How to setting JWT Authentication in KONGA

Question

I want to add a JWT Authentication to my services. I have done the following steps, but JWT Authentication is not working

1. Create a Consumer
2. Insert a JWT secret into Consumer
3. Add a JWT plugin with the Consumer id in Service and Route

However, the message that I get from Postman is Unauthorized. I have no issue if I am using Key-Auth and Basic Auth. Too many website that I have seek and find, but not solve my problem.

I using jwt.io website to generate Token, but I am not sure the information to be fill in the Payload section.

JWT in Service/Route

JWT in Consumer

JWT in Website jwt.io (This is the confusing part, stuck here at Payload)

Postman

Appreciate if anyone can help me out.

• KONGA version: 0.14.3
• Kong version: 1.3.0

Answer 1

Same issue with you, every steps that you did were absolute correct. I also cannot find out the solution somewhere else. But luckily I got the solution after reviewing again all params to enable JWT plugin & create JWT for consumers.

I found this param config.header_names must be inputted as Authorization (remember type Enter after inputting :D).

Although the Kong document (https://docs.konghq.com/hub/kong-inc/jwt/) said that this value is optional and default value is "Authorization" but actually if you left it blank I realized that Kong cannot extract JWT from header.

Answer 2

The key claim name (in your case "iss") must exist in your jwt token and the consumer in kong must be configured to expect that (in "key" field for the respective consumer)

For the token to be valid, the value of "iss" in your token must be equal to the value of "key" that you entered while creating the consumer