API Gateway Template — Authentication¶
The gateway typically:
- Validates JWT access tokens (OpenID Connect metadata)
- Enforces scopes / roles before forwarding
- Propagates
Authorization, tenant, and correlation headers to backends
Coordinate with Authorization Server for token issuance and Identity Backend for user profiles / claims sources.