JWT verification via JWKS

I had a question about JWT verification with Kong. My use case is to use a jwks from .well-known/jwks.json to verify tokens and then validate a few claims on the jwt before passing the request off to the backend. I assumed that the JWT plugin did this but after looking it appears that the JWT Plugin only has the ability to hold a static public key for verification. I would need the ability to use a JWKS so that the public keys could be rotated periodically.

Do I have to write a plugin for this is is this builtin functionality to the JWT Plugin?


Hi Donald are you using OSS or Kong Gateway Enterprise?

In Kong Gateway Enterprise you can use OIDC plugin and a custom JWKS URL parameter that can be additionally configured.