Hello,
We are using the community edition with a hybrid approach (multi-cluster with a single database). We have configured a service with JWT enabled, and our backend services expect a custom header like --header ‘profile-token: sec token’ instead of “Authorization: Bearer sec token.” When we call the backend service using the valid JWT token, it somehow does not authenticate access(got unauthorized). Further investigation shows that the custom header is being removed by Kong before reaching the backend service. I have added a request-transformer to add the header back before calling the backend service; however, for some reason, I have not been able to achieve success. If anyone has faced this issue or has suggestions, they would be much appreciated.
I was able to access the service directly, bypassing Kong, with the same token successfully. I also have another service that uses the “Authorization : Bearer sec token” and works fine, so I assume the configuration looks good. It is just this one service with the custom header that is giving us trouble.