Also, I'm trying to understand how authentication works after registration. Is it correct that the downstream cluster get a new JWT that it uses for subsequent communication with the management cluster? Is that the token stored in the

kubeconfig

secret?