I’m new with Kong and I am stuck on something with my gateway.
I have an SPA which call multiple microservices running behind Kong and I’m trying to delegate authentication to him by using the JWT plugin with Auth0.
But I fail to achieve this…
I would like to have 1 consumer = 1 end user in order to add ACL Plugins after but for the moment it’s not my focus because the authentication part doesn’t work: frowning:
Is this possible to have 1 consumer = 1 end user and pass the JWT generate after login with Auth0 on my SPA (with default login form of Auth0) to Kong in order to verify this token and grant access to my backend apis ?
Thanks for reply, I success to do something but could you tell me if I’m wrong :
1 - User connect through my SPA with Auth0
2 - My SPA store accessToken/idToken of the user in order to make request to Kong gateway
3 - When my SPA need to call my backend, it use the user token stored before
With this, I success to call my API which is protected by Kong JWT plugin (and I think this is the part where you tell me this plugin is only for validation purpose with the public key of my Auth0 account).
But with this configuration I only have one consumer which represent my SPA application, so I have two questions :
There is a way to make 1 consumer = 1 end user ?
If not, there is a way to tell Kong that If the JWT is valid make an introspection of this token ? I would like to pass the request to a webservice in order to check which user emmit the request from the SPA (according to my Auth0 user’s informations)