I am about to use the Kong OAuth2 Introspection plugin in order to check validity of a token issued by Apigee. I am encountering a 500 server error when Kong invokes the APigee Introspection endpoint.
I would like to see the exact request Kong is sending when invoking the Introspection Endpoint.
Does anybody know how I could activate the logging in the Kong Proxy, so that I could see what parameters Kong is sending to the Introspection Endpoint?
I believe you are looking for the logging settings here: https://docs.konghq.com/2.0.x/logging/
Modify the logging level in your kong.conf, or via environmental variables and you should be good. The default level is pretty non-verbose
Probably not any easy way to do this, since the request in question isn’t proxied, it’s issued from within the plugin, and doesn’t pass through proxy logging configuration as such. tcpdump on the Kong node works as a blunt instrument to collect that request, but it’s presumably encrypted using Apigee’s certificate, and you wouldn’t be able to decrypt it as such (as you don’t have access to their certificates).
The easiest option here will probably be to obtain error logs from Apigee indicating why they returned a 500–I don’t know if that’s something you’d have direct access to or if it’s something you’d need to obtain from Apigee’s support team.
There are other means to retrieve the request/response from within the plugin code (essentially modify it to log the request and response headers+bodies), but as it’s an Enterprise plugin I can’t provide full details on that here–if you’re unable to determine the cause of the issue from Apigee’s logs, I recommend filing a ticket via https://support.konghq.com/support/s/ requesting assistance; our Enterprise support team can provide more detailed debugging information related to that Enterprise plugin code.
Thanks Travis for your answer.