Sign in to track progress and bookmarks.
In microservices, you don't want every service to have its own 'Users' table and login logic. You need a Centralized Identity Provider (IdP) that every other service trusts.
The industry standard for .NET. It implements **OAuth2** and **OpenID Connect (OIDC)**. Instead of logging into the 'Order Service', the user logs into 'IdentityServer'. IdentityServer then gives them a cryptographically signed **JWT (JSON Web Token)** that they can show to any other microservice to prove who they are.
Single Sign-On (SSO) means the user logs in once and has access to all your services. For your engineers, it means they don't have to worry about password hashing, salting, or multi-factor authentication (MFA)—the IdP handles all the "Hard Security" once, and the services just verify the token.
Q: "How do you handle 'Logout' in a distributed system with JWTs?"
Architect Answer: "JWTs are stateless, so you can't technically 'De-auth' them until they expire. However, for high-security apps, we use a **Token Blacklist** in Redis. When a user logs out, we add their `jti` (token unique ID) to Redis. Every microservice checks Redis before processing a request. This gives us the ability to instantly revoke access while keeping the performance benefits of JWTs."
Quizzes linked to this course—pass to earn certificates.
On this page
1. Duende IdentityServer 2. The Benefits of SSO 4. Interview Mastery