I generated two jhipster applications: microservice gateway and microservice application choosing to secure it with JWT. The authorization works as excepted meaning that when I log in as a user with microservice gateway it sends an authentication token and using this token I can issue a direct request to microservice application in order to access protected resources.
The question is how the microservice application correctly validates JWT token even though the jhipster.security.authentication.jwt.base64-secret keys are different in the generated applications?
JWT secrets might be different in the application.yml files of each application but it does not matter because in fact the application properties (including JWT secret) are obtained from central configuration: the JHipster registry because it's a Spring Cloud Config Server.
See JHipster Registry doc and also Spring Cloud Config Server doc for further details.