In our second Kong and Okta tutorial, we'll go through the authorization code flow applied to user authentication processes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect (OIDC) plugin. Parts 1, 3 and 4 cover:
The Konnect control plane creates new APIs and policies and publishes them to the data plane running as a Docker container in an AWS EC2 instance.
The authorization code flow goes through the following steps:
In Konnect's ServiceHub, I have a service created already. Follow along in our Getting Started with Konnect tutorial to learn how to create a service and routes.
My service has two routes defined already. I used the first service in the previous Kong and Okta tutorial to show the client credentials flow. In this tutorial, I'll use the second service to apply the OIDC plugin utilizing the authorization code flow.
In Okta, I prepared an application to implement the authorization flow already. In the Kong authorization code application, we’re going to use the configured OIDC plugin in addition to the client ID and client secret.
The app has the authorization code option turned on and the signing redirect URI set with the route available in my data plane. That means the authorization code is accepted for this URI only.
Any user is free to consume the route right now since there's no policy to control it.
Just like we did for the client credentials flow tutorial, let’s go back to the Konnect control plane to apply the OIDC plugin and then implement the authorization code flow.
If we try to consume the route again, Kong redirects us to Okta’s user interface to present our credentials.
Once we have presented our correct credentials, Okta authenticates and redirects us back to the API gateway. At this time, we’ll consume the API because we got the identity token injected inside our request.
Then we go to jwt.io to check the token.
Start a free trial, or contact us if you have any questions as you're getting set up.
Once you've set up Konnect and Okta authorization code flow for user authentication, you may find these other tutorials helpful:
Meet Emily. She’s an API product manager at ACME, Inc., an ecommerce company that runs on dozens of APIs. One morning, her team lead asks a simple question: “Who’s our top API consumer, and which of your APIs are causing the most issues right now?”
Today, we’re announcing that Kong has acquired OpenMeter , the open source and SaaS leader for real-time usage metering and billing. OpenMeter’s capabilities will be integrated into Kong Konnect, enabling usage-based pricing, entitlements, and invo
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
In the last two parts of this series, we discussed How to Strengthen a ReAct AI Agent with Kong AI Gateway and How to Build a Single-LLM AI Agent with Kong AI Gateway and LangGraph . In this third and final part, we're going to evolve the AI Agen
In my previous post, we discussed how we can implement a basic AI Agent with Kong AI Gateway. In part two of this series, we're going to review LangGraph fundamentals, rewrite the AI Agent and explore how Kong AI Gateway can be used to protect an LLM
We're happy to announce the 3.5 release of Kong Ingress Controller (KIC). This release includes the graduation of combined services to General Availability, support for connection draining, as well as the start of deprecating support for some Ingre
This is part one of a series exploring how Kong AI Gateway can be used in an AI Agent development with LangGraph. The series comprises three parts: Basic ReAct AI Agent with Kong AI Gateway Single LLM ReAct AI Agent with Kong AI Gateway and LangGr