Estimated reading time:
Applications allow registered developers on Kong Developer Portal to
authenticate with OAuth2 against a Service on Kong. Either Kong or an
external identity provider
admins can selectively admit access to Services using Kong Manager.
- Kong Enterprise is installed, version 18.104.22.168 or newer.
- Developer Portal is enabled on the same Workspace as the Service.
- The Service is created and enabled with HTTPS.
- Authentication is enabled on the Developer Portal.
- Logged in as an admin with read and write roles on applications, services, and
portal_app_auth configuration option is configured for your OAuth provider
and strategy (
Configure the Authorization Provider Strategy for the Portal Application Registration plugin.
- Authorization provider configured if using a supported third-party
identity provider with the OIDC plugin:
- For example instructions using Okta as an identity provider, refer to the
- For example instructions using Azure AD as an identity provider, refer to the
Enable Application Registration on a Service using Kong Manager
To use Application Registration on a Service, the Portal Application Registration
Plugin must be enabled on a Service.
In Kong Manager, access the Service for which you want to enable Application Registration:
- From your Workspace, in the left navigation pane, go to API Gateway > Services.
- On the Services page, select the Service and click View.
- In the Plugins pane in the Services page, click Add a Plugin.
On the Add New Plugin page in the Authentication section, find the
Portal Application Registration Plugin and click Enable.
Enter the configuration settings. Use the parameters in the next section,
Application Registration Configuration Parameters,
to complete the fields.
- Click Create.
Application Registration Configuration Parameters
Select the Service that this plugin configuration will target.
An optional set of strings for grouping and filtering, separated by commas.
If enabled, all new Service contract requests are automatically
approved. Otherwise, Dev Portal admins must manually approve requests.
Unique description displayed in the information about a Service in the Developer Portal.
Unique display name used for a Service in the Developer Portal.
Displays the Issuer URL in the Service Details. Note: Exposing
the Issuer URL is essential for the
Authorization Code Flow
workflow configured for third-party identity providers.
- If using the Kong-managed authorization strategy
kong-oauth2), configure the OAuth2 plugin.
You can use the Kong Manager GUI or cURL commands as documented on the
Plugin Hub. The OAuth2 plugin cannot be used in hybrid mode.
- If using the third-party authorization strategy
external-oauth2), configure the OIDC plugin. You can use the Kong Manager GUI
or cURL commands as documented on the Plugin Hub.
When your deployment is hybrid mode, the OIDC plugin must be configured to handle
authentication for the Portal Application Registration plugin.