Hi all,
using KONG 3.3.0, in our project we are using 2 types of auth - one is per application (api-key → acl/key-auth), and one is per user - Authorization: Bearer token (JWT auth)
Now we want to provide “VIP” rate-limits (higher than normal) for VIP application (key-auth) and also for VIP user (JWT auth).
The problem is, I can set up to have precedence one or other, so always one will not work
The client is always sending api-key and if authenticated also Authorization Bearer token (JWT).
I set services to validate always api-key (so without api-key nothing is working). JWT is optional and required only on some routes (user-info, logout etc)
Is there any workaround?
Thank you.