Hey @alesanchez, welcome to Kong Nation!
Authentication plugins cannot be applied on consumers - note they have a
From what I understood about the use case, the following will accomplish it - applying the auth plugin on the route or the service (given you want all consumers without a credential to be blocked):
curl localhost:8001/services --data name=s1 --data url=https://httpbin.org
curl localhost:8001/routes --data name=r1 --data service.id=95f9114f-e957-470f-96e3-2fde45a04941 --data paths=/
- Enable the basic-auth plugin on the route (or the service, if you want the plugin to be applied to all requests targeting that service):
curl localhost:8001/routes/r1/plugins --data name=basic-auth
curl localhost:8001/consumers --data username=c1
- Create a basic-auth credential for that consumer:
curl localhost:8001/consumers/c1/basic-auth --data username=u1 --data password=pass
Having done this, all requests without the credential will be blocked:
$ curl -I localhost:8000/status/200
HTTP/1.1 401 Unauthorized
Date: Tue, 09 Jun 2020 19:37:47 GMT
Content-Type: application/json; charset=utf-8
WWW-Authenticate: Basic realm="kong"
Now, if you add the
Authorization header, as expected, the request will be authorized:
$ curl -I localhost:8000/status/200 -H "Authorization: Basic dTE6cGFzcw=="
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 09 Jun 2020 19:39:19 GMT
Let me know if that helps!