Kong + Keycloak + OAuth: jwt-keycloak or oauth2 plugin?

Question

I use Kong as API Gateway for my services which should be OAuth-protected using the Client Credentials flow. Right now, I implemented this using the jwt-keycloak plugin. Everything's fine, I request an auth-token from Keycloak and pass it on with my request towards Kong. Works great.

But there is also the official OAuth2 plugin, and I try to find out what that OAuth2 plugin would to better for me in contrast to the jwt-keycloak plugin? What are the differences, or when to use which of these?

score 2 · Accepted Answer · answered Oct 24 '20 at 19:10

OAuth 2.0 Authentication Plugin is the equivalent of a Keycloak. Kong doubles up as an authorization server if you add the above plugin.

The plugin you are using - jwt-keycloak is more like a validator, that checks for the validity of the tokens issued by Keycloak before passing the request to the backends you host on Kong.

Kong + Keycloak + OAuth: jwt-keycloak or oauth2 plugin?

1 Answers1