I don’t have much experience with api gateways. I’ve looked into (and setup) Kong with some auth mechanisms. For all of these the user details are added to Kong through their admin API.

How do I setup a complex authentication flow with Kong. i.e: A user registers, some custom business code is run to validate the user then an email is sent to them for confirmation.

The only way I see is having a microservice which talks to the admin api. The UI would then simply talk to this microservice (which would in turn add users to the admin api), am I on the right path? or is there a better way

Hi,

Is it the stack that you are looking for?
Firebase authentication <-> Kong API-Gateway (is to verify firebase token) <-> micro service (without auth).

I used to use Firebase auth to manage all users via email, phone, …
Then Firebase gives me the JWT authentication mechanism to work with API gateway, the purpose is to protect all resources from the backend.

I wrote kong-plugin-jwt-firebase to support this case.
Ref to: https://github.com/hpsony94/kong-plugin-jwt-firebase