diff --git a/.changesets/fix_simon_jwt_metrics.md b/.changesets/fix_simon_jwt_metrics.md
new file mode 100644
index 0000000000..b4b6fb9c1a
--- /dev/null
+++ b/.changesets/fix_simon_jwt_metrics.md
@@ -0,0 +1,9 @@
+### Fix JWT metrics discrepancy ([PR #7258](https://github.com/apollographql/router/pull/7258))
+
+This fixes the `apollo.router.operations.authentication.jwt` counter metric to behave [as documented](https://www.apollographql.com/docs/graphos/routing/security/jwt#observability): emitted for every request that uses JWT, with the `authentication.jwt.failed` attribute set to true or false for failed or successful authentication.
+
+Previously, it was only used for failed authentication.
+
+The attribute-less and accidentally-differently-named `apollo.router.operations.jwt` counter was and is only emitted for successful authentication, but is deprecated now.
+
+By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/7258
\ No newline at end of file
diff --git a/apollo-router/src/plugins/authentication/mod.rs b/apollo-router/src/plugins/authentication/mod.rs
index e9e3794f79..7b10846378 100644
--- a/apollo-router/src/plugins/authentication/mod.rs
+++ b/apollo-router/src/plugins/authentication/mod.rs
@@ -449,12 +449,9 @@ fn authenticate(
         source: Option<&Source>,
     ) -> ControlFlow<router::Response, router::Request> {
         // This is a metric and will not appear in the logs
-        u64_counter!(
-            "apollo.router.operations.authentication.jwt",
-            "Number of requests with JWT authentication",
-            1,
-            authentication.jwt.failed = true
-        );
+        let failed = true;
+        increment_jwt_counter_metric(failed);
+
         tracing::error!(message = %error, "jwt authentication failure");
 
         let _ = request.context.insert_json_value(
@@ -481,6 +478,16 @@ fn authenticate(
         }
     }
 
+    /// This is the documented metric
+    fn increment_jwt_counter_metric(failed: bool) {
+        u64_counter!(
+            "apollo.router.operations.authentication.jwt",
+            "Number of requests with JWT authentication",
+            1,
+            authentication.jwt.failed = failed
+        );
+    }
+
     let mut jwt = None;
     let mut source_of_extracted_jwt = None;
     for source in &config.sources {
@@ -588,11 +595,19 @@ fn authenticate(
             );
         }
         // This is a metric and will not appear in the logs
+        //
+        // Apparently intended to be `apollo.router.operations.authentication.jwt` like above,
+        // but has existed for two years with a buggy name. Keep it for now.
         u64_counter!(
             "apollo.router.operations.jwt",
-            "Number of requests with JWT authentication",
+            "Number of requests with JWT successful authentication (deprecated, \
+                use `apollo.router.operations.authentication.jwt` \
+                with `authentication.jwt.failed = false` instead)",
             1
         );
+        // Use the fixed name too:
+        let failed = false;
+        increment_jwt_counter_metric(failed);
 
         let _ = request.context.insert_json_value(
             JWT_CONTEXT_KEY,