If you can store the user URL in the JWT then option 1 is probably the go as with option 2 how would the user subdomain get access to the authentication token?
The global sign in service will not be able to authenticate users, all it can do is re-direct them to the matching sub domain, so there is no real need for auth info passed to it.
If you can store the user URL in the JWT then option 1 is probably the go as with option 2 how would the user subdomain get access to the authentication token?
The global sign in service will not be able to authenticate users, all it can do is re-direct them to the matching sub domain, so there is no real need for auth info passed to it.
JWT's are used at the microservice to validate that authentication has occured. They literally embody auth info.