Skip to content

Instantly share code, notes, and snippets.

@mandaputtra

mandaputtra/jwt-using-kong.md

Last active August 30, 2021 00:10
Show Gist options
  • Save mandaputtra/daadf63eeaa188c9873d01c898ea42fe to your computer and use it in GitHub Desktop.
Save mandaputtra/daadf63eeaa188c9873d01c898ea42fe to your computer and use it in GitHub Desktop.
Download ZIP
JWT Authentication using Kong
Raw
jwt-using-kong.md

Run Kong Using Databases

$ docker run -d --name kong \
    --link kong-database:kong-database \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    -e "KONG_PG_PASSWORD=kong" \
    -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
    -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
    -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
    -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
    -p 8000:8000 \
    -p 8443:8443 \
    -p 8001:8001 \
    -p 8444:8444 \
    kong

Creating Service

You can also just create the route, use URL with your API URL

$ curl -i -X POST \
  --url http://localhost:8001/services/ \
  --data 'name=local-auth-jwt' \ 
  --data 'url=http://localhost:5000'

Enable JWT Plugins

$ curl -X POST http://localhost:8001/services/local-auth-jwt/plugins \
    --data "name=jwt"  \
    --data "config.secret_is_base64=false" \
    --data "config.run_on_preflight=true"

Creating Routes for Service

$ curl -X POST http://localhost:8001/services/local-auth-jwt/routes \
--data "name=auth" \
--data "protocols[]=http" \
--data "paths[]=/jwt-auth"

Create Consumers

$ curl -X POST http://localhost:8001/consumers \
--data "username=yourusername.com" \
--data "tags[]=normal_user"

Create consumers JWT

$ curl -X POST http://localhost:8001/consumers/yourusername.com/jwt 
{ 
  "tags":null,
  "key":"bJEUYhtuCSmqM9LbLPOiUja2f8LRVHQy",
  "consumer": {
    "id":"f3c82941-a0c1-46bb-b394-301e7ad9d094"
   },
   "id":"98bdc402-f8d7-4c0d-b0bf-38933d3ca980",
   "algorithm":"HS256",
   "created_at":1629871731,
   "rsa_public_key":null,
   "secret":"Dzhj0g9rTkR3Gkk8dJj1iyYskdnsHZ8I"
}

Please dont forget to create your signed key!

Sign JWT Key above, I'm using nodejs

Code are just pseduocode, update later

import jwt from 'jsonwebtoken';

const token = jwt.sign({ username: userId }, jwtSecret.secret, {
  algorithm: jwtSecret.algorithm,
  keyid: jwtSecret.key,
});

Retrieve customer using jwt key

$ curl -X GET http://localhost:8001/jwts/{jwt-key}/consumer 
{ 
  "tags": ["normal_user"], 
  "created_at":1629871636,
  "custom_id":null,
  "username":"[email protected]",
  "id":"f3c82941-a0c1-46bb-b394-301e7ad9d094"
}

How do i get the payload?

After that you register your endpoint to Kong, you already do that when you create a service, so you can use it like this POST localhost:8001/service/ with your bearer token included on those request. Kong will inject some headers so you can get it with this.

req.headers['x-consumer-username']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment