I have a REST API built with Django and that has JWT authentication . Users can register and authenticate with their desired username and password, and the application provides them with a valid JWT. We are adding a few more API’s to our platform and we’d live to setup access via Kong and have common authentication component. So we decided to stop handling user management at the API level and thought about having all of it handled by Kong.
I would like to keep the existing workflow of the users just providing username and password (and then have JWT passed via Authorization header), but from my understanding Kong does not craft JWT it just validates them so this is all passed to client side. Maybe I’m a little confused, but maybe I need a 3rd party to handle this.
Thanks in advance.