JWT Plugin - Logging Authentication Failure Reason

Hello Everyone,

I would like to know if it is possible for us to get the reason why a JWT auth failed, hopefully somewhere in the logs or through the content published out by the http-log/ tcp-log / syslog schema.

Here is the use case: api consumer calls api, passes through a JWT that fails to authenticate successfully. The consumer gets back a http 401 response with the details of the failure, ex invalid signature, expired, etc etc. However, no details of the failure is logged on the Kong side. Sure, we can see that a 401 was generated for the call, but not the reason why.

I had a quick glance at the source for plugins/jwt and was wondering what needs to be done for us to get this out into a log, or even better, into the structure used by the various log plugins.

So, the questions:

  1. Is this already possible, logged somewhere or otherwise visible from a Kong side, and I am just missing it?
  2. Would it be possible to add this if it does not exist yet…? And if yes, where / how?

Need guidance, can code, will submit PR. :slight_smile:

Thank you in advance!

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ