Kong manage role and authority


Is it possible in Kong we define the endpoint and secure the endpoint with some kind of rules, for instances /api/users/create hasRole(‘Admin’) and hasAuthority(‘write’). And that particular rule is extract from JWT Token ?


Hey Nizar,

You may be able to do some / most of what you want with some logic built around the JWT plugin: JWT - Plugin | Kong Docs (OSS). If you are on Kong Enterprise, the OIDC plugin is more full-featured and probably can do all of what you need based on specific groups / claims etc: OpenID Connect - Plugin | Kong Docs.