I don't understand. At 38:20 speaker says : "To get the public key that's used to sign my token". Don't we usually sign with a private key and validate signature with a public key? Also this public key is supposed to be deposit on the microsec-order-service running on port 8085 (see : 33:39) But the speaker finds it on port 8080 (see 38:45). I'm lost. Can anyone explain please?
Do not ever use JWT, ever period ever. It's an utterly pointless mechanism which is either utterly insecure or it's just a session identifier wrapped in a butload of crap that isn't needed nor does it provide any security.