DEV Community: Olena Borzenko The latest articles on DEV Community by Olena Borzenko (@borzenko_lena). https://dev.to/borzenko_lena https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F507059%2F8bb9571d-e3e0-4650-bb0b-d6b3fca93cc9.jpg DEV Community: Olena Borzenko https://dev.to/borzenko_lena en Auth0 with Kong JWT Plugin in docker - simple guide with python scripts Olena Borzenko Fri, 06 Nov 2020 14:38:59 +0000 https://dev.to/borzenko_lena/auth0-with-kong-jwt-plugin-in-docker-simple-guide-with-python-scripts-49le https://dev.to/borzenko_lena/auth0-with-kong-jwt-plugin-in-docker-simple-guide-with-python-scripts-49le <p><strong>Kong</strong> and <strong>Auth0</strong> are very powerful platforms. <br> Of course, the more you can do with a tool, the more documentation you need to read, and sometimes it could be frustrating 😬</p> <p>So, I've created this guide to show how you can easily configure everything on your local environment and play around in any way you like.</p> <p>To keep this article short, I've assumed that you already know a bit about Docker, Kong and Auth0. In any case here are some links:</p> <ul> <li><a href="https://docs.docker.com/engine/reference/commandline/cli/" rel="noopener noreferrer">Use the Docker command line</a></li> <li><a href="https://docs.konghq.com/hub/kong-inc/jwt/" rel="noopener noreferrer">Kong JWT Plugin</a></li> <li><a href="https://auth0.com/docs/quickstart/backend/aspnet-core-webapi/02-using" rel="noopener noreferrer">Obtaining an Access Token example</a></li> </ul> <p>Also, you'll need three things to follow this guide:</p> <ul> <li>API you can use for testing;</li> <li>Auth0 account/tenant where you can generate access token;</li> <li>IDE to run python scripts (I use PyCharm);</li> </ul> <p>I use python scripts as an example of how you can automate configuration process. That might be a great help for those who need to configure Kong for a running system or a different environments.</p> <h2> First things first! </h2> <p>Let's start with a Kong running in a docker container.</p> <p>We need to create a Docker network and database for Kong:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">docker</span> <span class="n">network</span> <span class="n">create</span> <span class="n">kong</span><span class="o">-</span><span class="n">net</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">docker</span> <span class="n">run</span> <span class="o">-</span><span class="n">d</span> <span class="o">--</span><span class="n">name</span> <span class="n">kong</span><span class="o">-</span><span class="n">database</span> \ <span class="o">--</span><span class="n">network</span><span class="o">=</span><span class="n">kong</span><span class="o">-</span><span class="n">net</span> \ <span class="o">-</span><span class="n">p</span> <span class="mi">5432</span><span class="p">:</span><span class="mi">5432</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">POSTGRES_USER=kong</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">POSTGRES_DB=kong</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">POSTGRES_PASSWORD=kong</span><span class="sh">"</span> \ <span class="n">postgres</span><span class="p">:</span><span class="mf">9.6</span> </code></pre> </div> <p>Database migration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">docker</span> <span class="n">run</span> <span class="o">--</span><span class="n">rm</span> \ <span class="o">--</span><span class="n">network</span><span class="o">=</span><span class="n">kong</span><span class="o">-</span><span class="n">net</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_DATABASE=postgres</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PG_HOST=kong-database</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PG_USER=kong</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PG_PASSWORD=kong</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_CASSANDRA_CONTACT_POINTS=kong-database</span><span class="sh">"</span> \ <span class="n">kong</span><span class="p">:</span><span class="n">latest</span> <span class="n">kong</span> <span class="n">migrations</span> <span class="n">bootstrap</span> </code></pre> </div> <p>And now, we can run our container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">docker</span> <span class="n">run</span> <span class="o">-</span><span class="n">d</span> <span class="o">--</span><span class="n">name</span> <span class="n">kong</span> \ <span class="o">--</span><span class="n">network</span><span class="o">=</span><span class="n">kong</span><span class="o">-</span><span class="n">net</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_DATABASE=postgres</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PG_HOST=kong-database</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PG_USER=kong</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PG_PASSWORD=kong</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_CASSANDRA_CONTACT_POINTS=kong-database</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PROXY_ACCESS_LOG=/dev/stdout</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_ADMIN_ACCESS_LOG=/dev/stdout</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_PROXY_ERROR_LOG=/dev/stderr</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_ADMIN_ERROR_LOG=/dev/stderr</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">e</span> <span class="sh">"</span><span class="s">KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl</span><span class="sh">"</span> \ <span class="o">-</span><span class="n">p</span> <span class="mi">8000</span><span class="p">:</span><span class="mi">8000</span> \ <span class="o">-</span><span class="n">p</span> <span class="mi">8443</span><span class="p">:</span><span class="mi">8443</span> \ <span class="o">-</span><span class="n">p</span> <span class="mf">127.0</span><span class="p">.</span><span class="mf">0.1</span><span class="p">:</span><span class="mi">8001</span><span class="p">:</span><span class="mi">8001</span> \ <span class="o">-</span><span class="n">p</span> <span class="mf">127.0</span><span class="p">.</span><span class="mf">0.1</span><span class="p">:</span><span class="mi">8444</span><span class="p">:</span><span class="mi">8444</span> \ <span class="n">kong</span><span class="p">:</span><span class="n">latest</span> </code></pre> </div> <p>Try to make a test:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">curl</span> <span class="o">-</span><span class="n">i</span> <span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="p">:</span><span class="mi">8001</span><span class="o">/</span> </code></pre> </div> <p>If you have some troubles, check if your containers are running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">docker</span> <span class="n">ps</span> </code></pre> </div> <p>If you don't see <code>kong</code> and <code>kong-database</code> containers in a list, then you'll need to start them explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">docker</span> <span class="n">start</span> <span class="n">kong</span> <span class="n">kong</span><span class="o">-</span><span class="n">database</span> </code></pre> </div> <p>You can also use Postman for testing:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5vzq5t3w7g9y9wf93uai.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5vzq5t3w7g9y9wf93uai.png" alt="Screenshot 2020-11-05 at 00.41.06"></a> </p> <h2> Time for some scripts! </h2> <p><em>Btw, using python is not mandatory. If you don't like it, you still can follow those steps with any other language or use curl commands.</em></p> <p><strong>Lets first define a configuration object for our new service and route.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># you'll need those imports later </span><span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">json</span> <span class="n">host</span> <span class="o">=</span> <span class="sh">"</span><span class="s">192.168.1.98</span><span class="sh">"</span> <span class="n">config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">service</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test-service</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">http://</span><span class="sh">"</span> <span class="o">+</span> <span class="n">host</span> <span class="o">+</span> <span class="sh">"</span><span class="s">:7400/api/test/data</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="sh">"</span><span class="s">route</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">protocols</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">http</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">methods</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PUT</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELETE</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">hosts</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="n">host</span><span class="p">],</span> <span class="sh">"</span><span class="s">paths</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">/(data)/*</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">headers</span><span class="sh">"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>Here <code>service.url</code> is a place where Kong will redirect us if we make a call to <code>localhost:8000/data</code> with a header <code>Host 192.168.1.98</code> (theoretically 🙃).</p> <p>If you don't want to use local API, then you can change <code>service.url</code> and <code>route.hosts</code> to use your values. Otherwise, I bet, you might have a question: <strong>"Why 192.168.1.98 and not localhost?"</strong>. Hold that thought, I'll get back to it.</p> <p><strong>Next step - creating Service and Route in Kong.</strong></p> <p>First of all, copy this script to the same file where you have your config object and take a close look on what's going on there. Don't run it yet - we still need to check one more thing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># create a service using our config object </span><span class="nf">print</span><span class="p">(</span><span class="n">config</span><span class="p">[</span><span class="sh">"</span><span class="s">service</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">])</span> <span class="n">serviceUrl</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://localhost:8001/services</span><span class="sh">"</span> <span class="n">serviceResponse</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">serviceUrl</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">config</span><span class="p">[</span><span class="sh">"</span><span class="s">service</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># print service id to ensure that it was successfully created </span><span class="n">serviceId</span> <span class="o">=</span> <span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">serviceResponse</span><span class="p">.</span><span class="n">content</span><span class="p">))[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">serviceId </span><span class="sh">"</span><span class="p">,</span> <span class="n">serviceId</span><span class="p">)</span> <span class="c1"># create a route using our config object </span><span class="n">routeUrl</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://localhost:8001/routes</span><span class="sh">"</span> <span class="n">config</span><span class="p">[</span><span class="sh">"</span><span class="s">route</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">service</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="n">serviceId</span> <span class="p">}</span> <span class="n">routeResponse</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">routeUrl</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">config</span><span class="p">[</span><span class="sh">"</span><span class="s">route</span><span class="sh">"</span><span class="p">])</span> <span class="n">routeId</span> <span class="o">=</span> <span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">routeResponse</span><span class="p">.</span><span class="n">content</span><span class="p">))[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># print route id because you'll need it to add a plugin later </span><span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">routeId</span><span class="sh">"</span><span class="p">,</span> <span class="n">routeId</span><span class="p">)</span> </code></pre> </div> <p><strong>And now - why do we use '192.168.1.98' and not localhost for our service.</strong></p> <p>I've been playing around, trying to proxy my local service with Kong running in a docker container. When I was calling my local API through Kong, it kept returning 502 error with a message <code>An invalid response was received from the upstream server</code>.</p> <p>The reason is because Kong was pointed to <code>localhost</code> of my docker container. Obviously that didn't work because my service wasn't hosted there.</p> <p><em>Of course, you don't need to care about it if you're using external API for testing.</em></p> <p>Easy solution here is to register your Kong service with your local host machine’s IP address (e.g. 192.168.1.98). Btw, it will be different for your machine. Probably you might want to check it. Run <code>/sbin/ifconfig</code> for mac or <code>ipconfig</code> for Windows machine.</p> <p>You should be able to see smth like that:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftplwsm2cysgs1koknjfy.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftplwsm2cysgs1koknjfy.png" alt="Screenshot 2020-11-05 at 15.51.44"></a></p> <p>Don't forget to update <code>host</code> in python config with your IP and keep in mind, that it should be different than the one Kong uses.</p> <p>Ok, and now you can try to run your script. If you don't see any errors in IDE output, then you can try to receive a list of services or routes (Just to make sure they're really created).</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F56uoqa9z43odfofhf4yf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F56uoqa9z43odfofhf4yf.png" alt="Screenshot 2020-11-05 at 00.41.52"></a> </p> <p><strong>Now, if you're lucky enough, you should be able to access your API directly or through the Kong.</strong><br> <em>Note: your API should be up and running.</em></p> <p>Direct request:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjl7ulwkwfzvdvnu5wx0u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjl7ulwkwfzvdvnu5wx0u.png" alt="Screenshot 2020-11-05 at 00.42.33"></a> </p> <p>Request through Kong:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F12ii2irqko4uk37a8fjc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F12ii2irqko4uk37a8fjc.png" alt="Screenshot 2020-11-05 at 23.18.59"></a> </p> <h2> Last step. Let's make it secure! </h2> <p>I already had a public key for my Auth0 account, but if you don't have it, then execute commands below and save a file with a public key in the same directory with your python script.</p> <p><em>Note: don't forget to replace those values <code>{COMPANYNAME}.{REGION-ID}</code></em></p> <p>You'll need to download your Auth0 account’s X509 Certificate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">o</span> <span class="p">{</span><span class="n">COMPANYNAME</span><span class="p">}.</span><span class="n">pem</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="p">{</span><span class="n">COMPANYNAME</span><span class="p">}.{</span><span class="n">REGION</span><span class="o">-</span><span class="n">ID</span><span class="p">}.</span><span class="n">auth0</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">pem</span> </code></pre> </div> <p>And extract the public key from the X509 Certificate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="err">$</span> <span class="n">openssl</span> <span class="n">x509</span> <span class="o">-</span><span class="n">pubkey</span> <span class="o">-</span><span class="n">noout</span> <span class="o">-</span><span class="ow">in</span> <span class="p">{</span><span class="n">COMPANYNAME</span><span class="p">}.</span><span class="n">pem</span> <span class="o">&gt;</span> <span class="n">pubkey</span><span class="p">.</span><span class="n">pem</span> </code></pre> </div> <p><strong>Great! Now we need to add JWT Plugin and consumer</strong></p> <p>If you forgot to save your routeId, then you can request it from <code>http://localhost:8001/routes</code> (find your route if you have more than one) and copy its id from the response.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># create a plugin for our route # here you'll need to insert your routeId </span><span class="n">pluginUrl</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://localhost:8001/routes/</span><span class="sh">"</span> <span class="o">+</span> <span class="p">{</span><span class="n">ROUTEID</span><span class="p">}</span> <span class="o">+</span> <span class="sh">"</span><span class="s">/plugins</span><span class="sh">"</span> <span class="n">pluginData</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">jwt</span><span class="sh">"</span> <span class="p">}</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">pluginUrl</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">pluginData</span><span class="p">)</span> </code></pre> </div> <p><em>Note: script won't work, if you forgot to put your public key in the same folder.</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># create a global consumer </span><span class="n">consumerUrl</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://localhost:8001/consumers</span><span class="sh">"</span> <span class="n">consumerData</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test-consumer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">custom_id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test-consumer-id</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="n">consumerResponse</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">consumerUrl</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">consumerData</span><span class="p">)</span> <span class="c1"># print consumer id to ensure that it was successfully created </span><span class="n">consumerId</span> <span class="o">=</span> <span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">consumerResponse</span><span class="p">.</span><span class="n">content</span><span class="p">))[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">consumerId </span><span class="sh">"</span><span class="p">,</span> <span class="n">consumerId</span><span class="p">)</span> <span class="c1"># Add JWT plugin with Auth0 public key </span><span class="n">basicUrl</span> <span class="o">=</span> <span class="n">consumerUrl</span> <span class="o">+</span> <span class="sh">"</span><span class="s">/</span><span class="sh">"</span> <span class="o">+</span> <span class="n">consumerId</span> <span class="o">+</span> <span class="sh">"</span><span class="s">/jwt</span><span class="sh">"</span> <span class="n">basicData</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">algorithm</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">RS256</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://{COMPANYNAME}.{REGION-ID}.auth0.com/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rsa_public_key</span><span class="sh">"</span><span class="p">:</span> <span class="nf">open</span><span class="p">(</span><span class="sh">'</span><span class="s">pubkey.pem</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">rb</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">basicUrl</span><span class="p">,</span> <span class="n">files</span><span class="o">=</span><span class="n">basicData</span><span class="p">)</span> </code></pre> </div> <h2> Vualá 🥳 </h2> <p>Now you won't be be able to call your API through Kong without bearer token. Also, only tokens signed by Auth0 will work.</p> <p>You can try to make the same call <code>localhost:8000/data</code> and, if you did everything right, you should receive <strong>401 Unauthorized</strong>.<br> Header <code>Host 192.168.1.98</code> should be attached to the request when you're calling Kong.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fntlx91tmlp87yk3i1lmo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fntlx91tmlp87yk3i1lmo.png" alt="Screenshot 2020-11-05 at 00.44.41"></a> </p> <p>When bearer token is attached, your request should be accepted: </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc0fepytff0wcw8i0cg5b.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc0fepytff0wcw8i0cg5b.png" alt="Screenshot 2020-11-05 at 00.45.21"></a></p> <h2> Few more things </h2> <ol> <li><p>If you need to verify scopes or claims in your token and you're using Kong Enterprise version, you might want to have a look at a JWT Signer Plugin. This plugin will verify and (re-)sign token for you.</p></li> <li><p>If you have, for example, SPA application which is supposed to access multiple APIs, you can check this topic from Auht0 documentation <a href="https://auth0.com/docs/authorization/represent-multiple-apis-using-a-single-logical-api" rel="noopener noreferrer">Represent Multiple APIs Using a Single Logical API</a>.</p></li> <li><p>If you have Kong and all your APIs are protected with it and trusted, you don't have to generate M2M tokens. Of course, if you need it or find it valuable, then sure, go for it. It's just something you should think about, will it really make your system more secure or it will just bring unnecessary expenses?</p></li> </ol> <h2> Thank you! </h2> <p>I hope this guide was helpful. Thank you for reading. Don't hesitate to contact me, ask questions or let me know if you found a mistake 🤗</p> auth0 docker python kong