We’ll go through the authorization code flow applied to user authentication processes in our second Kong and Okta tutorial. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect (OIDC) plugin. Parts 1, 3, and 4 cover: Implement Client Credentials with Kong Konnect and Okta Implement Introspection Flow With Kong Konnect and Okta Access control based on Okta’s groups and planes Table of Contents...

Read more

Using Kong’s OpenID Connect (OIDC) plugin, Kong and Okta work together to solve three significant application development challenges: Connectivity Authentication Authorization The OIDC plugin enables Kong, as the API gateway, to communicate with Okta via the OAuth/OIDC flows. That way, your app teams don’t have to configure and diagnose authentication and authorization for each service individually. With these challenges solved, app teams have more time to build and innovate. Table of Contents Kong Konnect and...

Read more

{% include integrator-org-warning.html %} :page-liquid: :toc: macro Building a microservices architecture is possible with minimal code if you use Spring Boot, Spring Cloud, and Spring Cloud Config. Package everything up in Docker containers and you can run everything using Docker Compose. If you’re communicating between services, you can ensure your services are somewhat secure by not exposing their ports in your docker-compose.yml file. But what happens if someone accidentally exposes the ports of your microservice...

Read more

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. JSON Web Tokens have quickly become the standard for securing web applications, superseding older technologies like cookies and sessions. Used properly, they address a...

Read more

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Most OAuth 2.0 guides are focused around the context of a user, i.e., login to an application using Google, GitHub, Okta, etc., then do...

Read more