Is there an existing issue for this?
Kong version ($ kong version)
3.11.0.3 and 3.13.0.0
Current Behavior
When we send an invalid JWT in the authorization header, we get the following error along with an HTTP 500.
{
"message":"An unexpected error occurred",
"request_id":"asdfasdfasdf"
}
Expected Behavior
We should instead receive an HTTP 401.
Steps To Reproduce
Send an HTTP get request with an invalid JWT in the authorization header.
Anything else?
I see this previous issue but it doesn't seem to be resolved.
#1329
Example error log:
2026/02/04 20:47:01 [error] 2671#0: *9018354 [kong] init.lua:443 [jwt] ./jwt/handler.lua:353: attempt to index local 'hdr' (a nil value), client: x.x.x.x, server: kong, request: "GET /api/v1/omg HTTP/1.1", host: "blah.cool.io", request_id: "asdfadsfdsf"
JWT plugin configuration:
enabled: true
tags:
- super-cool
protocols:
- grpc
- grpcs
- http
- https
name: jwt
service:
id: -asdfasdfadsf
config:
uri_param_names:
- jwt
maximum_expiration: 0
claims_to_verify:
- exp
anonymous: null
secret_is_base64: false
realm: null
key_claim_name: sub
header_names:
- authorization
run_on_preflight: true
cookie_names: []
Is there an existing issue for this?
Kong version (
$ kong version)3.11.0.3 and 3.13.0.0
Current Behavior
When we send an invalid JWT in the authorization header, we get the following error along with an HTTP 500.
Expected Behavior
We should instead receive an HTTP 401.
Steps To Reproduce
Send an HTTP get request with an invalid JWT in the authorization header.
Anything else?
I see this previous issue but it doesn't seem to be resolved.
#1329
Example error log:
JWT plugin configuration: