Blog series Kong - The Gateway Without Limitations 8 Blogposts

Kong - The Gateway without Limitations

Part 6: Token Validation

This time we discuss token validation in the context of the Kong Gateway, covering topics such as OpenID Connect, OAuth 2.0, and Zero-Trust Architecture. The article explains the different types of tokens, the benefits of offline validation, and the various Kong plugins that support token validation. The article notes that architectural trade-offs may be required regarding revocation and fine-grained authorization validation, and concludes that Kong Gateway offers ample options for token validation, including the ability to write custom plugins.

06.06.2024

Alexander Suchier

Kong - The Gateway without Limitations

Part 7: Token Cloning

Building on the previous post, we discuss an architectural pattern for token handling called ’therapeutic token cloning’, which is particularly effective in environments that use multiple identity and access management products. The pattern involves duplicating, correcting, and then re-signing access tokens to make them functional and more secure. This article details the steps involved in the token cloning process, as well as the pros and cons of this approach.

03.07.2024

Alexander Suchier

Kong - The Gateway without Limitations

Part 8: Plugin Cloning

This time we explore how plugin cloning of the Access Control List (ACL) Plugin enhances API security within a zero-trust architecture. We address the challenge of executing the ACL plugin twice, first for a consumer authenticated via an mTLS client certificate and then for a consumer authenticated via an OAuth2 token in the same processing pipeline, as the Kong’s architecture prevents the same plugin from running multiple times in a single request-response cycle. To meet this challenge, we introduce the Kong supported Priority-Updater tool, which enables cloning and priority configuration of existing plugins. This blog provides a comprehensive guide to implementing multi-layer authentication by plugin cloning.

24.02.2025

Alexander Suchier

 previous posts     

Other Topics