I am using KONG as my API gateway and KONGA as my admin console for KONG. I want KONG to validate my API's with JWT tokens and I expect if there is invalid token passed or some claims missing in token, KONG has to validate it and throws the exception.
But now problem is KONG is accepting all the JWT token and it seems it is not validating the token before routing the request to micro service layer.
In KONG I created one service and route and added JWT plugins in it. As I mentioned earlier I am using KONGA as my User Interface admin console for KONG, so I am not doing anything directly in KONG using curl request.
I created one consumer, in that I added one JWT credentials to it and I pass the consumer ID to JWT plugins as it is asking customer ID.
Once I pass the consumer id to JWT plugins, it started accepting all the string as valid JWT token and even though if I not pass any JWT token, it is routing the request to micro service layer.
Please help on why KONG is not validating my JWT token and accepting all ?
