Upstream OAuth2 - Authorization

Questions
1

Hi, I’m using the Upstream OAuth2 Plug-in after OpenId Connect but as a test by itself and Its not generating a Token for me and not passing any Authorization header to upstream API. I’m trying to generate a password resource token that works fine in our org, and Postman - I read somewhere that only grant supported it client/secret? I’m trying to use user, passwork.

See config
“client”: {
“auth_method”: “none”,
“client_secret_jwt_alg”: “HS256”,
“http_version”: 1.1,
“keep_alive”: true,
“ssl_verify”: false,
“timeout”: 10000
},
“oauth”: {
“audience”: [
“api://**"
],
“client_id”: "0oa150ea5h0Yp2D- ",
“grant_type”: “password”,
“password”: " ",
“scopes”: [
"openid, email, profile, "
],
“token_endpoint”: "https://.okta****.com/oauth2//v1/token”,
“token_headers”: {},
“token_post_args”: {},
“username”: "domain/**** "
}

2

hi @Marty , can you please confirm this is the plugin you are using?

3

Hi, Yes. Thanks. Is there a way to test it or turn on loging?

4

The plugin allows Kong to consume a 3rd party API that is protected by OAuth client credentials flow. You can turn debug on with the following
debug level, KONG_LOG_LEVEL=debug kong restart

5

Hey Marty,

Welcome to Kong Nation.

As Veena advised, in order to help you we need some more info:

  1. What’s your setup? Are you running in db-less? Can you share a minimal config with us?
  2. Are there any errors in the logs? For example, if the plugin fails to obtain a token from the IdP, there will be errors logged. To find those, you can grep the Kong log file (it’s in <kong_prefix>/logs/error.log) looking for the pattern [upstream-oauth]

Let’s try the above and circle back.

Cheers! :gorilla: