In order to give you better service we use cookies. By continuing to use our website, you agree to the use of cookies as described in our Cookie Policy

Kong Logo
header icon

JWT to Header (Route by JWT Claim)

This plugin converts JWT claims into headers during the rewrite phase. This is useful for:

  • Routing requests by JWT claim, so that Kong’s route by header functionality can route the request appropriately.
  • Allowing the upstream service to consume claims as headers. Since this plugin has elements that must run in the Rewrite execution phase, it can only be configured to run globally in a Kong workspace or cluster. This plugin can be used in conjunction with other JWT validation/authentication plugins.

Terminology

  • plugin: a plugin executing actions inside Kong before or after a request has been proxied to the upstream API.
  • Upstream service: this refers to your own API/service sitting behind Kong, to which client requests are forwarded.

Configuration

This plugin is compatible with requests with the following protocols:

  • http
  • https

This plugin is compatible with DB-less mode.

Fully compatible with DB and DB-less (K8s, Declarative) Kong implementations.

Global plugins

A plugin which is not associated to any Service, Route, or Consumer (or API, if you are using an older version of Kong) is considered "global", and will be run on every request. Read the Plugin Reference and the Plugin Precedence sections for more information.

  • Using a database, all plugins can be configured using the http://kong:8001/plugins/ endpoint.
  • Without a database, all plugins can be configured via the plugins: entry on the declarative configuration file.

Parameters

Here's a list of all the parameters which can be used in this plugin's configuration:

Form ParameterDescription
nameThe name of the plugin to use, in this case kong-jwt2header
enabled

default value: true		Whether this plugin will be applied.
config.strip_claims

default value:

false

If enabled, claims will be removed from headers before being sent to the upstream. By default, each claim is passed upstream in a header prefixed with X-Kong-JWT-Claim.
config.token_required

default value:

true

By default, token_required is set to true, and an error will be returned if a valid JWT is not present in the request. Set it to false if you want this plugin to fail open and proceed with executing the request, regardless of whether a valid JWT is present or not.

Installation & Usage

A tutorial, installation steps, and further information can be found at https://github.com/yesinteractive/kong-jwt2header.