Kong · Schema
JwtPluginConfig
API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source
Properties
| Name | Type | Description |
|---|---|---|
| config | object | |
| name | object | |
| protocols | array | A set of strings representing HTTP protocols. |
| route | object | If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used. |
| service | object | If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/JwtPluginConfig",
"title": "JwtPluginConfig",
"x-speakeasy-entity": "PluginJwt",
"properties": {
"config": {
"type": "object",
"properties": {
"anonymous": {
"description": "An optional string (consumer UUID or username) value to use as an \u201canonymous\u201d consumer if authentication fails.",
"type": "string"
},
"claims_to_verify": {
"description": "A list of registered claims (according to RFC 7519) that Kong can verify as well. Accepted values: one of exp or nbf.",
"type": "array",
"items": {
"enum": [
"exp",
"nbf"
],
"type": "string"
}
},
"cookie_names": {
"description": "A list of cookie names that Kong will inspect to retrieve JWTs.",
"type": "array",
"items": {
"type": "string"
},
"default": []
},
"header_names": {
"description": "A list of HTTP header names that Kong will inspect to retrieve JWTs.",
"type": "array",
"items": {
"type": "string"
},
"default": [
"authorization"
]
},
"key_claim_name": {
"description": "The name of the claim in which the key identifying the secret must be passed. The plugin will attempt to read this claim from the JWT payload and the header, in that order.",
"type": "string",
"default": "iss"
},
"maximum_expiration": {
"description": "A value between 0 and 31536000 (365 days) limiting the lifetime of the JWT to maximum_expiration seconds in the future.",
"type": "number",
"default": 0,
"maximum": 31536000,
"minimum": 0
},
"realm": {
"description": "When authentication fails the plugin sends `WWW-Authenticate` header with `realm` attribute value.",
"type": "string"
},
"run_on_preflight": {
"description": "A boolean value that indicates whether the plugin should run (and try to authenticate) on OPTIONS preflight requests. If set to false, then OPTIONS requests will always be allowed.",
"type": "boolean",
"default": true
},
"secret_is_base64": {
"description": "If true, the plugin assumes the credential\u2019s secret to be base64 encoded. You will need to create a base64-encoded secret for your Consumer, and sign your JWT with the original secret.",
"type": "boolean",
"default": false
},
"uri_param_names": {
"description": "A list of querystring parameters that Kong will inspect to retrieve JWTs.",
"type": "array",
"items": {
"type": "string"
},
"default": [
"jwt"
]
}
}
},
"name": {
"const": "jwt"
},
"protocols": {
"description": "A set of strings representing HTTP protocols.",
"type": "array",
"items": {
"enum": [
"grpc",
"grpcs",
"http",
"https"
],
"type": "string"
},
"format": "set",
"default": [
"grpc",
"grpcs",
"http",
"https"
]
},
"route": {
"description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.",
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
}
}
},
"service": {
"description": "If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.",
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
}
}
}
}
}