JWT plugin and consumers


I was able to setup the JWT plugin and want it to validate that the way I’m planning to use it is the correct/expected.

We will have around ~10k end users of our SPA that will communicate with the backend (a bunch of serverless functions) through Kong.

At the registration flow, I want it to create the consumer in Kong and generate/store the JWT details.
After that, when the user wants to login, I would pull the secret, the key and generate the JWT token for the given end user (consumer in Kong).

Do you see something wrong with the approach? is there any performance issue with doing it like this?

Thanks !

1 Like

Nobody? I haven’t found any comment on this through the forum.

Any feedback will be appreciated


I am looking for the same information.
A good Kong & JWT tutorial article would be interesting for me. (I have read a couple about oauth0 but none explain well enough)

I have same question. Kong need to explain different approach and solutions in articles for beginners.
you imagine we have 1M users, is it wisely to kong be responsible for authorization and authentication for credential for users or it is better to do it in api authorization?
in other methodology, do you advise to use two kong gateway in series. for example, a kong is responsible for consumers like mobile apps and in microservices apps use another kong to manage users. is it possible?