Can KONG supply a token then verify it?

Hi Team,

First time poster, new user.

We have set up KONG, and are in a machine to machine scenario. One machine provides a Client ID and Secret Key, we need KONG to provide a token that will last for example: 3600 secs, then expire. The machine will use this token in subsequent API Calls until it expires.

How do I get KONG to supply the token and make sure that the token is still valid in subsequent API Calls?



Do you use oidc2? (e. g. With keycloak)

I am not sure, but will check with the team.

I have not heard of keycloak, I will research that. Do you use it?



depending on how you want the flow goes.

Use case 1 (with oauth2 plugin)
Client A -client_id+client_secret> Kong at /test/auth2/token -access_token → Client A
Client A -access_token → Kong at /test/ -access_token> Client B

In this use case, no third party idp is needed and Client A needs to make two calls.

Use case 2 (with OIDC plugin)
Client A -client_id+client_secret> Kong at /test
Kong <access_token- from IDP
Kong -access_token> to client B

You need external IDP (keycloak for example) for this use case. Client A only needs to make 1 call, kong will get the access token from IDP and send it to Client B