Here is example with DB:
- Create Consumer
$ http put :8001/consumers/apiUser
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 119
Content-Type: application/json; charset=utf-8
Date: Tue, 09 Jun 2020 10:49:50 GMT
Server: kong/2.0.4
X-Kong-Admin-Latency: 261
{
"created_at": 1591699790,
"custom_id": null,
"id": "6ad39431-9f2f-4f49-9624-6c8c4ea36af2",
"tags": null,
"username": "apiUser"
}
- Create JWT for Consumer:
$ http post :8001/consumers/apiUser/jwt algorithm=RS256 key=https://farrellsoft.auth0.com/ rsa_public_key@a.pem -f
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 728
Content-Type: application/json; charset=utf-8
Date: Tue, 09 Jun 2020 10:55:42 GMT
Server: kong/2.0.4
X-Kong-Admin-Latency: 13
{
"algorithm": "RS256",
"consumer": {
"id": "6ad39431-9f2f-4f49-9624-6c8c4ea36af2"
},
"created_at": 1591700142,
"id": "bb74037e-3919-4224-bb2b-c971173304a8",
"key": "https://farrellsoft.auth0.com/",
"rsa_public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PYgeiVyURLhqAkkUOfL\nroY281upGVWgBTZKZu6rIMPCiyzuZU8Rnlc1k+cHkbov0uRZIVmwrhMLTr6E9ZwD\nF2S2CY/K9yo7ZfSc1nc2uHYHJWkPBDKzjwPhkMhBKZ5hS1PXWQpgLdgDo4OrnscS\nfWTE1V82Mxv43LF4z32XiVtc5+vR59srgScQRXxQ4ghe35oCEtzr72LN08ypVKFm\nN5aARF1ifBUuom8SiyWJoL8cNfMre0wWNG23M2QC1fUtHPuob6K+Wnwyd//Re0n3\nAqyHfN71b+/pV5xDTde005nl08WU2g64D6LosH9TGk0hBNsj1u3mZNAPGdcVHY8J\nNQIDAQAB\n-----END PUBLIC KEY-----\n",
"secret": "w0R5MVu5yRo7OyggrDBqh74LZDXbsi0O",
"tags": null
}
- Create Service:
$ http put :8001/services/bin url=http://bin.test/anything
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 289
Content-Type: application/json; charset=utf-8
Date: Tue, 09 Jun 2020 10:56:18 GMT
Server: kong/2.0.4
X-Kong-Admin-Latency: 4
{
"client_certificate": null,
"connect_timeout": 60000,
"created_at": 1591700178,
"host": "bin.test",
"id": "69f7ca9b-4f83-442c-bc15-8a59c2e882d3",
"name": "bin",
"path": "/anything",
"port": 80,
"protocol": "http",
"read_timeout": 60000,
"retries": 5,
"tags": null,
"updated_at": 1591700178,
"write_timeout": 60000
}
- Create Route:
$ http put :8001/services/bin/routes/bin paths=/ -f
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 421
Content-Type: application/json; charset=utf-8
Date: Tue, 09 Jun 2020 10:56:41 GMT
Server: kong/2.0.4
X-Kong-Admin-Latency: 5
{
"created_at": 1591700201,
"destinations": null,
"headers": null,
"hosts": null,
"https_redirect_status_code": 426,
"id": "8f5f179d-b57d-4f6f-afcb-b22e5862e620",
"methods": null,
"name": "bin",
"path_handling": "v0",
"paths": [
"/"
],
"preserve_host": false,
"protocols": [
"http",
"https"
],
"regex_priority": 0,
"service": {
"id": "69f7ca9b-4f83-442c-bc15-8a59c2e882d3"
},
"snis": null,
"sources": null,
"strip_path": true,
"tags": null,
"updated_at": 1591700201
}
- Apply JWT Plugin to Service
$ http post :8001/services/bin/plugins name=jwt -f
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 462
Content-Type: application/json; charset=utf-8
Date: Tue, 09 Jun 2020 10:57:11 GMT
Server: kong/2.0.4
X-Kong-Admin-Latency: 5
{
"config": {
"anonymous": null,
"claims_to_verify": null,
"cookie_names": [],
"header_names": [
"authorization"
],
"key_claim_name": "iss",
"maximum_expiration": 0,
"run_on_preflight": true,
"secret_is_base64": false,
"uri_param_names": [
"jwt"
]
},
"consumer": null,
"created_at": 1591700231,
"enabled": true,
"id": "b6014f1d-04e3-4f61-973a-073da7bc3ece",
"name": "jwt",
"protocols": [
"grpc",
"grpcs",
"http",
"https"
],
"route": null,
"service": {
"id": "69f7ca9b-4f83-442c-bc15-8a59c2e882d3"
},
"tags": null
}
- Call without Token
$ http :8000
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Length: 26
Content-Type: application/json; charset=utf-8
Date: Tue, 09 Jun 2020 10:57:15 GMT
Server: kong/2.0.4
X-Kong-Response-Latency: 1
{
"message": "Unauthorized"
}
- Call with Token that you provided:
$ http :8000 Authorization:"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlFrVXdOREl4UmpsR1JEYzNSalU1UVVaRE9UVkRSalUyTURJek9FTkdNRFJCTlRBeVJFUkNOUSJ9.eyJpc3MiOiJodHRwczovL2ZhcnJlbGxzb2Z0LmF1dGgwLmNvbS8iLCJzdWIiOiJsQ1A3dHYzZDZ2cHJJbTBmcW5zOURpOWVwNmI1Z3A5YkBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9mYXJyZWxsc29mdC5hdXRoMC5jb20vYXBpL3YyLyIsImlhdCI6MTU5MTY1NjA2NiwiZXhwIjoxNTkxNzQyNDY2LCJhenAiOiJsQ1A3dHYzZDZ2cHJJbTBmcW5zOURpOWVwNmI1Z3A5YiIsInNjb3BlIjoicmVhZDpjbGllbnRfZ3JhbnRzIGNyZWF0ZTpjbGllbnRfZ3JhbnRzIGRlbGV0ZTpjbGllbnRfZ3JhbnRzIHVwZGF0ZTpjbGllbnRfZ3JhbnRzIHJlYWQ6dXNlcnMgdXBkYXRlOnVzZXJzIGRlbGV0ZTp1c2VycyBjcmVhdGU6dXNlcnMgcmVhZDp1c2Vyc19hcHBfbWV0YWRhdGEgdXBkYXRlOnVzZXJzX2FwcF9tZXRhZGF0YSBkZWxldGU6dXNlcnNfYXBwX21ldGFkYXRhIGNyZWF0ZTp1c2Vyc19hcHBfbWV0YWRhdGEgcmVhZDp1c2VyX2N1c3RvbV9ibG9ja3MgY3JlYXRlOnVzZXJfY3VzdG9tX2Jsb2NrcyBkZWxldGU6dXNlcl9jdXN0b21fYmxvY2tzIGNyZWF0ZTp1c2VyX3RpY2tldHMgcmVhZDpjbGllbnRzIHVwZGF0ZTpjbGllbnRzIGRlbGV0ZTpjbGllbnRzIGNyZWF0ZTpjbGllbnRzIHJlYWQ6Y2xpZW50X2tleXMgdXBkYXRlOmNsaWVudF9rZXlzIGRlbGV0ZTpjbGllbnRfa2V5cyBjcmVhdGU6Y2xpZW50X2tleXMgcmVhZDpjb25uZWN0aW9ucyB1cGRhdGU6Y29ubmVjdGlvbnMgZGVsZXRlOmNvbm5lY3Rpb25zIGNyZWF0ZTpjb25uZWN0aW9ucyByZWFkOnJlc291cmNlX3NlcnZlcnMgdXBkYXRlOnJlc291cmNlX3NlcnZlcnMgZGVsZXRlOnJlc291cmNlX3NlcnZlcnMgY3JlYXRlOnJlc291cmNlX3NlcnZlcnMgcmVhZDpkZXZpY2VfY3JlZGVudGlhbHMgdXBkYXRlOmRldmljZV9jcmVkZW50aWFscyBkZWxldGU6ZGV2aWNlX2NyZWRlbnRpYWxzIGNyZWF0ZTpkZXZpY2VfY3JlZGVudGlhbHMgcmVhZDpydWxlcyB1cGRhdGU6cnVsZXMgZGVsZXRlOnJ1bGVzIGNyZWF0ZTpydWxlcyByZWFkOnJ1bGVzX2NvbmZpZ3MgdXBkYXRlOnJ1bGVzX2NvbmZpZ3MgZGVsZXRlOnJ1bGVzX2NvbmZpZ3MgcmVhZDpob29rcyB1cGRhdGU6aG9va3MgZGVsZXRlOmhvb2tzIGNyZWF0ZTpob29rcyByZWFkOmFjdGlvbnMgdXBkYXRlOmFjdGlvbnMgZGVsZXRlOmFjdGlvbnMgY3JlYXRlOmFjdGlvbnMgcmVhZDplbWFpbF9wcm92aWRlciB1cGRhdGU6ZW1haWxfcHJvdmlkZXIgZGVsZXRlOmVtYWlsX3Byb3ZpZGVyIGNyZWF0ZTplbWFpbF9wcm92aWRlciBibGFja2xpc3Q6dG9rZW5zIHJlYWQ6c3RhdHMgcmVhZDp0ZW5hbnRfc2V0dGluZ3MgdXBkYXRlOnRlbmFudF9zZXR0aW5ncyByZWFkOmxvZ3MgcmVhZDpzaGllbGRzIGNyZWF0ZTpzaGllbGRzIHVwZGF0ZTpzaGllbGRzIGRlbGV0ZTpzaGllbGRzIHJlYWQ6YW5vbWFseV9ibG9ja3MgZGVsZXRlOmFub21hbHlfYmxvY2tzIHVwZGF0ZTp0cmlnZ2VycyByZWFkOnRyaWdnZXJzIHJlYWQ6Z3JhbnRzIGRlbGV0ZTpncmFudHMgcmVhZDpndWFyZGlhbl9mYWN0b3JzIHVwZGF0ZTpndWFyZGlhbl9mYWN0b3JzIHJlYWQ6Z3VhcmRpYW5fZW5yb2xsbWVudHMgZGVsZXRlOmd1YXJkaWFuX2Vucm9sbG1lbnRzIGNyZWF0ZTpndWFyZGlhbl9lbnJvbGxtZW50X3RpY2tldHMgcmVhZDp1c2VyX2lkcF90b2tlbnMgY3JlYXRlOnBhc3N3b3Jkc19jaGVja2luZ19qb2IgZGVsZXRlOnBhc3N3b3Jkc19jaGVja2luZ19qb2IgcmVhZDpjdXN0b21fZG9tYWlucyBkZWxldGU6Y3VzdG9tX2RvbWFpbnMgY3JlYXRlOmN1c3RvbV9kb21haW5zIHVwZGF0ZTpjdXN0b21fZG9tYWlucyByZWFkOmVtYWlsX3RlbXBsYXRlcyBjcmVhdGU6ZW1haWxfdGVtcGxhdGVzIHVwZGF0ZTplbWFpbF90ZW1wbGF0ZXMgcmVhZDptZmFfcG9saWNpZXMgdXBkYXRlOm1mYV9wb2xpY2llcyByZWFkOnJvbGVzIGNyZWF0ZTpyb2xlcyBkZWxldGU6cm9sZXMgdXBkYXRlOnJvbGVzIHJlYWQ6cHJvbXB0cyB1cGRhdGU6cHJvbXB0cyByZWFkOmJyYW5kaW5nIHVwZGF0ZTpicmFuZGluZyBkZWxldGU6YnJhbmRpbmcgcmVhZDpsb2dfc3RyZWFtcyBjcmVhdGU6bG9nX3N0cmVhbXMgZGVsZXRlOmxvZ19zdHJlYW1zIHVwZGF0ZTpsb2dfc3RyZWFtcyBjcmVhdGU6c2lnbmluZ19rZXlzIHJlYWQ6c2lnbmluZ19rZXlzIHVwZGF0ZTpzaWduaW5nX2tleXMgcmVhZDpsaW1pdHMgdXBkYXRlOmxpbWl0cyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyJ9.A8BWCihsazeHasnD2KeP8YNO08uwhjZzo2yxvGLH1CGS9VymjtroGAM4ZFo4XELjZnobK6WzplGiYDUZz9H1m8A5jRWOfPbixXOG69pLUYka5NZR153F-EmqrXQ81vM25kEPsyHLJBqadvaDow-XOAN_t8KbTuetjP0e7ya8C8JY30uLWgYrQODwhQK03qu0P9hkutknVvKIzQChKL8l0b-pThJMu65-6b5yUr57giVITXtljshXFiUsYTRTsi_6Sgun70RyTTYmpx7DgjWif_mlra2bpSpHnJFVT8gSPkj2bntwiq3KzFicP4yld4OqD0Rc0DnknFRr3emINud4-Q"
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 3990
Content-Type: application/json
Date: Tue, 09 Jun 2020 10:57:39 GMT
Server: gunicorn/19.9.0
Via: kong/2.0.4
X-Kong-Proxy-Latency: 15
X-Kong-Upstream-Latency: 7
{
"args": {},
"data": "",
"files": {},
"form": {},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip, deflate",
"Authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlFrVXdOREl4UmpsR1JEYzNSalU1UVVaRE9UVkRSalUyTURJek9FTkdNRFJCTlRBeVJFUkNOUSJ9.eyJpc3MiOiJodHRwczovL2ZhcnJlbGxzb2Z0LmF1dGgwLmNvbS8iLCJzdWIiOiJsQ1A3dHYzZDZ2cHJJbTBmcW5zOURpOWVwNmI1Z3A5YkBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9mYXJyZWxsc29mdC5hdXRoMC5jb20vYXBpL3YyLyIsImlhdCI6MTU5MTY1NjA2NiwiZXhwIjoxNTkxNzQyNDY2LCJhenAiOiJsQ1A3dHYzZDZ2cHJJbTBmcW5zOURpOWVwNmI1Z3A5YiIsInNjb3BlIjoicmVhZDpjbGllbnRfZ3JhbnRzIGNyZWF0ZTpjbGllbnRfZ3JhbnRzIGRlbGV0ZTpjbGllbnRfZ3JhbnRzIHVwZGF0ZTpjbGllbnRfZ3JhbnRzIHJlYWQ6dXNlcnMgdXBkYXRlOnVzZXJzIGRlbGV0ZTp1c2VycyBjcmVhdGU6dXNlcnMgcmVhZDp1c2Vyc19hcHBfbWV0YWRhdGEgdXBkYXRlOnVzZXJzX2FwcF9tZXRhZGF0YSBkZWxldGU6dXNlcnNfYXBwX21ldGFkYXRhIGNyZWF0ZTp1c2Vyc19hcHBfbWV0YWRhdGEgcmVhZDp1c2VyX2N1c3RvbV9ibG9ja3MgY3JlYXRlOnVzZXJfY3VzdG9tX2Jsb2NrcyBkZWxldGU6dXNlcl9jdXN0b21fYmxvY2tzIGNyZWF0ZTp1c2VyX3RpY2tldHMgcmVhZDpjbGllbnRzIHVwZGF0ZTpjbGllbnRzIGRlbGV0ZTpjbGllbnRzIGNyZWF0ZTpjbGllbnRzIHJlYWQ6Y2xpZW50X2tleXMgdXBkYXRlOmNsaWVudF9rZXlzIGRlbGV0ZTpjbGllbnRfa2V5cyBjcmVhdGU6Y2xpZW50X2tleXMgcmVhZDpjb25uZWN0aW9ucyB1cGRhdGU6Y29ubmVjdGlvbnMgZGVsZXRlOmNvbm5lY3Rpb25zIGNyZWF0ZTpjb25uZWN0aW9ucyByZWFkOnJlc291cmNlX3NlcnZlcnMgdXBkYXRlOnJlc291cmNlX3NlcnZlcnMgZGVsZXRlOnJlc291cmNlX3NlcnZlcnMgY3JlYXRlOnJlc291cmNlX3NlcnZlcnMgcmVhZDpkZXZpY2VfY3JlZGVudGlhbHMgdXBkYXRlOmRldmljZV9jcmVkZW50aWFscyBkZWxldGU6ZGV2aWNlX2NyZWRlbnRpYWxzIGNyZWF0ZTpkZXZpY2VfY3JlZGVudGlhbHMgcmVhZDpydWxlcyB1cGRhdGU6cnVsZXMgZGVsZXRlOnJ1bGVzIGNyZWF0ZTpydWxlcyByZWFkOnJ1bGVzX2NvbmZpZ3MgdXBkYXRlOnJ1bGVzX2NvbmZpZ3MgZGVsZXRlOnJ1bGVzX2NvbmZpZ3MgcmVhZDpob29rcyB1cGRhdGU6aG9va3MgZGVsZXRlOmhvb2tzIGNyZWF0ZTpob29rcyByZWFkOmFjdGlvbnMgdXBkYXRlOmFjdGlvbnMgZGVsZXRlOmFjdGlvbnMgY3JlYXRlOmFjdGlvbnMgcmVhZDplbWFpbF9wcm92aWRlciB1cGRhdGU6ZW1haWxfcHJvdmlkZXIgZGVsZXRlOmVtYWlsX3Byb3ZpZGVyIGNyZWF0ZTplbWFpbF9wcm92aWRlciBibGFja2xpc3Q6dG9rZW5zIHJlYWQ6c3RhdHMgcmVhZDp0ZW5hbnRfc2V0dGluZ3MgdXBkYXRlOnRlbmFudF9zZXR0aW5ncyByZWFkOmxvZ3MgcmVhZDpzaGllbGRzIGNyZWF0ZTpzaGllbGRzIHVwZGF0ZTpzaGllbGRzIGRlbGV0ZTpzaGllbGRzIHJlYWQ6YW5vbWFseV9ibG9ja3MgZGVsZXRlOmFub21hbHlfYmxvY2tzIHVwZGF0ZTp0cmlnZ2VycyByZWFkOnRyaWdnZXJzIHJlYWQ6Z3JhbnRzIGRlbGV0ZTpncmFudHMgcmVhZDpndWFyZGlhbl9mYWN0b3JzIHVwZGF0ZTpndWFyZGlhbl9mYWN0b3JzIHJlYWQ6Z3VhcmRpYW5fZW5yb2xsbWVudHMgZGVsZXRlOmd1YXJkaWFuX2Vucm9sbG1lbnRzIGNyZWF0ZTpndWFyZGlhbl9lbnJvbGxtZW50X3RpY2tldHMgcmVhZDp1c2VyX2lkcF90b2tlbnMgY3JlYXRlOnBhc3N3b3Jkc19jaGVja2luZ19qb2IgZGVsZXRlOnBhc3N3b3Jkc19jaGVja2luZ19qb2IgcmVhZDpjdXN0b21fZG9tYWlucyBkZWxldGU6Y3VzdG9tX2RvbWFpbnMgY3JlYXRlOmN1c3RvbV9kb21haW5zIHVwZGF0ZTpjdXN0b21fZG9tYWlucyByZWFkOmVtYWlsX3RlbXBsYXRlcyBjcmVhdGU6ZW1haWxfdGVtcGxhdGVzIHVwZGF0ZTplbWFpbF90ZW1wbGF0ZXMgcmVhZDptZmFfcG9saWNpZXMgdXBkYXRlOm1mYV9wb2xpY2llcyByZWFkOnJvbGVzIGNyZWF0ZTpyb2xlcyBkZWxldGU6cm9sZXMgdXBkYXRlOnJvbGVzIHJlYWQ6cHJvbXB0cyB1cGRhdGU6cHJvbXB0cyByZWFkOmJyYW5kaW5nIHVwZGF0ZTpicmFuZGluZyBkZWxldGU6YnJhbmRpbmcgcmVhZDpsb2dfc3RyZWFtcyBjcmVhdGU6bG9nX3N0cmVhbXMgZGVsZXRlOmxvZ19zdHJlYW1zIHVwZGF0ZTpsb2dfc3RyZWFtcyBjcmVhdGU6c2lnbmluZ19rZXlzIHJlYWQ6c2lnbmluZ19rZXlzIHVwZGF0ZTpzaWduaW5nX2tleXMgcmVhZDpsaW1pdHMgdXBkYXRlOmxpbWl0cyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyJ9.A8BWCihsazeHasnD2KeP8YNO08uwhjZzo2yxvGLH1CGS9VymjtroGAM4ZFo4XELjZnobK6WzplGiYDUZz9H1m8A5jRWOfPbixXOG69pLUYka5NZR153F-EmqrXQ81vM25kEPsyHLJBqadvaDow-XOAN_t8KbTuetjP0e7ya8C8JY30uLWgYrQODwhQK03qu0P9hkutknVvKIzQChKL8l0b-pThJMu65-6b5yUr57giVITXtljshXFiUsYTRTsi_6Sgun70RyTTYmpx7DgjWif_mlra2bpSpHnJFVT8gSPkj2bntwiq3KzFicP4yld4OqD0Rc0DnknFRr3emINud4-Q",
"Connection": "keep-alive",
"Host": "bin.test",
"User-Agent": "HTTPie/2.1.0",
"X-Consumer-Id": "6ad39431-9f2f-4f49-9624-6c8c4ea36af2",
"X-Consumer-Username": "apiUser",
"X-Credential-Identifier": "https://farrellsoft.auth0.com/",
"X-Forwarded-Host": "localhost"
},
"json": null,
"method": "GET",
"origin": "127.0.0.1",
"url": "http://localhost/anything"
}
Seems to be working just fine.