Skip to content

Simple kong plugin for using custom jwt access token introspection, as API auth

License

Notifications You must be signed in to change notification settings

vmalyavin/kong-token-introspection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 

Repository files navigation

Kong access token introspection plugin

Simple kong plugin to use any custom jwt access token introspection, as API auth. Inspired by mogui/kong-external-oauth

How it works

Plugin is protecting Kong API service/route with introspection of Oauth2.0 JWT access-token, added to request header. Plugin does a pre-request to oauth introspection endpoint(RFC7662).

Configuration

Form Parameter default description
config.introspection_endpoint External introspection endpoint compatible with RFC7662
config.token_header Authorization Name of api-request header containing access token
config.token_cache_time 0 Cache TTL for every token introspection result(0 - no cache)
config.scope Scope that token need to get allowed to this method. For example 'manage-profile'. Allow any scope if empty

About

Simple kong plugin for using custom jwt access token introspection, as API auth

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages