Project Description
I’m setting up centralized authentication on our Kong API gateway and want to enable the built-in JWT plugin. The goal is straightforward: every request to our protected routes should be validated through Kong’s native JWT support, then routed onward to our existing internal microservices once the token checks out.
Here’s the current state and what I need from you:
• Kong is already running in our staging Kubernetes cluster, fronting several REST services.
• No auth is active yet—routes are open.
• I have a list of internal consumer apps that will need their own key pairs or shared secrets.
• Our services already issue JWTs; payload and signing algorithm follow the standard RFC, so we only need Kong configured to recognise and verify them.
Deliverables:
1. Configure the JWT plugin on specified routes/services in Kong (via declarative config or admin API—whichever you prefer).
2. Set up the required consumers, credentials, and public keys/secrets.
3. Demonstrate successful token verification and request forwarding to at least one internal service; unauthenticated calls must be rejected with the expected 401/403.
4. Provide a concise hand-off note or README describing any environment variables, Kong commands, or Kubernetes manifests you touched so my team can replicate the setup across environments.
If you’ve tuned rate-limiting or logging plugins alongside JWT before, that’s a plus, but the immediate focus is getting secure, reliable token validation running.