JWT Token
Spring Cloud

Securely Propagating JWT Tokens in Microservice Architectures with Spring Cloud

by: Jerrish Varghese

December 13, 2023


In modern microservice architectures, ensuring secure communication between services is a critical concern. This often involves the propagation of JWT (JSON Web Token) tokens for authentication and authorization purposes. Today, we'll dive into a specific scenario: a user management service (UserService) needs to fetch data from a profile management service (ProfileService), using JWT for secure communication.

The Challenge

Our UserService needs to authenticate itself when it requests data from ProfileService. Both services are part of the same ecosystem and rely on JWT tokens for secure API calls. The challenge here is twofold:

  • Propagation: Ensuring the JWT token is securely passed from UserService to ProfileService.
  • Thread Context: Guaranteeing that the token remains accessible across different threads, especially in asynchronous operations or when using Feign clients for HTTP requests.

Implementing JWT Token Propagation

Let's break down the solution into actionable steps, using Spring Cloud and Feign clients for simplicity and efficiency.

Step 1: Setting Up the Feign Client

We define a Feign client in UserService to communicate with ProfileService. This client abstracts the HTTP request needed to fetch profile information.

@FeignClient(name = "profileServiceClient", url = "https://profile-service")
public interface ProfileServiceClient {
    ProfileData fetchProfileData(@PathVariable("userId") String userId);

Step 2: Creating the Request Interceptor for JWT Propagation

To ensure the JWT token is included in every request made by the Feign client, we implement a RequestInterceptor. This interceptor extracts the JWT token from the security context of UserService and adds it to the HTTP request headers.

public class JwtTokenPropagator implements RequestInterceptor {

    public void apply(RequestTemplate template) {
        // Retrieve the JWT token from the SecurityContextHolder
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.getCredentials() instanceof String) {
            String jwtToken = (String) authentication.getCredentials();
            template.header("Authorization", "Bearer " + jwtToken);

This interceptor is automatically applied to all outgoing HTTP requests made by Feign clients in the UserService, attaching the JWT token for authentication.

Step 3: Configuring Asynchronous Behavior

Spring Cloud and Feign inherently support asynchronous operations. When dealing with asynchronous method calls, it's crucial to ensure that the SecurityContextHolder's context (and thus the JWT token) is correctly propagated to any threads handling these calls. Spring's @Async support does propagate security context, but when using threads directly or with complex asynchronous operations, you may need to manually propagate SecurityContext using DelegatingSecurityContextRunnable or DelegatingSecurityContextCallable.

Security Best Practices

While this approach facilitates secure service-to-service communication within a microservice architecture, consider the following best practices:

  • Token Validation: ProfileService must validate the JWT token in every request, ensuring it's coming from an authenticated source.
  • HTTPS: Use HTTPS for service-to-service communication to prevent token interception.
  • Token Management: Implement robust token management, including expiration, renewal, and revocation strategies.


Propagating JWT tokens between services in a microservice architecture is a key aspect of securing service-to-service communication. By leveraging Spring Cloud's Feign clients and a custom RequestInterceptor, we can ensure that our services authenticate their requests seamlessly. This setup not only enhances security but also maintains the cleanliness and maintainability of our codebase, enabling our microservices to communicate securely and efficiently.

contact us

Get started now

Get a quote for your project.


Edstem Technologies LLC
254 Chapman Rd, Ste 208 #14734
Newark, Delaware 19702 US


Edstem Technologies Pvt Ltd
Office No-2B-1, Second Floor
Jyothirmaya, Infopark Phase II
Ernakulam, Kerala 682303

© 2024 — Edstem All Rights Reserved

Privacy PolicyTerms of Use