JWT verification via JWKS

Donald_Freeman · September 15, 2023, 9:52am

I had a question about JWT verification with Kong. My use case is to use a jwks from .well-known/jwks.json to verify tokens and then validate a few claims on the jwt before passing the request off to the backend. I assumed that the JWT plugin did this but after looking it appears that the JWT Plugin only has the ability to hold a static public key for verification. I would need the ability to use a JWKS so that the public keys could be rotated periodically.

Do I have to write a plugin for this is is this builtin functionality to the JWT Plugin?

Thanks,

Denis_Signoretto · September 18, 2023, 2:06pm

Hi Donald are you using OSS or Kong Gateway Enterprise?

In Kong Gateway Enterprise you can use OIDC plugin and a custom JWKS URL parameter that can be additionally configured.

ltartarin90 · February 27, 2024, 10:55am

Hello Denis, can you confirm that the Kong OSS JWT plugin is NOT able to manage the use case described by Donald? In this case, are you referring this plugin: OpenID Connect - Plugin | Kong Docs available for the Enterprise version?

Thanks in advance.

Topic		Replies	Views
JWKS support in the JWT plugin Feature Requests & Feedback	2	2271	May 7, 2021
Kong API Gateway and JWKS for validatin JWT's kong-gateway	0	565	December 8, 2020
oAuth2 token validation at the gateway level, Possible? kong-gateway	2	786	March 12, 2019
JWT RS256 Token Validation Questions	4	2895	June 18, 2019
Keycloak integration Questions	1	2359	February 1, 2018

JWT verification via JWKS

Related topics