|
|
|
|
|
|
by prabaths
3166 days ago
|
|
|
It should be signed by the STS - which is trusted by all the downstream microservices. The STS, who validates the access_token, in the response can send back this signed JWT to the gateway. The STS of the access_token and this JWT can be the same or two different ones, based on the use case... |
|
|