Use a custom access token headerv3.8+

Configure the Upstream OAuth plugin with a custom header to use when sending the access token (obtained from the IdP) to the upstream service.

Prerequisites

  • You have an IdP configured.

Environment variables

  • CLIENT_CREDENTIALS_GRANT_POST_AUTH_CLIENT_ID: The client ID for the application registration in the IdP.

  • CLIENT_CREDENTIALS_GRANT_POST_AUTH_CLIENT_SECRET: The client secret for the application registration in the IdP.

Set up the plugin

Add this section to your declarative configuration file:

_format_version: "3.0"
plugins:
  - name: upstream-oauth
    config:
      oauth:
        token_endpoint: https://example.com/oauth2/token
        grant_type: client_credentials
        client_id: ${{ env "DECK_CLIENT_CREDENTIALS_GRANT_POST_AUTH_CLIENT_ID" }}
        client_secret: ${{ env "DECK_CLIENT_CREDENTIALS_GRANT_POST_AUTH_CLIENT_SECRET"
          }}
        scopes:
        - openid
        - profile
      behavior:
        upstream_access_token_header_name: X-Custom-Auth
Copied to clipboard!

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!