Kong Upstream JWT: Enable JWT in headers - Plugin

Enable JWT in headers

Enable the Kong Upstream JWT plugin to add a signed JWT into the HTTP Header JWT of requests proxied through Kong Gateway.

Prerequisites

The Kong Upstream JWT plugin is installed.
Set public and private keys in kong.conf and in nginx.conf

Set up the plugin

Make the following request:

curl -i -X POST http://localhost:8001/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "kong-upstream-jwt"
    }
    '

echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
  name: kong-upstream-jwt
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
  labels:
    global: 'true'
plugin: kong-upstream-jwt
" | kubectl apply -f -

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_kong_upstream_jwt" "my_kong_upstream_jwt" {
  enabled = true

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}

Add this section to your declarative configuration file:

_format_version: "3.0"
plugins:
  - name: kong-upstream-jwt
    service: serviceName|Id

Make sure to replace the following placeholders with your own values:

serviceName|Id: The id or name of the service the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "kong-upstream-jwt"
    }
    '

Make sure to replace the following placeholders with your own values:

serviceName|Id: The id or name of the service the plugin configuration will target.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: kong-upstream-jwt
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
plugin: kong-upstream-jwt
" | kubectl apply -f -

Next, apply the KongPlugin resource by annotating the service resource:

kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=kong-upstream-jwt

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_kong_upstream_jwt" "my_kong_upstream_jwt" {
  enabled = true

  

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  service = {
    id = konnect_gateway_service.my_service.id
  }
}

Add this section to your declarative configuration file:

_format_version: "3.0"
plugins:
  - name: kong-upstream-jwt
    route: routeName|Id

Make sure to replace the following placeholders with your own values:

routeName|Id: The id or name of the route the plugin configuration will target.

Make the following request:

curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "kong-upstream-jwt"
    }
    '

Make sure to replace the following placeholders with your own values:

routeName|Id: The id or name of the route the plugin configuration will target.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: kong-upstream-jwt
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
plugin: kong-upstream-jwt
" | kubectl apply -f -

Next, apply the KongPlugin resource by annotating the httproute or ingress resource:

kubectl annotate -n kong httproute  konghq.com/plugins=kong-upstream-jwt

kubectl annotate -n kong ingress  konghq.com/plugins=kong-upstream-jwt

Prerequisite: Configure your Personal Access Token

terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
    }
  }
}

provider "konnect" {
  personal_access_token = "$KONNECT_TOKEN"
  server_url            = "https://us.api.konghq.com/"
}

Add the following to your Terraform configuration to create a Konnect Gateway Plugin:

resource "konnect_gateway_plugin_kong_upstream_jwt" "my_kong_upstream_jwt" {
  enabled = true

  

  control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
  route = {
    id = konnect_gateway_route.my_route.id
  }
}

Kong Upstream JWT

Enable JWT in headers

Prerequisites

Set up the plugin

Help us make these docs great!

Still need help