Konnect Dev Portal Enterprise Identity

Hi,

I am working on customizing the dev portal for our own internal stats on top of the provide Kong values and am having some difficulty understanding the role of Konnect Dev Portal Identity.

After reviewing our self hosted dev portal, I found that the KongAuthApi seems to be handing the auth portion on our behalf and furnishes a cookie by the name of “konnect_portal_session”. With this, I cannot seem to find any trace of our own auth provider and a means to reach it within our current configuration. Note, we are also using key-auth.

If you review the stats calls used to furnish things like 4xx and the like, there is a portal access token that is a JWT issued by global.api.konghq for the audience of kauth.konghq.com. Has anyone used this for validation given an outside service?

Another high level question: when using konnect with a self hosted dev portal and independent auth, how does the auth flow work? Is it managed by kong and kong then furnishes their token to the portal?

A bunch of questions there so thanks in advance for any direction!

Hey Jared, thanks for your patience.

The Konnect Portal uses it’s own identify service for authorization. Your own auth provider is used for authentication, which is then exchanged for a JWT that is sent to Konnect’s APIs to fetch data for the portal.

Konnect does not understand your custom auth method other than for initial authentication flow. You may be able to identify a user using the claims in the JWT, but your own application would need updating to support JWT auth.