Guidance on Kong plugin development - extension of oauth2 plugin (FAPI support)

tvleminckx · May 8, 2018, 2:58pm

We are looking into implementing an extension to the oauth2 plugin, supporting (partly) the oidc FAPI spec (see http://openid.net/specs/openid-financial-api-part-2.html). It is a key requirement for the various API banking initiatives in Europe (see UK open banking & PSD2).

F.e. we want support to add a signed JWT id_token on the /auth & /token endpoints, containing s_hash and/or rt_hash and/or at_hash claims. Other changes would be in the way the code and tokens are generated.

Would you advise modify the existing oauth2 plugin (and count on an accepted PR); or is there a way to extend the existing oauth2 plugin? Would you be interested in a contribution to the oauth2 plugin?

rucciva · December 11, 2020, 10:06am

Hi, i’ve made custom plugin that lets you authenticate kong consumer with external oauth2 / openid connect provider.

If you think extending oauth2 plugin will take too much effort, might go with deploying dedicated openid connect provider (that will likely have higher maturity level) and use my custom plugin with it.

Topic		Replies	Views
Using OpenID Connect plugin for authorization Questions	1	516	December 11, 2020
[Community Plugins] Optum Public Kong Plugins Announcements	12	2001	September 9, 2020
oAuth2 token validation at the gateway level, Possible?	2	650	March 12, 2019
How to use Oauth2 plugin with JWT tokens? Questions	1	440	December 11, 2020
Client_Credentials for all API´s Questions	4	407	February 4, 2019

Guidance on Kong plugin development - extension of oauth2 plugin (FAPI support)

Related Topics