I am planning a new microservice project. Single microservices are REST-APIs, the user should authenticate himself with JWT. I want to use the LexikJWTAuthenticationBundle for implementing JWT.
How can I make sure that the token is validated correctly on different servers?
Don't do distributed authentication, make one server be the auth server which the other servers send the token to for authentication. You can cache the authentication for a (short) period of time, but the data-of-record for the JWT token should be centralized so that if it is invalidated it is invalidated everywhere.
