diff --git a/deployments/k8s/flight.yml b/deployments/k8s/flight.yml
index 1678352..2722cf5 100644
--- a/deployments/k8s/flight.yml
+++ b/deployments/k8s/flight.yml
@@ -15,7 +15,7 @@ spec:
         app: flight
     spec:
       containers:
-        - image: meysamh66/booking-microservices-flight:v1.6.1
+        - image: meysamh66/booking-microservices-flight:v1.6.3
           name: flight
           ports:
             - containerPort: 80
@@ -39,7 +39,7 @@ spec:
           - name: "MongoOptions__DatabaseName"
             value: "flight-db"
           - name: "Jwt__Authority"
-            value: "http://127.0.0.1:10679"
+            value: "http://10.0.75.1:13926/"
           - name: "Jwt__Audience"
             value: "flight-api"
           - name: "Jwt__RequireHttpsMetadata"
diff --git a/deployments/k8s/identity.yml b/deployments/k8s/identity.yml
index 4abab07..f36f0d4 100644
--- a/deployments/k8s/identity.yml
+++ b/deployments/k8s/identity.yml
@@ -15,7 +15,7 @@ spec:
         app: identity
     spec:
       containers:
-        - image: meysamh66/booking-microservices-identity:v1.6.1
+        - image: meysamh66/booking-microservices-identity:v1.6.3
           name: identity
           ports:
             - containerPort: 80
diff --git a/src/BuildingBlocks/Jwt/JwtExtensions.cs b/src/BuildingBlocks/Jwt/JwtExtensions.cs
index c970b5c..127fd9b 100644
--- a/src/BuildingBlocks/Jwt/JwtExtensions.cs
+++ b/src/BuildingBlocks/Jwt/JwtExtensions.cs
@@ -4,6 +4,7 @@ using Microsoft.Extensions.DependencyInjection;
 
 namespace BuildingBlocks.Jwt;
 
+using Duende.IdentityServer.EntityFramework.Entities;
 
 public static class JwtExtensions
 {
@@ -11,8 +12,6 @@ public static class JwtExtensions
     {
         var jwtOptions = services.GetOptions<JwtBearerOptions>("Jwt");
 
-        services.AddAuthorization();
-
         services.AddAuthentication(o => {
                 o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                 o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -21,26 +20,21 @@ public static class JwtExtensions
             .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
             {
                 options.Authority = jwtOptions.Authority;
-                options.Audience = jwtOptions.Audience;
                 options.TokenValidationParameters.ValidateAudience = false;
-                options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
                 options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
-                options.BackchannelHttpHandler = new HttpClientHandler()
-                {
-                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
-                };
+                options.MetadataAddress= jwtOptions.MetadataAddress;
             });
 
-        // if (!string.IsNullOrEmpty(jwtOptions.Audience))
-        // {
-        //     services.AddAuthorization(options =>
-        //         options.AddPolicy(nameof(ApiScope), policy =>
-        //         {
-        //             policy.RequireAuthenticatedUser();
-        //             policy.RequireClaim("scope", jwtOptions.Audience);
-        //         })
-        //     );
-        // }
+        if (!string.IsNullOrEmpty(jwtOptions.Audience))
+        {
+            services.AddAuthorization(options =>
+                options.AddPolicy(nameof(ApiScope), policy =>
+                {
+                    policy.RequireAuthenticatedUser();
+                    policy.RequireClaim("scope", jwtOptions.Audience);
+                })
+            );
+        }
 
         return services;
     }
diff --git a/src/Services/Flight/src/Flight.Api/appsettings.json b/src/Services/Flight/src/Flight.Api/appsettings.json
index 64d0cf2..0e00d18 100644
--- a/src/Services/Flight/src/Flight.Api/appsettings.json
+++ b/src/Services/Flight/src/Flight.Api/appsettings.json
@@ -31,7 +31,8 @@
   "Jwt": {
     "Authority": "https://localhost:5005",
     "Audience": "flight-api",
-    "RequireHttpsMetadata": false
+    "RequireHttpsMetadata": true,
+    "MetadataAddress": "https://localhost:5005/.well-known/openid-configuration"
   },
   "RabbitMqOptions": {
     "HostName": "localhost",
diff --git a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
index 492a3ed..495f955 100644
--- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
+++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
@@ -38,7 +38,7 @@ public static class IdentityServerExtensions
             .AddResourceOwnerValidator<UserValidator>();
 
         //ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
-        // identityServerBuilder.AddDeveloperSigningCredential();
+        identityServerBuilder.AddDeveloperSigningCredential();
 
         return services;
     }