Can you use fusionauth behind Kong?
-
I'm wondering what the official FA recommendation would be around putting FA behind an API Gateway like Kong? https://github.com/Kong/kong
We're using microservices for our backend services and likely to put most of them behind some API gateway, Kong seems to be one of the most popular options for this rather than stringing things together ourselves however some of the calls that will be hitting our FA instance will actually come from some of our backend services.
I have to imagine that putting FA behind an API gateway has come up before but don't see much in the docs about this setup.
Is this something you see happen often? If so is there a recommended set of best practices for this?
Moved over from https://github.com/FusionAuth/fusionauth-issues/issues/420
-
There are many using FusionAuth in this manner, we don't currently offer any specific documentation on integrating with API Gateways.
I would love to have this documentation at some point, however as far as I know most if not all of the options I've seen have a fairly standard integration using a JWT.
Once you know what the Gateway such as Kong is looking for in the JWT to perform authorization you can use the JWT populate lambda to ensure the JWT has everything you need.
https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate
https://fusionauth.io/docs/v1/tech/oauth/tokensHope that helps!
