#Handling Distributed Transactions in Microservices:

https://blog.bitsrc.io/distributed-transactions-in-microservices-
d07aba281f90#:~:text=In%20this%20approach%2C%20each%20business,local%20transaction
%20in%20the%20saga.
Two-Phase Commit(2PC)- The 2PC as the name suggests, it handles the transaction in
two stages, a prepare phase and a commit phase.
Eventual Consistency and Compensation / SAGA-Each service publishes an event
whenever it updates its data. Other service subscribe to events. When an event is
received, a service updates its data

#Spring cloud
Spring Cloud provides tools for developers to quickly build some of the common
patterns in distributed systems (e.g. configuration management, service discovery,
circuit breakers, intelligent routing, micro-proxy, control bus, one-time tokens,
global locks, leadership election, distributed sessions, cluster state).
Coordination of distributed systems leads to boiler plate patterns, and using
Spring Cloud developers can quickly stand up services and applications that
implement those patterns. They will work well in any distributed environment,
including the developer’s own laptop, bare metal data centres, and managed
platforms such as Cloud Foundry.

#circuit Breaker
The circuit breaker pattern is a design pattern that falls under the sustainable
design patterns category. It allows developers to prevent cascading failures in
microservices architecture by invoking remote services through a proxy.It has three
states: Closed, Open, and Half Open.The initial state of the circuit breaker or the
proxy is the Closed state. The circuit breaker allows microservices to communicate
as usual and monitor the number of failures occurring within the defined time
period. If the failure count exceeds the specified threshold value, the circuit
breaker will move to the Open state. If not, it will reset the failure count and
timeout period.Once the circuit breaker moves to the Open state, it will completely
block the communication between microservices. So, the article service will not
receive any requests, and the user service will receive an error from the circuit
breaker.
The circuit breaker will remain in the Open state until the timeout period ends.
Then, it will move into the Half-Open state. In the Half-Open state, the circuit
breaker will allow a limited number of requests to reach article service. If those
requests are successful, the circuit breaker will switch the state to Closed and
allow normal operations. If not, it will again block the requests for the defined
timeout period.

->For complete understanding of circuit Breaker: https://blog.bitsrc.io/circuit-

breaker-pattern-in-microservices-26bf6e5b21ff#:~:text=The%20circuit%20breaker
%20allows%20microservices,failure%20count%20and%20timeout%20period.

#API Gateway(Netflix API gateway)-> Authentication , monitoring,load balancing,

caching,request shaping and static response handling.
#Service mash(istio)
->Service meshes can make service-to-service communication fast, reliable and
secure.
->A service mesh is a dedicated infrastructure layer that controls service-to-
service communication over a network. This method enables separate parts of an
application to communicate with each other. Service meshes appear commonly in
concert with cloud-based applications, containers and microservices.

#Rate limiter

#SAML 2.0
->Roots in single sign-on for browser-based application.
->Provides both authentication and authorisation
->XML based

#OAuth 2
->OAuth is an purely an authorization protocol(what you can do)- instead of
authentication protocol(who you are).
->Many different grant types , which are not interoperable.
->Increasingly being used in conjunction with OpenID connect.

#OIDC
->OIDC is the successor/replacement of OpenID 2
->Provides authentication in the form of ID tokens on top of OAuth authorization.

#OAuth
#JWT token
->Authorization Bearer token
->x:y:z
->header:payload:signature
->every time different jwt token will be generated for same username and passwor
-> a secret key that is shared between two parties. This secret key is used to
encrypt the data and on the receiving end, the same key is used to decrypt the
data. HS256 signatures are generated using a secret key which is validated at the
receiving end (resource server). On the receiving end, using the payload and secret
key signature are generated again and compared to the incoming signature part of
the JWT. As only the authentication server and the resources server are in
possession of the secret key, it is not possible to temper the JWT token, and
that’s how we can check the validity of the JWT token.

#Authentocation and Authorization

#Idempotent
->Basically idempotency means there is no side effect when the same operation is
applied multiple times. An example of idempotent operation is HTTP PUT, because
applying a PUT operation always lead to the same result

#service discovery in microservices architecture

There are many ways to set up service discovery, but Netflix's Eureka is the most
efficient. This is a hassle-free procedure that doesn't add much weight to the
application

#SSO(Single sign on), SAML