Disable signing or re-signing tokensv3.12+
Disables signing or re-signing access and channel tokens. This can be useful when the token is just validated by Kong Gateway and doesn’t need to be passed to the upstream.
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: jwt-signer
config:
channel_token_signing: false
access_token_signing: false
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "jwt-signer",
"config": {
"channel_token_signing": false,
"access_token_signing": false
}
}
'
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: jwt-signer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
channel_token_signing: false
access_token_signing: false
plugin: jwt-signer
" | kubectl apply -f -
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: jwt-signer
service: serviceName|Id
config:
channel_token_signing: false
access_token_signing: false
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "jwt-signer",
"config": {
"channel_token_signing": false,
"access_token_signing": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: jwt-signer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
channel_token_signing: false
access_token_signing: false
plugin: jwt-signer
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=jwt-signer
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: jwt-signer
route: routeName|Id
config:
channel_token_signing: false
access_token_signing: false
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "jwt-signer",
"config": {
"channel_token_signing": false,
"access_token_signing": false
}
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: jwt-signer
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
channel_token_signing: false
access_token_signing: false
plugin: jwt-signer
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=jwt-signer
kubectl annotate -n kong ingress konghq.com/plugins=jwt-signer