I'm following a microservices architecture and using
JWT for authorization and authentication. I have a
User service that includes some details about users, and I was considering including authorization endpoints in the
User service. Is that a bad idea?
I saw some other diagrams that had the
API Gateway make separate calls to both an
Authorization service and a
User service. If I'm using separate MongoDB databases for each of the services, wouldn't I be duplicating (some) data if I separated authorization and user endpoints?