OAuth2 Introspection with Kong CE

Abhi_Desai · October 3, 2019, 1:06pm

I am using Kong Community Edition where I would like to implement OAuth2 introspection with few Routes. We have HashiCorp Vault as an Authentication server which will provide OAuth2 tokens.

I am aware of Kong ’ OAuth 2.0 Introspection’ plugin which provide this functionality however it is only supported with Kong Enterprise Edition.

I have found the article where it is possible to implement this at nginx level however this will apply the OAuth for everything:

Are there any alternative ways to implement this?

hbagdi · October 4, 2019, 5:57pm

You can use Kong’s PDK to develop a plugin to do the introspection yourself and then enable it for specific routes/services.

You can use some of the following plugins to learn from and build on top of those:

Abhi_Desai · October 7, 2019, 11:57am

Thanks for the response Harry.

Topic		Replies	Views
OAuth2 introspection of kong token Questions	4	1012	May 4, 2018
OAuth 2.0 Introspection Plugin Questions	0	562	November 28, 2017
Kong OAuth2 Introspection Plugin question	0	387	July 16, 2020
OAuth Introspection : Does the plugin ask validation every time? Questions	0	280	January 14, 2019
Using the oauth2 plugin with DB-less mode Questions	1	824	July 29, 2019

OAuth2 Introspection with Kong CE

Related Topics