NGINX - API Gateway - Can It work With Session Based Authentication and Upstream Applicaitons

[zaidahmd]

Hi Guys,

I read the NGINX docs for API Gateway functionality where I can get my the
users to my upstream application get authenticated by a different
application.

My Idea was to develop 2 applications as a proof of concept. The
applications are as follows
1. Main Application :
                     One would be an Upstream application based on  Spring
MVC using sessions to identify the logged in users.
2. Authentication application:
                     It would be a simple web application with only login
page and authentication functionality.

I am planning to have sessions created in both the applications
(Authentication, upstream). So the user sends a request to login Nginx
should forward the request to Authentication applicaiton to check if the
user is logged-in or authorized. Once logged in show him/her  the index
page, loaded from the upstream application with another session id generated
by the upstream server. When the logged-in user sends a post-login request
to submit a form the NGINX sends this request to authentication application
to verify if the session is valid, if valid let it go to the upstream server
and serve the request. This means the page on the browser can hold two
sessions

I want to know that is my understanding correct of how API Gateway design
should be used.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273277,273277#msg-273277