,
I read the NGINX docs for API Gateway functionality where I can get my the users to my upstream application get authenticated by a different application.
My Idea was to develop 2 applications as a proof of concept. The applications are as follows
1. Main Application :
One would be an Upstream application based on Spring MVC using sessions to identify the logged in users.
2. Authentication application:
It would be a simple web application with only login page and authentication functionality.
I am planning to have sessions created in both the applications (Authentication, upstream). So the user sends a request to login Nginx should forward the request to Authentication applicaiton to check if the user is logged-in or authorized. Once logged in show him/her the index page, loaded from the upstream application with another session id generated by the upstream server. When the logged-in user sends a post-login request to submit a form the NGINX sends this request to authentication application to verify if the session is valid, if valid let it go to the upstream server and serve the request. This means the page on the browser can hold two sessions
I want to know that is my understanding correct of how API Gateway design should be used.