JWT Plugin bypasses validation process occasionally on frequent requests #13050
Labels
pending author feedback
Waiting for the issue author to get back to a maintainer with findings, more details, etc...
stale
Is there an existing issue for this?
Kong version (
$ kong version
)2.8.1
Current Behavior
Dear Team,
I’m currently running Kong within a Docker container, along with the JWT plugin. My setup involves a Flask web server operating behind Kong, with JWT validation enabled at the Kong level. When I send a request via Postman with an invalid signature bearer token or an invalid algorithm, I receive an “Invalid alg or invalid signature” response. However, upon frequent requests, I’ve observed occasional bypassing of the validation process from Kong side and reaches my flask server.
Thanks in Advance.
Expected Behavior
It should throw exception.
Steps To Reproduce
Took the valid bearer token, made a request and it passed through it. With the same valid token, i manually tampered the token making invalid algorithm and made a request using postman. Initial request got a exception, but on frequent request occasionally getting bypassed
Anything else?
No response
The text was updated successfully, but these errors were encountered: