I'm doing a microservice project usign JHipster, i'm using Consul for Service Discovery and JWT for authentication, but here's my question:
For other clients to access my microservices, they need to authenticate by passing a JSON with the credentials via POST to the gateway and finally get de id_token. But how the gateway authenticate within the services? The gateway do something similar to what we did when there's external client? Or there's something to do with de Service Discovery?
I found this in the application-dev.yml:
security:
authentication:
jwt:
secret: my-secret-token-to-change-in-production
My guess is that the both microservice and the gateway share a common secret key, but i didn't found this key, only this section on the yml.
You found it, the secret key is used by the gateway to sign the token when it generates it, same key is used by microservices to verify signature. The gateway is a Zuul proxy that passes the authentication header to proxified microservices.
This property in Consul is available to all these apps through a local Consul agent at port 8500, see Spring Cloud Consul.