Kong JWT plugin bypassing invalid signature/ algorithm

Dear Team,
I’m currently running Kong within a Docker container, along with the JWT plugin. My setup involves a Flask web server operating behind Kong, with JWT validation enabled at the Kong level. When I send a request via Postman with an invalid signature bearer token or an invalid algorithm, I receive an “Invalid alg or invalid signature” response. However, upon frequent requests, I’ve observed occasional bypassing of the validation process from Kong side and reaches my flask server.
Thanks in Advance.

@ramprasath I assume you are using Kong OSS? If so, could you please forward your issue to the public GitHub repository and post a new issue? If possible, cross linking this topic to that issue would be appreciated. Thank you.

1 Like

Thank rick,
Raised a new issue. Sharing link for reference
JWT Plugin bypasses validation process occasionally on frequent requests · Issue #13050 · Kong/kong (github.com)