FusionAuth is an OIDC and OAuth server, which means it integrates with a variety of third party systems out of the box. One of those systems is an API gateway. It is a common architectural pattern to have an authentication system generate a token which is then presented to other services. These services can sit behind an API Gateway, which offers throttling, billing and checks for authenticated requests.
General Integration Guidance
In general, you’ll want to do the following to perform an API gateway integration using OIDC:
Create an application in FusionAuth.
Record the Client Id and the Client Secret.
Provide the Client Id and the Client Secret to the application which will be delegating authentication to FusionAuth.
Add the configured redirect URL, typically specified by the delegating application, to the Authorized redirect URLs field in the client.
You may need to ensure that FusionAuth is signing the JWT with an asymmetric key. You can do that using Key Master to create or import the key and then configuring the application by navigating to.
In the API gateway:
Provide the URL for FusionAuth, often called the
Configure the API gateway with the client Id and secret from the FusionAuth application.
Configure which claims of the JWT the API gateway should inspect.
FusionAuth also supports SAML integrations. Learn more about how FusionAuth can act as a SAML IdP.
Here’s an example architecture.
Here are a few example API gateway integrations.
How helpful was this page?
See a problem?
Have a question or comment to share?
Visit the FusionAuth community forum.