cristichiru
commented
4 years ago - One of the biggest advantages IMO is that your protected app does not have to know anything about OIDC/OAUTH, you may not need to configure anything or write any code for it. Just put a reverse proxy on top, enhanced with a filter plugin like kong-oidc for kong - or openidc-lua-resty for nginx - or mod_auth_openidc for Apache HTTPD - and you will have instant AuthZ.
- Another one is that this plugin - and actually the great library lua-resty-openidc that powers it - acts as an opaque middleman, so no tokens are exposed to the user-agent, increasing security.
Hi all,
I built an authentication infra with kong + kong-oidc + keycloak, this is working fine, but I have seen that keycloak provides some adapters (see keycloak-client-adapters). What are pros and cons about using kong-oidc rather than some keycloak-client-adapters.