End-user JWT authentication bypassing authentication

Setting up end-user authentication following the document is not taking any effect and service is accessible without passing the auth header.

kind: Policy
apiVersion: authentication.istio.io/v1alpha1
  name: "auth-policy"
    - name: coreservice
    - jwt:
        issuer: $ISSUER_ACCOUNT
        jwksUri: $JWKSURI
  principalBinding: USE_ORIGIN

this always returns 200 OK

Kubenetes version: v1.15.0
Istio version: 1.2.2

Istio gateway and virtual service are setup and service is externally accessed using NodePort.

Solved this - changing the target from app name to service name fixed the issue and enabled authentication.