I have 2 plugins enabled at global level:
plugins:
- name: kong-jwt2header
enabled: true
config:
strip_claims: “false”
token_required: “false” - name: request-transformer
enabled: true
config:
remove:
body:
- userid:*
add:
body:
- userid:$(headers[“x-kong-jwt-claim-sub”])
Then i have 2 plugins enabled at service level:
- name: reservation
url: http://reservation:4000
enabled: true
plugins:- name: jwt
enabled: true
config:
header_names:
- Authorization
claims_to_verify:
- exp
key_claim_name: iss - name: request-transformer
enabled: true
config:
remove:
body:
- userid:*
add:
body:
- userid:$(headers[“x-kong-jwt-claim-sub”])
- name: jwt
Last i have a route in same service where i dont want to enable any plugin.
- name: gettarget
paths:
- /api/v1/reservation/gettarget
methods:
- GET
strip_path: false
plugins:
But while deploying above configs, gettarget is responding with
{
“message”: “Unauthorized”
}
Expectation was gettarget route should not have any restriction on access.
What m missing here.