Related Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https

3.10.0.0

Release date 2025/03/27

Bugfix

  • Improved the error message which occurred when an anonymous consumer was configured but did not exist.

3.9.0.0

Release date 2024/12/12

Bugfix

  • ensure rsa_public_key isn’t base64-decoded.

3.8.0.0

Release date 2024/09/11

Bugfix

  • Add WWW-Authenticate headers to 401 responses.

3.7.0.0

Release date 2024/05/28

Feature

  • Addded support for EdDSA algorithms in JWT plugin

  • Added support for ES512, PS256, PS384, PS512 algorithms in JWT plugin

Bugfix

  • Fixed an issue where the plugin would fail when using invalid public keys for ES384 and ES512 algorithms.

3.2.1.0

Release date 2023/02/28

Bugfix

  • This plugin now denies requests that have different tokens in the JWT token search locations.

    Thanks Jackson ‘Che-Chun’ Kuo from Latacora for reporting this issue.#9946

3.1.0.0

Release date 2022/12/06

Feature

  • The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

3.0.0.0

Release date 2022/09/09

Breaking Change

  • Updated the priority for some plugins.: jwt changed from 1005 to 1450

  • The authenticated JWT is no longer put into the nginx context (ngx.ctx.authenticated_jwt_token). Custom plugins which depend on that value being set under that name must be updated to use Kong’s shared context instead (kong.ctx.shared.authenticated_jwt_token) before upgrading to 3.0.

2.8.2.3

Release date 2023/01/06

Bugfix

  • Fixed an issue where the JWT plugin could potentially forward an unverified token to the upstream.

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!