3
votes

Question on JWT token and the JHipster Spring Cloud Config Service

The documentation (http://jhipster.github.io/microservices-architecture/) is little vague on how / what to copy for JWT tokens.

It says:

the JHipster Spring Config server makes sure that the config/JWT tokens are available and services authenticated. I have deployed the JHipster Config Server, Gaeway and one Microservice with an Entity.

When I try to call through the Gateway a backend microservice/with Entity (to create Author/Book) it tells me Access denied.

I believe once you register your microservice and gateway with the Config Server, the tokens are copied over to the Config Server and it should work without copying any tokens around.

Any idea how this is supposed to work?.

1

1 Answers

1
votes

You should share the key by copying it into the registry's environment repository as jhipster.security.authentication.jwt.secret property in global application-dev.yml and application-prod.yml. Use different keys for prod and dev.

These shared yml files are the ones in your native environment repository (by default jhipster-registry/central-config) or git-based environment repository not in the src/main/resources/config folder of the registry itself.

jhipster:
    security:
        authentication:
            jwt:
                secret: "***********************"