Answer the question
In order to leave comments, you need to log in
Should I use KONG or OAUTH2?
I'm looking at Kong not to bother, something of my own on django (using django-sso or django-ouath2, django-admin-permissions). I currently have a custom service that handles authentication (written in Django) by providing a login JWT, which the client then passes through a header, and is able to give away user permissions based on the user's role.
If I understand correctly, Kong can intercept any calls to manage access to a resource and mutate resources from services depending on permissions. I'm trying to understand how this should work. It is possible to replace most of the infrastructure by using Kong rather than django-admin to manage permissions and django-oauth2
So, in my opinion, what happens is the following:
A user registers on my site. I then create a new consumer with its username/id in Kong/
User logs in. And here it is not clear. Whether Kong can identify the user with the specified JWT. What if I would like to get more data in the JWT payload? What happens on the Kong side when the JWT expires?
When a user requests a service, Kong will extract the JWT from the headers, replacing it with X-Consumer-* - is that correct?
Please correct me if I am wrong or if there is a better way to achieve this. I am new to all things microservices.
Yes, it's worth saying:
- there will be just one client
- user information will be expanded
- several services with API (on django) and I wanted one service to manage the user
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question