thanks for your comment. Actually also I am working on security topics, what I am planning is implement a identity server and for FE application apply OpenID Connect authentication for public users and also try to put Authorization flow jwt security over the ocelot on three microservices. lets see :)