we would like to use an external OAuth 2.0 Identity Provider (IDP) for federated authentication - in principle, a similar feature to this one of WSO2 IS:
- Outbound Authentication Plugin for Facebook (allows WSO2 API application users login via Facebook): https://github.com/wso2-extensions/identity-outbound-auth-facebook
- How to build custom outbound authenticator in WSO2: https://docs.wso2.com/display/IS541/Writing+a+Custom+Federated+Authenticator, or
Basically, we would like Kong to be responsible for issuing the actual end-application OAuth 2.0 access token (and doing all associated API management stuff), and only use the external IDP for handling the actual user authentication. The external IDP has own OAuth 2.0 Authorization service (and can issue “internal access token”, not used by end-application, but only internally between Kong and IDP) and provides one secured resource for obtaining more user information (so that Kong knows to which user to issue an actual access token).
Does anyone have some experience with this setup?
With kind regards,