Should your auth-service be validating tokens?
Earlier this month, I happened to be in a technical discussion with a small team
wherein I was being briefed about how authorization works in their
microservice-based system.
Here's what a request to one of their protected resources looks like:
Though I've only depicted one Protected Service, many of those