I’m using auth0 for authentication which gives me a JWT token. I want to delegate the authentication and access control for my API calls completely to the API gateway, so the actual implementation doesn’t have to care about JWT tokens anymore.
I followed this guide I found on your blog: JWT Token Authentication and Microservices: API Tutorial | Kong HQ
Which solved the authentication, but it doesn’t resolve the user id. I only get the one consumer name I defined myself. But of cause I need to know, who is calling the API (isn’t that crucial?). In the blog posts there is even a headline “Every User Is a Consumer”, which is probably what I want, but it’s not telling me HOW to do it. It’s just saying you CAN configure Kong to do it, but HOW?!
I hope you can help me with that, and point me in the right direction