Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@martinheld

martinheld/KongJwt.md

Last active February 21, 2024 14:47
Show Gist options
  • Star 44 You must be signed in to star a gist
  • Fork 22 You must be signed in to fork a gist
  • Save martinheld/5b6591a1abd4c5ef844d6bd4f6eb1879 to your computer and use it in GitHub Desktop.
Save martinheld/5b6591a1abd4c5ef844d6bd4f6eb1879 to your computer and use it in GitHub Desktop.
Download ZIP
Short example to use JWT with Kong
Raw
KongJwt.md

JWT Kong Example

  • Get and Start Kong and Co
git clone git@github.com:Mashape/docker-kong.git
cd docker-kong/compose
docker-compose up
  • Create Kong API Route
curl -X POST http://localhost:8001/apis/ \
   --data "request_path=/skywalkerDemo" \
   --data "upstream_url=https://www.finleap.com" \
   --data "strip_request_path=true"
  • Enable JWT Plugin For Route
curl -X POST http://localhost:8001/apis/skywalkerDemo/plugins \
    --data "name=jwt" \ 
    --data "config.secret_is_base64=true"
  • Create a Kong Consumer
curl -X POST http://localhost:8001/consumers \
   --data "username=bill"
  • Create JWT Credentials for User and Note key and secret from response
curl -H "Content-Type: application/json" -X POST -d '{}' http://localhost:8001/consumers/bill/jwt

Response: {"secret":"b9f813fb8753440eabb1b44f9ba4da2f",
  "id":"33dacbca-ce7d-4305-a213-1ce7b8f7af71",
  "algorithm":"HS256",
  "created_at":1473085487000,
  "key":"cef1fe6937e444a6b18a26965d619718",
  "consumer_id":"67c90d83-636b-4c36-85ac-a14eac54ebe2"}

  • Craft JWT using e.g. http://jwtbuilder.jamiekurtz.com/

    • Issuer (key from above): cef1fe6937e444a6b18a26965d619718
    • Key (secret from above): b9f813fb8753440eabb1b44f9ba4da2f

    Results in JWT: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjZWYxZmU2OTM3ZTQ0NGE2YjE4YTI2OTY1ZDYxOTcxOCIsImlhdCI6bnVsbCwiZXhwIjpudWxsLCJhdWQiOiIiLCJzdWIiOiIifQ.50bnA9d3wjIYIx6m-fzxIHQHfXF6zuJRPMUdk8-4LTU

  • Issue request to API endpoint with JWT im header

curl http://localhost:8000/skywalkerDemo \
    -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjZWYxZmU2OTM3ZTQ0NGE2YjE4YTI2OTY1ZDYxOTcxOCIsImlhdCI6bnVsbCwiZXhwIjpudWxsLCJhdWQiOiIiLCJzdWIiOiIifQ.50bnA9d3wjIYIx6m-fzxIHQHfXF6zuJRPMUdk8-4LTU'
@tavisca-abhaya
Copy link

tavisca-abhaya commented Aug 2, 2021
edited

How do kong JWT plugins get to know which consumer to use?

As there is no refers of no plugin ID/routeID/ServiceID in consumer configuration.

@sempaidev
Copy link

is not dinamic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment