Skip to content

Instantly share code, notes, and snippets.

@martinheld

martinheld/KongJwt.md

Last active February 21, 2024 14:47
Show Gist options
  • Star 44 You must be signed in to star a gist
  • Fork 22 You must be signed in to fork a gist
  • Save martinheld/5b6591a1abd4c5ef844d6bd4f6eb1879 to your computer and use it in GitHub Desktop.
Save martinheld/5b6591a1abd4c5ef844d6bd4f6eb1879 to your computer and use it in GitHub Desktop.
Download ZIP
Short example to use JWT with Kong
Raw
KongJwt.md

JWT Kong Example

  • Get and Start Kong and Co
git clone git@github.com:Mashape/docker-kong.git
cd docker-kong/compose
docker-compose up
  • Create Kong API Route
curl -X POST http://localhost:8001/apis/ \
   --data "request_path=/skywalkerDemo" \
   --data "upstream_url=https://www.finleap.com" \
   --data "strip_request_path=true"
  • Enable JWT Plugin For Route
curl -X POST http://localhost:8001/apis/skywalkerDemo/plugins \
    --data "name=jwt" \ 
    --data "config.secret_is_base64=true"
  • Create a Kong Consumer
curl -X POST http://localhost:8001/consumers \
   --data "username=bill"
  • Create JWT Credentials for User and Note key and secret from response
curl -H "Content-Type: application/json" -X POST -d '{}' http://localhost:8001/consumers/bill/jwt

Response: {"secret":"b9f813fb8753440eabb1b44f9ba4da2f",
  "id":"33dacbca-ce7d-4305-a213-1ce7b8f7af71",
  "algorithm":"HS256",
  "created_at":1473085487000,
  "key":"cef1fe6937e444a6b18a26965d619718",
  "consumer_id":"67c90d83-636b-4c36-85ac-a14eac54ebe2"}

  • Craft JWT using e.g. http://jwtbuilder.jamiekurtz.com/

    • Issuer (key from above): cef1fe6937e444a6b18a26965d619718
    • Key (secret from above): b9f813fb8753440eabb1b44f9ba4da2f

    Results in JWT: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjZWYxZmU2OTM3ZTQ0NGE2YjE4YTI2OTY1ZDYxOTcxOCIsImlhdCI6bnVsbCwiZXhwIjpudWxsLCJhdWQiOiIiLCJzdWIiOiIifQ.50bnA9d3wjIYIx6m-fzxIHQHfXF6zuJRPMUdk8-4LTU

  • Issue request to API endpoint with JWT im header

curl http://localhost:8000/skywalkerDemo \
    -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjZWYxZmU2OTM3ZTQ0NGE2YjE4YTI2OTY1ZDYxOTcxOCIsImlhdCI6bnVsbCwiZXhwIjpudWxsLCJhdWQiOiIiLCJzdWIiOiIifQ.50bnA9d3wjIYIx6m-fzxIHQHfXF6zuJRPMUdk8-4LTU'
@pravsjv
Copy link

pravsjv commented Oct 5, 2017

Hi,

I'm getting the following issue while trying to setup
{"message":"No credentials found for given 'iss'"}

Could you please help me with any solution.

@pravsjv
Copy link

pravsjv commented Mar 20, 2018

Fixed this issue. Solution:
Copied the keycloak.json client in the webapp and as well copied the client_secret while generating the token.

@aliabbas-2012
Copy link

I am facing same issue for services and routes. I am not able to solve this issue.Will you help me ?

@code2design
Copy link

@aliabbas-2012 what is the issue your facing? Can you put more details?

@aliabbas-2012
Copy link

{"message":"No credentials found for given 'iss'"}

@jwthomp
Copy link

jwthomp commented Jul 30, 2018

@aliabbas-2012 Make sure that the value that is set in the iss claim is the same name you have given to the jwt credential for it's key you setup for the consumer.

@Kolesar
Copy link

Kolesar commented May 14, 2020

With this, we can very easy cheating browser session.

For example:
I will logged-in with my Browser, take the JWT Bearer token from there, and put in the CURL/Postman to get access.

How can we avoid it, actually?

@tavisca-abhaya
Copy link

tavisca-abhaya commented Aug 2, 2021
edited

How do kong JWT plugins get to know which consumer to use?

As there is no refers of no plugin ID/routeID/ServiceID in consumer configuration.

@sempaidev
Copy link

is not dinamic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment