fix(jwt): state what happens with many JWTs

Kong rejects request when multiple JWTs were provided that differ from each other. Fix: #11796
Kong · Oct 23, 2023 · b842c85 · b842c85
1 parent e0568f0
commit b842c85
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/app/_hub/kong-inc/jwt/overview/_index.md b/app/_hub/kong-inc/jwt/overview/_index.md
@@ -16,6 +16,8 @@ You can then pass a token through any of the following:
 Kong will either proxy the request to your upstream services if the token's
 signature is verified, or discard the request if not. Kong can also perform
 verifications on some of the registered claims of RFC 7519 (`exp` and `nbf`).
+If Kong finds multiple tokens that differ - even if they are valid - the request
+will be rejected to prevent JWT smuggling.
 
 ## Using the plugin