Keycloak integration

Alejandro_Gomez_Cana · January 31, 2018, 2:33pm

Hi guys!
I have some questions about how integrate kong with keycloak scopes because i havent find any plugin to verify a scope inside jwt for an endpoint. There are any plugin for this even in enterprise version.

Thanks guys!!

bungle · February 1, 2018, 4:24pm

Yes, in enterprise version we do have a quite well featured plugin named OpenID Connect:
https://getkong.org/plugins/ee-openid-connect/

I personally have tested it with Keycloak, and I can confirm it works great!

Back to your question about scopes. Currently our plugin can check the audience (actually aud) claim and act upon that, but not yet the scopes. I recently got asked about the same, so we are adding that quite soon. It is not a big thing to do.

On community edition we have JWT Plugin:
https://getkong.org/plugins/jwt/

But that doesn’t support scopes verification and doesn’t support automation such as OpenID Connect discovery. You could quite easily add scopes verification to it, and send a PR (or make your own fork), there are the current rules:

github.com

Kong/kong/blob/master/kong/plugins/jwt/jwt_parser.lua#L238-L255


    if getmetatable(errors[k]) ~= err_list_mt then
      errors[k] = setmetatable({errors[k]}, err_list_mt)
    end

    insert(errors[k], v)
  else
    errors[k] = v
  end

  return errors
end


--[[

  JWT public interface

]]--

Topic		Replies	Views
Kong and Keycloak JWT	3	2470	November 20, 2018
Kong keycloak integration not working Installation/Setup	1	275	November 17, 2023
Using OpenID Connect plugin for authorization Questions	1	513	December 11, 2020
JWT verification via JWKS Installation/Setup	2	315	February 27, 2024
Nokia/kong-oidc plugin make a lot of unusual request against keycloak	3	536	December 13, 2019

Keycloak integration

Related Topics