Skip to content
|
search
Plugin Hub
github-edit-pageEdit this page
report-issueReport an issue
header icon

Portal Application Registration

By Kong Inc.

Applications allow registered developers on Kong Developer Portal to authenticate against a Gateway Service. Dev Portal admins can selectively admit access to Services using the Application Registration plugin.

Note: This plugin is for application registration in self-managed Kong Gateway instances.

In Konnect, the functionality is built into the Service Hub, so you don’t need this plugin. See the following documentation:

The Application Registration plugin is used in tandem with supported Kong Gateway authorization plugins, depending on your configured Dev Portal authorization provider. Either Kong Gateway (kong-oauth2) or a third-party OAuth provider (external-oauth2) can be the system of record (SoR) for application credentials. For more information, see Configure an Authorization Provider Strategy.

To learn how to set up key authentication, see Enable Key Authentication for Application Registration.

Supported authorization plugins for use with application registration:

Kong Gateway Plugin Portal authorization strategy
OAuth2 kong-oauth2
Key Auth kong-oauth2
OIDC external-oauth2

If you plan to use the external OAuth option with OIDC, review the supported OAuth workflows.

Examples

Replace <DNSorIP> with your host name or IP address, {service} with your Service name, and <my_service_display_name> with the display_name of your Service for examples in this section.

Enable automatic registration approval

Enable auto_approve so that application registration requests are automatically approved.

curl -X POST http://<DNSorIP>:8001/services/{service} \
    --data "name=application-registration"  \
    --data "config.display_name=<my_service_display_name>" \
    --data "config.auto_approve=true

Update your current configuration by running a PATCH command. Replace {plugin_id} with the id of your plugin.

curl -X PATCH http://<DNSorIP>:8001/plugins/{plugin_id} \
  --data "config.auto_approve=true"

Enable show issuer URL

Enable show_issuer to expose the Issuer URL in the Service Details dialog.

Note: Exposing the Issuer URL is essential for the Authorization Code Flow configured for third-party identity providers.

Update your current configuration by running a PATCH command. Replace {plugin_id} with the id of your plugin.

curl -X PATCH http://<DNSorIP>:8001/plugins/{plugin_id} \
  --data "config.show_issuer=true"