How to handle authentication system wide with kafka as the transport layer?

[Joseph Pachod <jo...@gmail.com>]

Hello

I've been reading about kafka and its use in a distributed system,
authentication handling remains a mystery to me.

Indeed, when the user connects to the website, many services are triggered
: how do they make sure the user is authenticated and authorized ?

I mainly see two options :
- each service asks an "authentication service" : sounds simple but may
trigger a lot of traffic, to the point it doesn't seem practical for the
scale of systems kafka aims for,
- each service listens for "authentication events" : sounds more intriguing
than the above but implies lot of consumers and quite some requirement
regarding freshness of the data.

In the end, these options doesn't sound right. Another way I could come up
with is a gateway between the client and the services : the gateway would
ensure authentication and the like and only forward to the relevant
services.

This solution feels nice since it avoids plenty of round-trips or
listening, it feels tricky to implement (what about scalability & single
point of failure matters for example ?

In the end I'm really wondering how to best tackle the issue: any advice,
hint or info on how they do it at linkedin?

Thanks in advance,
best,
Joseph