Hi guys!
I have some questions about how integrate kong with keycloak scopes because i havent find any plugin to verify a scope inside jwt for an endpoint. There are any plugin for this even in enterprise version.
Thanks guys!!
Hi guys!
I have some questions about how integrate kong with keycloak scopes because i havent find any plugin to verify a scope inside jwt for an endpoint. There are any plugin for this even in enterprise version.
Thanks guys!!
Yes, in enterprise version we do have a quite well featured plugin named OpenID Connect:
https://getkong.org/plugins/ee-openid-connect/
I personally have tested it with Keycloak, and I can confirm it works great!
Back to your question about scopes. Currently our plugin can check the audience
(actually aud
) claim and act upon that, but not yet the scopes
. I recently got asked about the same, so we are adding that quite soon. It is not a big thing to do.
On community edition we have JWT Plugin:
https://getkong.org/plugins/jwt/
But that doesn’t support scopes verification and doesn’t support automation such as OpenID Connect discovery. You could quite easily add scopes
verification to it, and send a PR (or make your own fork), there are the current rules: