Best Practices for Token Transmission and Unified Authorization in Microservices

When designing microservice authentication, blindly forwarding the original token to downstream services is discouraged because it mixes internal and external APIs and reduces statelessness.

Instead, the gateway should parse the token, extract the userId, and pass it as an explicit parameter to downstream services, improving atomicity and code reuse.

Unified authorization can be achieved by centralizing authentication in the application gateway. Two common internal‑call mechanisms are shown:

Feign : Spring Cloud Gateway validates the token, adds user information to request headers, and downstream services expose a separate internal controller for Feign calls, which adds extra code.

Dubbo : After gateway authentication, user data is forwarded similarly, but services communicate via Dubbo interfaces without needing extra internal controllers, resulting in cleaner code at the cost of added stack complexity.

A third approach removes the gateway entirely, using a Spring Boot Web application (preferably with Undertow) to host all service controllers and perform unified authentication, simplifying the architecture but losing dynamic routing via configuration centers.

Non‑unified authorization delegates authentication to each service, often by sharing a common auth module that handles JWT parsing, permission checks, and caching (local or Redis), which suits large teams with independent service ownership.

When deploying on Kubernetes, the gateway can be replaced by an Ingress, and service discovery can rely on Kubernetes Service objects, eliminating the need for a separate registry.

Example Feign client:

@FeignClient(name = "user-service", url = "http://goods-svc:8080")
public interface UserServiceClient {
    @GetMapping("/users/{id}")
    User getUserById(@PathVariable("id") Long id);
}

Example Dubbo reference:

@Reference(url = "dubbo://goods-svc:20880")
private DemoService demoService;

The article concludes that there is no universally correct solution; architects should choose the design that best fits their project’s requirements.