Deny access for invalid JWT Tokens but allow anonymous access

Tim_Leuschner · August 12, 2021, 8:34am

Hey there,

I’ve got my Kong Gateway configured with the jwt plugin and anonymous access enabled. I was wondering if it is possible to deny access to Users with an Invalid JWT, that doesn’t match any consumer? Then respond with a 4xx while also allowing anonymous access with the corresponding anonymous-headers set

My use case would be, that any token which the backends receives thru the Gateway are valid tokens. So when the Authorization: Bearer … header is set, we can trust it.

Thanks in advance

fomm · August 14, 2021, 1:30pm

I am sorry I don’t understand what your use case is.

First you mention you want to deny access to users with invalid JWT tokens. Then you mentioned any token which the backends receives are valid tokens.

Can you provide some examples of what you are trying to do?

jwt plugin and anonymous access enabled means when JWT failed to validate token, Kong will consider the request is coming from anonymous user.

Topic		Replies	Views
Kong 1.3.0 and JWT Validation Questions	0	305	September 13, 2019
Best way to implement this flow with KONG? Questions	1	691	May 14, 2019
oAuth2 token validation at the gateway level, Possible?	2	645	March 12, 2019
JWT Plugin and Route Exclusion	0	720	February 5, 2018
How to show invalid credentials or token expired message in case of multiple authentication enabled per api? Questions	0	345	September 24, 2018

Deny access for invalid JWT Tokens but allow anonymous access

Related Topics