How can a web page call API protected by kong-oidc?

nokia / kong-oidc

OIDC plugin for Kong

Apache License 2.0

455 stars 320 forks source link

How can a web page call API protected by kong-oidc? #192

Open devgodman opened 3 years ago

devgodman commented 3 years ago

Is it feasible to allow web app invoking API protected by kong-oidc to login from IdP and get resources provided by backend?

Butterneck commented 3 years ago

Hi, did you manage to solve? I have the same problem

Darguelles commented 3 years ago

Hey, sure you can. The client need to store the session cookie returned by Kong and send it on each request. Then, depending on your session storage the plugin will get the JWT and attach it into the authorization header for the backend service.

You have a functional example using Kong + OpenID + Keycloak here.