We have developed one web site(www.lightman.com) with Web API and to protect our API we developed IdentityServer4 app to provide access_token just to authorize the API request. When ever Client request the API , we just add JWT "access_token" in request header and everything looks good.
Now we deploy our apps in 3 different server including IdentityServer. but not sure how to handle the JWT "access_token" across all 3 servers since we are not sure which server provide the token and which server the API call will go for Authorization .
Please guide on this scenario
Thanks in Advance
You need to create a signing key using [AddSigningCredential], this key will be shared between all instances you deployed:
services.AddIdentityServer(...).AddSigningCredential(new X509Certificate2(bytes, "password")
Read more on deployment docs