From 3ff67a4d9bb4365be2600dc550203760278babd2 Mon Sep 17 00:00:00 2001 From: kovan Date: Fri, 13 Mar 2026 00:45:04 +0100 Subject: [PATCH] docs: add jwt_authn filter statistics section The jwt_authn filter defines 7 counter metrics (allowed, denied, cors_preflight_bypassed, jwks_fetch_success, jwks_fetch_failed, jwt_cache_hit, jwt_cache_miss) but these are not documented. Add a Statistics section following the same format used by other filter docs (RBAC, local rate limit, ext_authz). Fixes #28051 Signed-off-by: kovan --- .../http/http_filters/jwt_authn_filter.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/root/configuration/http/http_filters/jwt_authn_filter.rst b/docs/root/configuration/http/http_filters/jwt_authn_filter.rst index 288656168628f..6d896e1c50151 100644 --- a/docs/root/configuration/http/http_filters/jwt_authn_filter.rst +++ b/docs/root/configuration/http/http_filters/jwt_authn_filter.rst @@ -216,3 +216,22 @@ In this example the `tenants` claim is an object, therefore the JWT claim ("sub" x-jwt-claim-sub: x-jwt-claim-nested-key: x-jwt-tenants: + +Statistics +---------- + +The JWT authentication filter outputs statistics in the ``http..jwt_authn.`` namespace. +The :ref:`stat prefix ` +comes from the owning HTTP connection manager. + +.. csv-table:: + :header: Name, Type, Description + :widths: 1, 1, 2 + + allowed, Counter, Total requests that passed JWT authentication + denied, Counter, Total requests that failed JWT authentication + cors_preflight_bypassed, Counter, Total CORS preflight requests that bypassed JWT authentication + jwks_fetch_success, Counter, Total successful JWKS (JSON Web Key Set) remote fetches + jwks_fetch_failed, Counter, Total failed JWKS remote fetch attempts + jwt_cache_hit, Counter, Total JWT cache hits where a previously validated token was reused + jwt_cache_miss, Counter, Total JWT cache misses requiring full token validation