I’m trying to implement authentication & authorization of users between my microservices and API Gateway.What I have now:

1. API Gateway which can request to any microservice.
2. User microservice – where I’m storing all users. laravel/passport implemented to authenticate user in this microservice. Works as it should be, login route returns token which I’m using to authenticate user in this microservice.
3. Other 5 microservices without any authentication or authorization.

Question is: what is the right way to use authentication & authorization with microservices? I know that I should authenticate users in my API Gateway and authorization will happen inside microservices. But how authorization in other microservices happening if they don’t know anything about users?
I’m planning to use somehow JWT token with information about user roles but haven’t found yet how to put that information into token