I’ve got my Kong Gateway configured with the jwt plugin and anonymous access enabled. I was wondering if it is possible to deny access to Users with an Invalid JWT, that doesn’t match any consumer? Then respond with a 4xx while also allowing anonymous access with the corresponding anonymous-headers set
My use case would be, that any token which the backends receives thru the Gateway are valid tokens. So when the Authorization: Bearer … header is set, we can trust it.
Thanks in advance