RS256 JWT example in KIC docs doesn't seem to work

I have been trying to get started with kong authentication and following the instructions to setup the ingress controller in kubernetes and then to set up JWT authorisation.

I followed the instructions to the letter and was able to get everything set up with the expected responses until I turned authentication on. I created secrets according to the instructions and inspecting them in kubernetes show that my key (the “admin-issuer” string used in the docs) and my public RSA key are both correct, although base64 encoded.

I used to generate my token, with a header of

  "alg": "RS256",
  "typ": "JWT"

and a payload of

    "iss": "admin-issuer"

I also provided the same public key that I provided when setting up the secret and the corresponding signature. verified the signature and everything seems fine, but then it fails when I try to connect to it

$ curl -I -H "Authorization: Bearer ${ADMIN_JWT}" http://kong.example/lime --resolve kong.example:80:$PROXY_IP

HTTP/1.1 401 Unauthorized
Date: Fri, 15 Sep 2023 04:38:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 50
X-Kong-Response-Latency: 7
Server: kong/3.3.1

I have tried a lot of things, including a number of different permutations of the JWT payload (the docs only mention that an issuer is required, but I tried adding iat, exp, etc), as well as recreating a GKE cluster and starting the whole thing from scratch.

I really don’t know what to try next. If somebody could confirm that the instructions work for them on a new cluster, or maybe provide some clues about where to find more info/logs to try to narrow down where exactly this is failing, that would be very much appreciated!

Hi @donall . This guide has been updated in the KIC 3.0 release. Please check this guide: Access Control List plugin - v3.0.x | Kong Docs.