Skip to main content
Skip table of contents

Add a JWT Authentication Plugin

This example adds an HTTP Basic Authentication Plugin to a new route on the echo-service. 

This example assumes the Consumer has been created following the instructions in Add a HTTP Basic Authentication Plugin

Add a JWT Auth Credential

  1. Click Consumers on the menu.
  2. Click the consumer-app-1 Consumer.
  3. Click the JWT tab.
  4. Click the Add action icon.
  5. Enter the Credential description, for example "JWT auth credential"
  6. Enter the Key, for example "my-jwt-key-1".
  7. Select the HS256 algorithm.
  8. Enter the Secret, for example "my-jwt-secret-1".
  9. Click SAVE

Create a JWT (optional)

You may create your own JWT or if the recommended Key and Secret in the previous step was used, use the JWT shown below.

  1. Open a browser and navigate to
  2. Under Decoded | Header, enter the credential key as the JSON "kid" property, for example: "kid": "my-jwt-key-1". Make sure to add a comma before the property so that the JSON is valid.
  3. Under Decoded | Verify Signature, enter the secret in the "your-256-bit-secret" field, for example: "my-jwt-secret-1".
  4. Click the "Share JWT" button, which will copy the JWT to the clipboard. Save the JWT.

JWT with Key: my-jwt-key-1, Secret: my-jwt-secret-1, signed with HS256


Create a New Route

  1. Click Services on the menu.
  2. Click the echo-service on the Services list.
  3. Click the Routes tab.
  4. Click the Add action icon.
  5. Enter the Route name, for example "echo-route-jwt-auth".
  6. Enter the description, for example "Route and authenticate requests with URI prefix /echo-jwt-auth".
  7. Select the Paths field.
    1. Enter /echo-jwt-auth and press ENTER.
  8. Click SAVE.

Add the Plugin

  1. Click Services on the menu.
  2. Click the echo-service Service.
  3. Click the Routes tab.
  4. Click the echo-route-http-jwt-auth Route.
  5. Click the Plugins tab.
  6. Click the Add action icon.
  7. Select the "JSON Web Token Authentication" plugin type.
  8. Enter the Plugin description, for example "Authenticate consumer-app-1 with JWT".
  9. From the Consumers list, select consumer-app-1.
  10. Enter the query param value "token" and press ENTER.
  11. Click SAVE.

Test the Configuration

  1. From the Console Dashboard, start the gateway or redeploy the gateway configuration.
  2. In a browser, enter the authenticated route URL using the address of the gateway listener, for example http://nonstop-host:19091/echo-jwt-auth. 
  3. The browser should return a 401 Authorization Required error.
  4. Add the JWT as a query param, for example: http://nonstop-host:19091/echo-jwt-auth?token=<the-jwt-string>
  5. The response should be returned.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.