Add a JWT Authentication Plugin
This example adds an HTTP Basic Authentication Plugin to a new route on the echo-service.
This example assumes the Consumer has been created following the instructions in Add a HTTP Basic Authentication Plugin
Add a JWT Auth Credential
- Click Consumers on the menu.
- Click the consumer-app-1 Consumer.
- Click the JWT tab.
- Click the Add action icon.
- Enter the Credential description, for example "JWT auth credential"
- Enter the Key, for example "my-jwt-key-1".
- Select the HS256 algorithm.
- Enter the Secret, for example "my-jwt-secret-1".
- Click SAVE
Create a JWT (optional)
You may create your own JWT or if the recommended Key and Secret in the previous step was used, use the JWT shown below.
- Open a browser and navigate to https://jwt.io
- Under Decoded | Header, enter the credential key as the JSON "kid" property, for example: "kid": "my-jwt-key-1". Make sure to add a comma before the property so that the JSON is valid.
- Under Decoded | Verify Signature, enter the secret in the "your-256-bit-secret" field, for example: "my-jwt-secret-1".
- Click the "Share JWT" button, which will copy the JWT to the clipboard. Save the JWT.
JWT with Key: my-jwt-key-1, Secret: my-jwt-secret-1, signed with HS256
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im15LWp3dC1rZXktMSJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.82ybmL2UQiGB1YU5EuyKYx-pOGStrPzJZ3toG_AOylk
Create a New Route
- Click Services on the menu.
- Click the echo-service on the Services list.
- Click the Routes tab.
- Click the Add action icon.
- Enter the Route name, for example "echo-route-jwt-auth".
- Enter the description, for example "Route and authenticate requests with URI prefix /echo-jwt-auth".
- Select the Paths field.
- Enter /echo-jwt-auth and press ENTER.
- Click SAVE.
Add the Plugin
- Click Services on the menu.
- Click the echo-service Service.
- Click the Routes tab.
- Click the echo-route-http-jwt-auth Route.
- Click the Plugins tab.
- Click the Add action icon.
- Select the "JSON Web Token Authentication" plugin type.
- Enter the Plugin description, for example "Authenticate consumer-app-1 with JWT".
- From the Consumers list, select consumer-app-1.
- Enter the query param value "token" and press ENTER.
- Click SAVE.
Test the Configuration
- From the Console Dashboard, start the gateway or redeploy the gateway configuration.
- In a browser, enter the authenticated route URL using the address of the gateway listener, for example http://nonstop-host:19091/echo-jwt-auth.
- The browser should return a 401 Authorization Required error.
- Add the JWT as a query param, for example: http://nonstop-host:19091/echo-jwt-auth?token=<the-jwt-string>
- The response should be returned.