Hi I can’t figure out how to setup kong ingress controller with oauth2.
If you have docs to point at please share but I did not manage to find much on the web.
These are the steps I tried with no success:
I have installed kong ingress controller using:
kubectl apply -f https://bit.ly/kong-ingress-dbless
as stated int the docs. I’m using my minikube (minikube version: v1.0.1)
I have created a sample deployment:
kubectl apply -f https://bit.ly/echo-service
service/echo created
deployment.apps/echo created
I create the plugin like this:
echo "
apiVersion: configuration.konghq.com/v1
config:
scopes:
- read
- write
auth_header_name: authorization
enable_authorization_code: true
enable_client_credentials: true
enable_implicit_grant: false
mandatory_scope: false
enable_password_grant: true
accept_http_if_already_terminated: true
global_credentials: true
provision_key: yIRtnYivtx95rvDtPbJanIm022EUwUCL
kind: KongPlugin
metadata:
name: oauth2
namespace: default
plugin: oauth2
" | kubectl apply -f -
I add the
plugins.konghq.com: oauth2
to the echo service.
Now a
curl -I -H 'apikey: my-sooper-secret-key' $PROXY_IP/foo/status/200
correctly responds with a 401.
I then create a consumer and a KongCredential (ingress controller complaints about that but I found any clues on how to use secrets with oauth2):
echo "apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: test-oauth
username: test-oauth
custom_id: client_id_1" | kubectl apply -f -
echo "apiVersion: configuration.konghq.com/v1
kind: KongCredential
metadata:
name: test-oauth-credential
consumerRef: test-oauth
type: oauth2
config:
name: test-oauth-credential
client_id: client_id_1
client_secret: alessio
redirect_uris:
- http://test" | kubectl apply -f -
I switch to https in order to generate the token, then I make this call:
curl -k --header "Content-Type: application/json" --request POST --data '{"client_id":"client_id_1","client_secret":"alessio","grant_type":"password","provision_key":"yIRtnYivtx95rvDtPbJanIm022EUwUCL","scope":"read","authenticated_userid":"test-oauth"}' $PROXY_IP/foo/oauth2/token
but the response is
{"message":"An unexpected error occurred"}
No clues in the logs.
Any help appreciated.