Kong-ingress-controller and oauth

How to use OAuth2.0 authentication in Kong-ingress-controller? and I did not find the relevant documents in the official documents. I hope it can be solved as soon as possible

It looks like the documentation site example generation code disables KongPlugin examples on plugins that aren’t available in DB-less mode, hence why OAuth 2.0 Authentication plugin | Kong doesn’t have one. It shouldn’t actually do that, as the controller supports both DB-backed and DB-less instances.

To use the oauth2 plugin with the controller, you’ll create a KongPlugin with plugin: oauth2 and a config section that sets the oauth2 config parameters.

You’ll then add KongConsumers and credential secrets, with kongCredType=oauth2 and the OAuth application credential fields.

Thank you for your reply. I’m done

When I test the use of oauth2.0 authentication grpc service, I report the following error: Error invoking method “hello.HelloService.SayHello”: rpc error: code = Unauthenticated desc = failed to query for service descriptor “hello.HelloService”: Unauthorized: HTTP status code 401; transport: missing content-type field

$ grpcurl  -v -H "Authorization: pAsEAKjmXptx9RE6glcXGtK6gZqG5ej2" -d '{"greeting": "Kong Hello world!"}' -insecure 20.16.107.188:443 hello.HelloService.SayHello
Error invoking method "hello.HelloService.SayHello": rpc error: code = Unauthenticated desc = failed to query for service descriptor "hello.HelloService": Unauthorized: HTTP status code 401; transport: missing content-type field

After removing OAuth plugins, the access is normal

$ grpcurl  -v  -d '{"greeting": "Kong Hello world!"}' -insecure 20.16.107.188:443 
hello.HelloService.SayHelloResolved method descriptor:
   Resolved method descriptor:  rpc SayHello ( .hello.HelloRequest ) returns ( .hello.HelloResponse );

I believe you just need to indicate the auth type (bearer for oauth2 tokens), e.g. -H "Authorization: bearer pAsEAKjmXptx9RE6glcXGtK6gZqG5ej2"

Thank you for your reply. I have another grpc question, Kong_ CLIENT_ BODY_ BUFFER_ SiZE, this configuration is injected into Kong-ingress. Does it not support grpc protocol? It seems that my test only works for HTTP protocol,or my configuration is wrong?i am using kong-ce2.2 this is my configuration

- name: KONG_CLIENT_MAX_BODY_SIZE
  value: 20m
- name: KONG_CLIENT_BODY_BUFFER_SIZE
  value: 20m

It looks like you’re using the wrong setting name. Those are handled via a default set of injected NGINX directives: kong/kong.conf.default at 2.2.2 · Kong/kong · GitHub

So the environment variables would be KONG_NGINX_HTTP_CLIENT_MAX_BODY_SIZE and KONG_NGINX_HTTP_CLIENT_BODY_BUFFER_SIZE instead.

#1642 (HTTP2 proxy limits client body size even for streaming proxied protocols) – nginx indicates that those definitely should apply to gRPC, which makes sense, as it’s ultimately still an HTTP/2 request.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ