You have an existing upstream API (3rd party) that is secured by an existing OAuth2.0 server (also 3rd party?). You want to have a Kong Gateway setup to accept incoming API requests (without any auth?) and proxy them to the upstream API (which requires the gateway to have a token locally?).
the background here is that I have a server to server connection i. e. my backend app to 3rd party communicating via REST. the external API is behind their own OAuth protocol and I have to manage short lived access tokens myself meaning invoking refresh token flow whenever the access token TTL expires.
so this isn’t a traditional OAuth flow involving authorisation of the end client and the whole case would have been avoided if I could use a long lived token with the 3rd party, i. e. an API key.
while exploring Kong, it crossed my mind to proxy the API calls through an API gateway and use it to manage tokens within the OAuth flow on top of other use cases in my app and APIs. though I appreciate this might not be exactly what Kong / Konnect is for(?).
Hi, just wanted to know if the OAuth2.0 plugin can be enabled in konnect for a usecase without a 3rd party authorization server. Last I checked, it is not available in konnect (OAuth 2.0 Authentication plugin | Kong Docs). Is it planned to get added to konnect as well?