I was reading up about API Gateways (Kong) and I wanted to integrate it into my application. Every tutorial I've seen creates consumers for the services using Kong API or through a dashboard like Konga. I already have a user registration/auth service. How can the API Gateway replace that ? How should the user registration be changed so that Kong knows about it ? And how would login work because In all the examples I've seen the ApiKeys or JWT secrets are created in Kong ? Can any body shed some light on how this works in practice ?
How does User Registration work while using an API Gateway
385 Views Asked by Rahul R At
1
There are 1 best solutions below
Related Questions in MICROSERVICES
- How can microservices be truly independent when using an ESB (i.e. MassTransit)?
- Microservices and cloud resource limitations
- What's the correct way to embed a remote AngularJS application into a webpage?
- Dropwizard Jersey Client Sample
- Docker auto spawning required connected container types on demand
- Micro Service cross service dependencies
- Keep microservices data consistent
- Setting up rabbitMQ on docker with python
- Adding an item in a microservice, with reference to another one
- Spray microservice assembly deduplicate
- How do you manage per-environment data in Docker-based microservices?
- How to get a visualization of cross-app Spring Integration flow?
- Microservices authentication
- Building authentication with Microservices Architecture
- Microservices service registry registration and discovery
Related Questions in API-GATEWAY
- AWS API Gateway - AWS Service Integration - Execution Role Inheritance
- Is there a difference between API gateway pattern and BFF?
- How to get OAuth 2.0 right for consuming external APIs in my Custom API .net core
- Merging data on api gateway level or microservice level?
- Can client-side call frontend microservices bypassing API gateway?
- How to use AWS API Gateway generated SDK with Android Volley
- JWT authentication using cookies with KONG API Gateway
- What if there are 'N' numbers of microservices then do we have to configure them all manually in Zuul Api Gateway?
- How can I reproduce what the UI does when enabling CORS in the API Gateway using the AWS CLI
- How to set integration endpoint dynamically based on request header in AWS API Gateway?
- How to configure bearer-only = true when Using spring-boot-starter-oauth2-client
- Application type users authenticating to GCP
- Nginx plus as load balancer for AWS ECS Fargate Instances
- Run Kong in Docker, Kong does not show GUI in web browser
- Passing userId from angular using cognito user pool to aws lambda
Related Questions in KONG
- Kong: Running Mashape Kong fails on Mac OS X
- How to deploy API Managers behind ELBs on AWS and preserve X-Forwarded headers?
- My curl POST gets "Empty reply from server"
- Kong vs Haproxy/F5 lb
- JWT authentication using cookies with KONG API Gateway
- kong.conf.default is read only in Docker through Linux Containers
- How to connect a local service being developed to a hosted service mesh?
- Custom plugin configuration in kong in docker using declarative configuration
- Cannot run 'kong migrations bootstrap' ( Ident authentication failed for user "kong")
- Run Kong in Docker, Kong does not show GUI in web browser
- Kong :: Client IP missing in X-FORWARDED-FOR
- Can't access grafana through kong ingress controller for kubernetes
- How to activate TLSv1.3 with kong?
- Error: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: Transport endpoint is not connected
- Accessing introspect endpoint , failed:connection refused kong, keycload,OIDC
Related Questions in KONGA
- Error creating a connection to Postgresql while preparing konga database
- kong and kong-migrations container error (dns.lua:39)
- Kong Request Transformer template value debugging
- How to fix Kong timers always running and not response?
- Hide server info (kong version) using kong gui plugin response-transformer but didn't work?
- Kong API Gateway SSL/TLS Certificates
- unable to rename header
- Expose Kong API gateway at custom domain/URL
- Can we use Kong api gateway for GraphQL service based backend service?
- Passing Bearer token from kong to keycloak to be authenticated and then procceds to api call
- How does User Registration work while using an API Gateway
- How to configure HTTPS services/api on kong
- Kong Regex for Replacing String in URI
- Front End routing in Kong
- Why kong access non configured regex route?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
In my opinion Kong is not supposed to replace a user registry / authentication service. However, it can help you enforce authentication.
There are several options of securing your APIs against unauthorized access. These include:
key-authplugin and is not intended for authenticating users (meaning natural persons) but consumers (meaning other systems).jwtplugin and is suitable for user authentication. Kong is responsible for validating the JWT tokens (by checking the signature and expiry of the self contained token). You can of course do further checks either with custom Kong plugins or within your upstream service.So I think you shouldn't think of Kong as a replacement for your user service, but as a complement/addition which helps you enforcing security policies even before the request reaches your upstream service.