I have a NodeJS Restful API server which is publicly accessible to consume Rest API Services. I have JWT authentication implementation in place as middleware method when any request comes in to access secure end-point. These services are exposed publicly via an Nginx Reverse-proxy server.
Recently, I just came across Nginx auth_request technique to authenticate the request which seems pretty nice concept in different ways where we can use it as in Nginx sub-request i.e. https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
After looking at Nginx sub-request mechanism it seems really handy to use with existing NodeJS (or any other API services) app, or we can also use any other explicit authentication service to authenticate the request.
The only things that I am confused with and really want to understand are:
- Is there any specific use-case where we can use Nginx approach over NodeJS middleware?
- What would be the difference in terms of security point
- What would be the performance impact when there are hundreds of users accessing same NodeJS (protected) API services. I mean which approach will give us what sort of benefit or limitation
- Any difference in terms of future scalability
Looking forward to hear from relevant experts who can better understand my problem statement and can advise or share their understanding and assessment.