My scenario involves clients providing a session ID, which we must pass to our authentication service. The authentication service will then validate the session ID. If the session ID is valid, we proceed to access the actual server, otherwise, we return an error to the client.
Yes, it is feasible to perform authentication in KrakenD by invoking an API. However, there are some considerations to keep in mind:
In conclusion, while it is feasible to authenticate by invoking an API, it is not recommended to design an authentication process that requires an additional request to the authentication API for each request to the gateway. A JWT-based approach would be more efficient and scalable.