A company has a microservices application deployed on Kubernetes. There are three services: frontend, backend, and database. The frontend is exposed via an Ingress. The API gateway is used for authentication. Recently, after updating the backend service, users are experiencing 401 Unauthorized errors when accessing endpoints that previously worked. The authentication mechanism uses JWT tokens issued by an external identity provider. The JWT tokens are validated by the API gateway. The backend service itself does not validate tokens; it relies on the gateway to forward user identity via headers. The development team checked the logs and found that the backend is receiving requests with the correct JWT from the gateway but still returning 401. What is the most likely cause?
Trap 1: The Ingress controller is stripping the Authorization header before…
Logs show backend receives the correct JWT, so header is present.
Trap 2: The API gateway's JWT signing key has changed and the backend is…
If the key changed, the gateway would fail to validate tokens, not the backend.
Trap 3: The new backend version uses a different HTTP method for the…
Method mismatch would cause 405 or similar, not 401.
- A
The Ingress controller is stripping the Authorization header before forwarding to the backend.
Why wrong: Logs show backend receives the correct JWT, so header is present.
- B
The API gateway's JWT signing key has changed and the backend is using the old key.
Why wrong: If the key changed, the gateway would fail to validate tokens, not the backend.
- C
The new backend version uses a different HTTP method for the affected endpoints.
Why wrong: Method mismatch would cause 405 or similar, not 401.
- D
The backend service code now attempts to validate the JWT itself and fails.
Likely the update added token validation code that is not properly configured.