We have set up KONG, and are in a machine to machine scenario. One machine provides a Client ID and Secret Key, we need KONG to provide a token that will last for example: 3600 secs, then expire. The machine will use this token in subsequent API Calls until it expires.
How do I get KONG to supply the token and make sure that the token is still valid in subsequent API Calls?
Use case 1 (with oauth2 plugin)
Client A -client_id+client_secret> Kong at /test/auth2/token -access_token → Client A
Client A -access_token → Kong at /test/ -access_token> Client B
In this use case, no third party idp is needed and Client A needs to make two calls.
Use case 2 (with OIDC plugin)
Client A -client_id+client_secret> Kong at /test
Kong <access_token- from IDP
Kong -access_token> to client B
You need external IDP (keycloak for example) for this use case. Client A only needs to make 1 call, kong will get the access token from IDP and send it to Client B