Kong + JWT Excluding endpoints from authorization

I am using Kong and the JWT plugin to authenticate my upstream services. I have a use case where i would like to expose an endpoint in one of the services without having Kong authenticate against it. I was wondering if there is any way to specify exclusion patterns to let Kong know to ignore authentication for this endpoint?

Thanks in advance for any help!

Solution

Kong looks at the configured APIs in order of length. So it should be possible (without have tested it) that you use a longer uri (the one you want to make publicly accessible) without the JWT plugin, while keeping your current endpoint with the JWT plugin.

For example, if your current configuration is on /myApi and the path you want to make public is /myApi/login, then add an API on the latter without configuring the JWT on it.

Creating JWT in Coldfusion for google Service account
Unexpected JWT alg received, expected RS256, got: HS256
Spring Security issue with JWT: Cannot subclass final class JwtAuthenticationProvider
Why do I get a "io.jsonwebtoken.ExpiredJwtException"?
.NET Core 3.1 GoogleSignIn -The authentication handler registered for scheme 'Bearer' is 'JwtBearerHandler' which cannot be used for SignInAsync
JWT signature verification failing
IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize
How can I securize my code-first gRPC endpoints using Azure Authentication?
AWS Lambda Custom JWT Validation
Flask JWT Extended missing csrf access token
Where should I refresh my JWT in SvelteKit
Token is generated at the endpoint but does not arrive on the page
Is it okay to encrypt a 3rd party access token and refresh token, in an encrypted JWT?
In JWT Authentication in .NET 7, how can a "validated" token be "missing"?
What to validate 'iat' and 'sub' claims of a JWT against?
How to use jti claim in a JWT
Can't import jwt-decode in JavaScript file in React project
JWT and CSRF differences
Getting 'secretOrPrivateKey must have a value' error in NestJS JWT authentication
Google Sheets, JWT client with Service Account
Angular 17 & dot net Core 8 - Jwt on refresh adding to Audience
Is "scope" a standard claim?
Error when trying to Promisify JWT in Typescript
reactjs call multiple axios posts in one async function
TS2339: Property 'scope' does not exist on type 'JwtPayload'
Generating JWT token with JwtUtil class in Spring Boot resulting in NullPointerException
Azure authentification for multiple audience using WithExtraScopesToConsent and AcquireTokenSilent
Express and React Token Authentication: req.cookies is empty in application but works in Postman
Manually calculating JWT signature never outputs the real signature
Why is lexik-jwt bundle returning an empty token with correct credentials?