So lets say I have 2 microservices:
1). A serverless / lambda function, triggered by some hardware event
2). A websocket server, to handle some data
I want to ensure that only authenticated connections can connect to the websocket server. But the lambda function has no identifying data to authenticate itself with.
I’m considering creating a JWT on the lambda function, with a secret key, (and short expiration), and use that to auth with the websocket server.
The websocket server will also know this secret key, and can verify the token before it allows the connection.
So my question: Should I be doing this for identity free server to server auth? Providing I am keeping my secret safe.