Estimated reading time:
Warning: This feature is released as BETA and should not be deployed in a production environment.
Applications allow registered developers on Kong Developer Portal to
authenticate with OAuth2 against a Service on Kong. Either Kong or an
external identity provider
admins can selectively admit access to Services using Kong Manager.
- Kong Enterprise is installed, version 18.104.22.168 or newer.
- Developer Portal is enabled on the same Workspace as the Service.
- The Service is created and enabled with HTTPS.
- Authentication is enabled on the Developer Portal.
- Logged in as an admin with read and write roles on applications, services, and developers.
portal_app_auth configuration option is configured for your OAuth provider and strategy (
Configure the Authorization Provider Strategy for the Portal Application Registration plugin.
- Authorization provider configured if using a supported third-party
identity provider with the OIDC plugin. For example instructions using Okta
as an identity provider, refer to the Okta example.
Enable Application Registration on a Service using Kong Manager
To use Application Registration on a Service, the Portal Application Registration Plugin must be enabled on a Service.
In Kong Manager, access the Service for which you want to enable Application Registration:
- From your Workspace, in the left navigation pane, go to API Gateway > Services.
- On the Services page, select the Service and click View.
- In the Plugins pane in the Services page, click Add Plugin.
- On the Add New Plugin page in the Authentication section, find the Portal Application Registration Plugin and click Enable.
- Enter the configuration settings. Use the parameters in the next section, Application Registration Configuration Parameters, to complete the fields.
- Click Create.
Application Registration Configuration Parameters
Description: If enabled, all new Service contract requests are automatically
approved. Otherwise, Dev Portal admins must manually approve requests.
Description: Unique description displayed in the information about a Service in the Developer Portal.
Description: Unique display name used for a Service in the Developer Portal.
Description: Displays the Issuer URL in the Service Details. Note: Exposing
the Issuer URL is essential for the
Authorization Code Flow workflow configured for third-party identity providers.
- If using the Kong-managed authorization strategy
kong-oauth2), configure the OAuth2 plugin. You can use the Kong Manager GUI
or cURL commands as documented on the Plugin Hub.
- if using the third-party authorization strategy
external-oauth2), configure the OIDC plugin. You can use the GUI or cURL
commands as documented on the plugin hub.