OAuth2 Introspection with Kong CE

I am using Kong Community Edition where I would like to implement OAuth2 introspection with few Routes. We have HashiCorp Vault as an Authentication server which will provide OAuth2 tokens.

I am aware of Kong ’ OAuth 2.0 Introspection’ plugin which provide this functionality however it is only supported with Kong Enterprise Edition.

I have found the article where it is possible to implement this at nginx level however this will apply the OAuth for everything:

Are there any alternative ways to implement this?

You can use Kong’s PDK to develop a plugin to do the introspection yourself and then enable it for specific routes/services.

You can use some of the following plugins to learn from and build on top of those:


1 Like

Thanks for the response Harry.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ