Enable JWT plugin for specific endpoint only

Kong Version: 0.11.4

I’m looking to enable the JWT plugin for a specific endpoint exclusively, and it’s not hugely obvious to me how to go about doing that!

The use case is that a service A has a cookie containing a JWT string, if service A calls a specific endpoint on service B then the cookie should be added as a header.

More specifically, there are two cookies with different names - one should be transformed to a header with name A; the second should be transformed to a header with name B.

1 Like

I got it working.

The trick is to enable the JWT plugin only on the route level(and not globally or at the service level).

You create a route that would match any request(i.e. only specifying one path with the common prefix for your api’s endpoints), and configure the jwt plugin for that route specifically. Then you create other routes that match specific endpoints you want to expose publicly. If you use only paths for matching routes, the longest prefix wins, so routes matching specific endpoints will win over the generic/default route(e.g. /myservice/public > /myservice). The jwt plugin won’t be called for requests matching those routes, since it’s not configured. Requests for any other endpoints would match the generic route, on which the jwt plugin is enabled, so they will be authenticated.

1 Like