since the metadata services uses the reva jwt token, accounts service should do too

accounts/pkg/config/config.go

@@ -56,7 +56,6 @@ type Disk struct {
 // CS3 is the cs3 implementation of the storage.
 type CS3 struct {
 	ProviderAddr string `ocisConfig:"provider_addr" env:"ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR"`
-	JWTSecret    string `ocisConfig:"jwt_secret" env:"ACCOUNTS_STORAGE_CS3_JWT_SECRET"`
 }
 
 // ServiceUser defines the user required for EOS.

accounts/pkg/config/defaultconfig.go

@@ -46,7 +46,6 @@ func DefaultConfig() *Config {
 			},
 			CS3: CS3{
 				ProviderAddr: "localhost:9215",
-				JWTSecret:    "Pive-Fumkiu4",
 			},
 		},
 		Index: Index{

accounts/pkg/service/v0/service.go

@@ -136,7 +136,7 @@ func configFromSvc(cfg *config.Config) (*idxcfg.Config, error) {
 			Backend: cfg.Repo.Backend,
 			CS3: idxcfg.CS3{
 				ProviderAddr: cfg.Repo.CS3.ProviderAddr,
-				JWTSecret:    cfg.Repo.CS3.JWTSecret,
+				JWTSecret:    cfg.TokenManager.JWTSecret,
 			},
 		}
 	default:

changelog/unreleased/fix-accounts-metadata-jwt-token.md

@@ -0,0 +1,8 @@
+Bugfix: use same jwt secret for accounts as for metadata storage
+
+We've the metadata storage uses the same jwt secret as all other REVA services.
+Therefore the accounts service needs to use the same secret.
+
+Secrets are documented here: https://owncloud.dev/ocis/deployment/#change-default-secrets
+
+https://github.com/owncloud/ocis/pull/3081