The Kong Gateway JWT plugin is an API gateway authentication strategy. The plugin serves as the JWT authorizer. It authenticates the JWT in the HTTP request by verifying that token’s claims and ensuring a trusted party signed it. Then, depending on whether these steps were successful, Kong Gateway routes the upstream service request.

• Create a kong.conf.default file in the root dir

• Paste these lines inside the file (This is because its DB-less mode)

  database = off
  declarative_config = /path/to/kong.yml
  

• Run this cmd in the terminal

  sudo cp kong.conf.default /etc/kong/kong.conf
  

• Set your username and secret code in kong.yml file.

sudo kong start

To restart

sudo kong restart

GET request to the admin API’s endpoint /consumers/CONSUMER-USERNAME/jwt. This gives info about this consumer’s JWT credential:

Using these values and generated jwt

Using this generate jwt in bearer token, jwt validated

Additional values to upstream headers in the console

Errors when secret code and kid are wrong and exp time is in the past:

rendered with ♥ by Sakshi Choudhary.