Deny access for invalid JWT Tokens but allow anonymous access

Hey there,

I’ve got my Kong Gateway configured with the jwt plugin and anonymous access enabled. I was wondering if it is possible to deny access to Users with an Invalid JWT, that doesn’t match any consumer? Then respond with a 4xx while also allowing anonymous access with the corresponding anonymous-headers set

My use case would be, that any token which the backends receives thru the Gateway are valid tokens. So when the Authorization: Bearer … header is set, we can trust it.

Thanks in advance :slight_smile:

I am sorry I don’t understand what your use case is.

First you mention you want to deny access to users with invalid JWT tokens. Then you mentioned any token which the backends receives are valid tokens.

Can you provide some examples of what you are trying to do?

jwt plugin and anonymous access enabled means when JWT failed to validate token, Kong will consider the request is coming from anonymous user.

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ