Skip to content

Recommended deployment

This chapter describes the recommended way of how TeskaLabs SeaCat Auth deployment.

Architecture overview

Authorization token architecture


The recommended application gateway for TeskaLabs SeaCat Auth is NGINX. NGINX isolates the public network (Internet) from the internal private network and serves as so-called "interception point" for Authentication. Multiple NGINX instances can be operated at once.

The browser respective web applications and mobile applications uses Access tokens or Cookies for authentication purposes.

NXING intercepts incoming requests from the public network and in cooperation with TeskaLabs SeaCat Auth, it exchanges the Access tokens / Cookies by ID tokens and other configured authentication information. ID Token is added by NGINX to the HTTP header of incoming requests.

ID Token is then used internally by microservices and authentication and authorization resource.