You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to support client side (browser) AJAX calls to an API, wicked should support external authorization servers
The authorization server should be able to issue access tokens for use in pure client side apps (e.g. Angular, React type web apps)
To safely pass on the token to the app, the OAuth 2.0 Implicit Grant Flow should be used
This boils down to the following requirements:
A new auth type is added, oauth2-implicit
An application can be specified to support that type, in which case you can also add a redirect_uri, which is needed for the authorization server
Subscriptions of such apps to corresponding APIs will not trigger the creation of consumers in Kong, but will rely on the authorization server creating these/authorizing the users one by one as they login (using whatever means the authorization server requires)
The Kong Adapter supports a new call /oauth2/register which takes user data and returns an access token
Use Cases which can be implemented using this:
SAML federation (SSO federation)
Any other authentication federation
The authorization server can, in the SAML case, be registered as a SAML SP, and can federate the authentication to the APIs; this enables you to just register the API Portal once, and then use wicked to enable self service SSO to your SAML identity provider. This is very nifty.
The text was updated successfully, but these errors were encountered:
This is a requirement from Haufe:
This boils down to the following requirements:
auth
type is added,oauth2-implicit
redirect_uri
, which is needed for the authorization server/oauth2/register
which takes user data and returns an access tokenUse Cases which can be implemented using this:
The authorization server can, in the SAML case, be registered as a SAML SP, and can federate the authentication to the APIs; this enables you to just register the API Portal once, and then use wicked to enable self service SSO to your SAML identity provider. This is very nifty.
The text was updated successfully, but these errors were encountered: