You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ran into a little issue the other day. When updating the configuration of some containers, the location of our keys moved, but the configuration of this plugin was not updated. Whilst this plugin, did log the error, to my surprise it still produced a JWT token albeit signed by a certificate that is auto-generated by the LUA openssl library in use. Thus, the issue ultimately only presented itself on the upstreams during token validation.
This goes against the principle of least surprise for me as I would have expected a more outright failure to have occurred. I guess this is a subjective opinion but my expectation would be that the contract between Kong and an upstream that is defined through use of this plugin is a guarantee that the if the request is successfully proxied and a JWT token is added, then it will be valid. Ultimately there is no point in proxying the request if it is invalid.
The text was updated successfully, but these errors were encountered:
Ran into a little issue the other day. When updating the configuration of some containers, the location of our keys moved, but the configuration of this plugin was not updated. Whilst this plugin, did log the error, to my surprise it still produced a JWT token albeit signed by a certificate that is auto-generated by the LUA openssl library in use. Thus, the issue ultimately only presented itself on the upstreams during token validation.
This goes against the principle of least surprise for me as I would have expected a more outright failure to have occurred. I guess this is a subjective opinion but my expectation would be that the contract between Kong and an upstream that is defined through use of this plugin is a guarantee that the if the request is successfully proxied and a JWT token is added, then it will be valid. Ultimately there is no point in proxying the request if it is invalid.
The text was updated successfully, but these errors were encountered: