Support for the OAuth 2.0 Implicit Grant Flow

[DonMartin76]

This is a requirement from Haufe:

• In order to support client side (browser) AJAX calls to an API, wicked should support external authorization servers
• The authorization server should be able to issue access tokens for use in pure client side apps (e.g. Angular, React type web apps)
• To safely pass on the token to the app, the OAuth 2.0 Implicit Grant Flow should be used

This boils down to the following requirements:

• A new auth type is added, oauth2-implicit
• An application can be specified to support that type, in which case you can also add a redirect_uri, which is needed for the authorization server
• Subscriptions of such apps to corresponding APIs will not trigger the creation of consumers in Kong, but will rely on the authorization server creating these/authorizing the users one by one as they login (using whatever means the authorization server requires)
• The Kong Adapter supports a new call /oauth2/register which takes user data and returns an access token

Use Cases which can be implemented using this:

• SAML federation (SSO federation)
• Any other authentication federation

The authorization server can, in the SAML case, be registered as a SAML SP, and can federate the authentication to the APIs; this enables you to just register the API Portal once, and then use wicked to enable self service SSO to your SAML identity provider. This is very nifty.

[DonMartin76]

This will most probably land in 0.10.0 already. Progressing fine.

[DonMartin76]

Done.