Replies: 3 comments 1 reply
-
1.get application-a 's xxx.key or xxx.cert |
Beta Was this translation helpful? Give feedback.
0 replies
-
@ratnesh88 you can expose a JSON Web Key Set from your Authentication Service Provider (Step 4), and use Kong's JWT signer plugin to verify it. |
Beta Was this translation helpful? Give feedback.
1 reply
-
have you found a solution for this? i'm having a similar situation where i want to verify a token in my api gateway |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I want to use kong as api gateway to validate the jwt token which is issued by my own application for my users.
here is my scenario:
step1 : I have a web application called Appliction-1 where user gets login. as soon as they click on login button we redirect user request to our identity provider (we have this provider as a web api application *Application-2 *which actually accepts the user credential and generates the JWT access token for them)
step 2: once we get JWT token from our provider Application-2 we just want to hit our microservices (upstream service) through Kong gateway.
Step 3 : now we have already added our microservices endpoint to Kong gateway so we want out request to go to kong gateway first.
so we send the Http request to kong gateway with the JWT access token in request header.
now my question over here is as my user is already authenticated and got the JWT token from Application-2, so how we can validate public key signature of our accesstoken at Kong gateway? what configuration we will need to achieve the same.
My JWT token header we have RS512 algorithm and in payload we are providing issuer url which is the key-claim-name as "iss". so how and from where we can get the public key which should be validated at Kong gateway.
please let me know if my steps are not clear.
your help would be really appreciated. thanks !!
i am attaching one block diagram also which represents our flow
Beta Was this translation helpful? Give feedback.
All reactions