Kong ingress controller and oauth2 setup

Hi I can’t figure out how to setup kong ingress controller with oauth2.
If you have docs to point at please share but I did not manage to find much on the web.

These are the steps I tried with no success:

I have installed kong ingress controller using:
kubectl apply -f https://bit.ly/kong-ingress-dbless

as stated int the docs. I’m using my minikube (minikube version: v1.0.1)

I have created a sample deployment:

kubectl apply -f https://bit.ly/echo-service
service/echo created
deployment.apps/echo created 

I create the plugin like this:

	echo "
	apiVersion: configuration.konghq.com/v1
	    - read 
	    - write
	  auth_header_name: authorization 
	  enable_authorization_code: true 
	  enable_client_credentials: true
	  enable_implicit_grant: false
	  mandatory_scope: false
	  enable_password_grant: true
	  accept_http_if_already_terminated: true
	  global_credentials: true
	  provision_key: yIRtnYivtx95rvDtPbJanIm022EUwUCL
	kind: KongPlugin
	  name: oauth2
	  namespace: default
	plugin: oauth2
	" | kubectl apply -f -

I add the

plugins.konghq.com: oauth2

to the echo service.

Now a

curl -I -H 'apikey: my-sooper-secret-key' $PROXY_IP/foo/status/200

correctly responds with a 401.

I then create a consumer and a KongCredential (ingress controller complaints about that but I found any clues on how to use secrets with oauth2):

	echo "apiVersion: configuration.konghq.com/v1
	kind: KongConsumer
	  name: test-oauth
	username: test-oauth
	custom_id: client_id_1" | kubectl apply -f -

	echo "apiVersion: configuration.konghq.com/v1
	kind: KongCredential
	  name: test-oauth-credential
	consumerRef: test-oauth
	type: oauth2
	  name: test-oauth-credential
	  client_id: client_id_1
	  client_secret: alessio
	  - http://test" | kubectl apply -f -

I switch to https in order to generate the token, then I make this call:

curl -k --header "Content-Type: application/json" --request POST --data '{"client_id":"client_id_1","client_secret":"alessio","grant_type":"password","provision_key":"yIRtnYivtx95rvDtPbJanIm022EUwUCL","scope":"read","authenticated_userid":"test-oauth"}' $PROXY_IP/foo/oauth2/token

but the response is

{"message":"An unexpected error occurred"}

No clues in the logs.

Any help appreciated.

oauth2 plugin will not run in DB-less mode.

Please use Kong backed by a database.

1 Like