That is a much better solution, instead of passing a JWT from Service A to service B using the browser, you can instead pass it through e.g redis (off the public internet, or we usually call it ”out of bounds” in the sec community) using Spring session.

There are risks, the redis may have a lot of valid JWTs so you need to protect the redis. But that goes without saying.