Closed Forest1602 closed 8 years ago
@Forest1602 this is currently not possible. Either you use OAuth 2.0 fully on Kong (and migrate your existing users/applicationstokens to Kong as well), or you just don't add any authentication on Kong, and let your system block the unauthorized requests (but in this scenario Kong will never know who the consumer is).
+1 on feature request for this (ability to delegate OAuth2 token storage to an external data store). Would massively help integrate Kong with existing systems.
@dag24 may I ask why migrating the exiting users/application/tokens to Kong using Kong's API is not an option? Is it just the extra work, or there are other specific reasons?
I am in a situation where I am integrating Kong in a large existing codebase, in a company with several hundred engineers. Our existing OAuth2 store has thousands of user credentials, which could technically be imported into Kong, but three issues come to mind. One, the mere practicality of gaining access to the authentication store to extract secret tokens (not always trivial in enterprise scenarios; my team does not own this store). Two, syncing Kong and the existing "master" data store: perhaps a cron job could overcome this. Third, legalities: our existing setup has been given the seal of approval by our legal and security teams, and I am concerned about data protection issues (British, EU law) with regards to making copies of what could be regarded as personally identifying information of users. For these reasons, the ability to tell Kong "go here for your OAuth2 negotiation" sounds useful to me.
On 26 Mar 2016, at 02:33, Marco Palladino notifications@github.com wrote:
@dag24 may I ask why migrating the exiting users/application/tokens to Kong using Kong's API is not an option? Is it just the extra work, or there are other specific reasons?
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub
This could be done on postgresql as an FDW.
Considering this question answered so far.
related with: https://github.com/Mashape/kong/issues/1441
I have external Authorization Server which register clients and generate tokens. How to merge Authorization Server with kong? Bcoz I need to save client and generate tokens on external Authorization Server but manage access to my APIs at Kong.
Common use case is where I have an existing OAuth system in place, and I would like to use the tokens generated by that system with Kong. Something like this