I currently have a homemade AuthenticationService that manages its own store and is able to issue JWT for the frontend, but also refresh token.
It’s working great but we want to use a convenient way to check the JWT across microservices. In another use case we already check some Google JWT with an OpenID verifier that checks clientID… it follows a standard, it’s supported by a community… that’s cool.
In the future it could make sense for us to migrate to OAuth2 so third-parties could reach our API on the behalf on our users. But my question is, does it make sense right now we use ORY Hydra to start using some standards (OpenID Connect) so our microservices librairies can check the JWT origin thanks to
/.well-known/openid-configuration and the
jwks.json file, or is it a crazy idea?
It means for now our AuthenticationService would interact directly with Hydra to generate the JWT token.
In the meantime, it would allow us in the future to step by step open the OAuth2 flow to the outside.
What do you think ?
Note: sorry if it sounds a stupid question