Skip to content
/ kong-token-introspection Public

Simple kong plugin for using custom jwt access token introspection, as API auth

License

MIT license
9 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vmalyavin/kong-token-introspection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

src

src

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Kong access token introspection plugin

Simple kong plugin to use any custom jwt access token introspection, as API auth. Inspired by mogui/kong-external-oauth

How it works

Plugin is protecting Kong API service/route with introspection of Oauth2.0 JWT access-token, added to request header. Plugin does a pre-request to oauth introspection endpoint(RFC7662).

Configuration

Form Parameter default description
config.introspection_endpoint External introspection endpoint compatible with RFC7662
config.token_header Authorization Name of api-request header containing access token
config.token_cache_time 0 Cache TTL for every token introspection result(0 - no cache)
config.scope Scope that token need to get allowed to this method. For example 'manage-profile'. Allow any scope if empty

About

Simple kong plugin for using custom jwt access token introspection, as API auth

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

0 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages