mklaber/!README.md

## !README.md

      
    Raw
  

              !README.md
            
          
    Multiple IdPs on a single OpenID Plugin

We can support all three major IdPs in a single OIDC plugin (configured at the workspace, service, or route scope):

Keycloak
WF Auth/SSO Auth
Monolith Auth

This is done by following this article: Does the openid-connect plugin support token validation for multiple IdPs.
Used this to find the JWKs URLs:
curl --request GET \
  --url https://kube-kongtest-admin.service.intradsm1.sdeconsul.csnzoo.com/openid-connect/issuers \
  --header 'Kong-Admin-Token: foo'
IdPs

Keycloak

Unique considerations:

Requires client_id
audience_required is typically blank

WF Auth/SSO Auth

Unique considerations:

Sometimes specifies scopes_required

Monolith Auth

Unique considerations:

Doesn't have its own discovery configuration (issuer) so we use the Keycloak one which works well enough
Only works for Partners Home
Requires sidecar JWT protected service extra_jwks_uris of http://127.0.0.1:17000/jwks/jwks.json
Requires enable_hs_signatures to be enabled
issuers_allowed must allow both a realm-specific issuer (e.g., https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home) and a general issuer (e.g., https://partnerswayfaircom.csnzoo.com/)

Implementation

First, configure the plugin to use Keycloak. Then add on the settings from other IdPs.


IdP
issuers_allowed
extra_jwks_uris
Other Config


Keycloak
https://authwayfairio.csnzoo.com/auth/realms/MY_REALM
https://authwayfairio.csnzoo.com/auth/realms/MY_REALM/protocol/openid-connect/certs
set client_id


WF-Auth / SSO
https://ssoauthwayfaircom.csnzoo.com/
https://ssoauthwayfaircom.csnzoo.com/.well-known/openid-configuration/jwks


Monolith
https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home AND https://partnerswayfaircom.csnzoo.com/
http://127.0.0.1:17000/jwks/jwks.json
set enable_hs_signatures: true


Limitations

There are no conflicts between WF Auth/SSO Auth and Monolith Auth.
Keycloak conflicts because unlike the other two, it does not typically specify an audience_required (which is the same between the other two).
Workarounds:

Don't require an audience -- just rely on the issuer
Identify one or more Keycloak audiences and require the mono/WF auth audience or the Keycloak audience (the included example uses the account audience for Keycloak). Sounds like account will always be there.


## kong.yaml
_format_version: "1.1"
_workspace: authdemospace
services:
- host: httpbin.org
  name: httpbin
  path: /anything
  port: 80
  protocol: http
  routes:
  - https_redirect_status_code: 426
    methods:
    - GET
    - POST
    name: auth-demo-combined
    paths:
    - /auth-demo/combined
    plugins:
    - config:
        audience_required:
        - https://apiwayfaircom.csnzoo.com/
        - account
        auth_methods:
        - bearer
        bearer_token_param_type:
        - header
        client_id:
        - km-kong-manager-sa
        enable_hs_signatures: true
        extra_jwks_uris:
        - https://authwayfairio.csnzoo.com/auth/realms/Kong_Management/protocol/openid-connect/certs
        - https://ssoauthwayfaircom.csnzoo.com:443/.well-known/openid-configuration/jwks
        - http://127.0.0.1:17000/jwks/jwks.json
        issuer: https://authwayfairio.csnzoo.com/auth/realms/Kong_Management/.well-known/openid-configuration
        issuers_allowed:
        - https://authwayfairio.csnzoo.com/auth/realms/Kong_Management
        - https://ssoauthwayfaircom.csnzoo.com/
        - https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home
        - https://partnerswayfaircom.csnzoo.com/
      enabled: true
      name: openid-connect
      protocols:
      - http
      - https
      tags:
      - auth:keycloak
      - auth:wf-auth
      - auth:mono
    preserve_host: false
    protocols:
    - https
  - https_redirect_status_code: 426
    methods:
    - GET
    - POST
    name: auth-demo-keycloak
    paths:
    - /auth-demo/keycloak
    plugins:
    - config:
        auth_methods:
        - bearer
        bearer_token_param_type:
        - header
        client_id:
        - km-kong-manager-sa
        issuer: https://authwayfairio.csnzoo.com/auth/realms/Kong_Management/.well-known/openid-configuration
      enabled: true
      name: openid-connect
      protocols:
      - http
      - https
      tags:
      - auth:keycloak
    preserve_host: false
    protocols:
    - https
  - https_redirect_status_code: 426
    methods:
    - GET
    - POST
    name: auth-demo-mono-auth
    paths:
    - /auth-demo/mono
    plugins:
    - config:
        audience_required:
        - https://apiwayfaircom.csnzoo.com/
        auth_methods:
        - bearer
        bearer_token_param_type:
        - header
        enable_hs_signatures: true
        extra_jwks_uris:
        - http://127.0.0.1:17000/jwks/jwks.json
        issuer: https://authwayfairio.csnzoo.com/auth/realms/Partner_Home/.well-known/openid-configuration
        issuers_allowed:
        - https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home
        - https://partnerswayfaircom.csnzoo.com/
      enabled: true
      name: openid-connect
      protocols:
      - http
      - https
      tags:
      - auth:mono
    preserve_host: false
    protocols:
    - https
  - https_redirect_status_code: 426
    methods:
    - GET
    - POST
    name: auth-demo-wf-auth
    paths:
    - /auth-demo/wf-auth
    plugins:
    - config:
        auth_methods:
        - bearer
        bearer_token_param_type:
        - header
        issuer: https://ssoauthwayfaircom.csnzoo.com/.well-known/openid-configuration
        scopes_required: null
      enabled: true
      name: openid-connect
      protocols:
      - http
      - https
      tags:
      - auth:wf-auth
    preserve_host: false
    protocols:
    - https

## test-suite-insomnia-collection.json
{
  "_type": "export",
  "__export_format": 4,
  "__export_date": "2022-09-13T16:01:02.107Z",
  "__export_source": "insomnia.desktop.app:v2022.5.1",
  "resources": [
    {
      "_id": "req_f759bc8e2baa40359aa550b70b037c8e",
      "parentId": "fld_bafb50fccff74a58bf0d0db3be84b385",
      "modified": 1663080050005,
      "created": 1656586858153,
      "url": "{{ _.auth_url }}/protocol/openid-connect/token",
      "name": "Get Keycloak Auth Token",
      "description": "",
      "method": "POST",
      "body": {
        "mimeType": "application/x-www-form-urlencoded",
        "params": [
          {
            "id": "pair_26382ba97e4f4e6b933ca5909f225f8d",
            "name": "client_id",
            "value": "{{ _.client_id }}",
            "description": ""
          },
          {
            "id": "pair_bde98c1b10c0472faad3b3cbb68cd4ae",
            "name": "client_secret",
            "value": "{{ _.client_secret }}",
            "description": ""
          },
          {
            "id": "pair_d1919a7c230a4eee995e16fff95c965a",
            "name": "grant_type",
            "value": "client_credentials",
            "description": ""
          }
        ]
      },
      "parameters": [],
      "headers": [
        {
          "name": "Content-Type",
          "value": "application/x-www-form-urlencoded",
          "id": "pair_33b6e6e72db14d3a8f1a7bc23e5c25b9"
        },
        {
          "id": "pair_bb5e444fd6de4cb28805600b962ba140",
          "name": "JSONPath-filter",
          "value": "$.access_token",
          "description": ""
        }
      ],
      "authentication": {},
      "metaSortKey": -1663079783756,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "fld_bafb50fccff74a58bf0d0db3be84b385",
      "parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
      "modified": 1663079995663,
      "created": 1663079995663,
      "name": "Get Tokens",
      "description": "",
      "environment": {},
      "environmentPropertyOrder": null,
      "metaSortKey": -1663079995663,
      "_type": "request_group"
    },
    {
      "_id": "wrk_e07744683edf44fe9fa83e81e5109c44",
      "parentId": null,
      "modified": 1656586385594,
      "created": 1656586385594,
      "name": "Keycloak",
      "description": "",
      "scope": "collection",
      "_type": "workspace"
    },
    {
      "_id": "req_c2615db489d64a8fa3c0447c9b5ca9ca",
      "parentId": "fld_bafb50fccff74a58bf0d0db3be84b385",
      "modified": 1663080055196,
      "created": 1663079783706,
      "url": "{{ _.wf_auth_url }}/oauth/token",
      "name": "Get WF Auth Token",
      "description": "",
      "method": "POST",
      "body": {
        "mimeType": "application/x-www-form-urlencoded",
        "params": [
          {
            "name": "client_id",
            "value": "{{ _.wf_auth_client_id }}",
            "id": "pair_9f6e1612087b49d09708c014402b8595"
          },
          {
            "id": "pair_e2b1231ae4714b4a883ef05357c0f3b9",
            "name": "client_secret",
            "value": "{{ _.wf_auth_client_secret }}",
            "description": ""
          },
          {
            "id": "pair_795aa0436dff420e90ec188ab2c2fb92",
            "name": "grant_type",
            "value": "client_credentials",
            "description": ""
          }
        ]
      },
      "parameters": [],
      "headers": [
        {
          "name": "content-type",
          "value": "application/x-www-form-urlencoded",
          "id": "pair_c728c39feddb41d0b56d6224aa312e2e"
        }
      ],
      "authentication": {},
      "metaSortKey": -1663079783706,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "req_0398f4bc69cd48e3a2a52637ff206f55",
      "parentId": "fld_bcbe70277e9840829149ad7004835cfc",
      "modified": 1663082676536,
      "created": 1663078681946,
      "url": "{{ _.kong_proxy }}/auth-demo/keycloak",
      "name": "Keycloak",
      "description": "",
      "method": "GET",
      "body": {},
      "parameters": [],
      "headers": [],
      "authentication": {
        "type": "bearer",
        "token": "{% response 'body', 'req_f759bc8e2baa40359aa550b70b037c8e', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
      },
      "metaSortKey": -1663078681946,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "fld_bcbe70277e9840829149ad7004835cfc",
      "parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
      "modified": 1663078676138,
      "created": 1663078676138,
      "name": "Kong Tests",
      "description": "",
      "environment": {},
      "environmentPropertyOrder": null,
      "metaSortKey": -1663078676138,
      "_type": "request_group"
    },
    {
      "_id": "req_a556e9fe17314b23a84ef4547411359d",
      "parentId": "fld_bcbe70277e9840829149ad7004835cfc",
      "modified": 1663082729232,
      "created": 1663081326454,
      "url": "{{ _.kong_proxy }}/auth-demo/mono",
      "name": "Mono Auth",
      "description": "",
      "method": "GET",
      "body": {},
      "parameters": [],
      "headers": [],
      "authentication": {
        "type": "bearer",
        "token": "{% prompt 'partner_home_bearer_token', 'Partner Home Bearer Token', '', '', false, true %}"
      },
      "metaSortKey": -1662992452716.125,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "req_9ea0c7b4525a4ad9b74382432a5ccb9a",
      "parentId": "fld_bcbe70277e9840829149ad7004835cfc",
      "modified": 1663084818809,
      "created": 1663081530687,
      "url": "{{ _.kong_proxy }}/auth-demo/combined",
      "name": "Combined - Mono Auth",
      "description": "",
      "method": "GET",
      "body": {},
      "parameters": [],
      "headers": [],
      "authentication": {
        "type": "bearer",
        "token": "{% prompt 'partner_home_bearer_token', 'Partner Home Bearer Token', '', '', false, true %}"
      },
      "metaSortKey": -1662949338101.1875,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "req_81358e0de0274a6c9ef64e241cd9c261",
      "parentId": "fld_bcbe70277e9840829149ad7004835cfc",
      "modified": 1663082860665,
      "created": 1663080601120,
      "url": "{{ _.kong_proxy }}/auth-demo/combined",
      "name": "Combined - Keycloak",
      "description": "",
      "method": "GET",
      "body": {},
      "parameters": [],
      "headers": [],
      "authentication": {
        "type": "bearer",
        "token": "{% response 'body', 'req_f759bc8e2baa40359aa550b70b037c8e', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
      },
      "metaSortKey": -1662906223486.25,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "req_796edcd7fa0f4f1f8e1e864562acd51d",
      "parentId": "fld_bcbe70277e9840829149ad7004835cfc",
      "modified": 1663082764468,
      "created": 1663080069072,
      "url": "{{ _.kong_proxy }}/auth-demo/wf-auth",
      "name": "WF Auth",
      "description": "",
      "method": "GET",
      "body": {},
      "parameters": [],
      "headers": [],
      "authentication": {
        "type": "bearer",
        "token": "{% response 'body', 'req_c2615db489d64a8fa3c0447c9b5ca9ca', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
      },
      "metaSortKey": -1662733765026.5,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "req_17dd5c91567e45ffb587c1592ab78a9a",
      "parentId": "fld_bcbe70277e9840829149ad7004835cfc",
      "modified": 1663082959801,
      "created": 1663080638282,
      "url": "{{ _.kong_proxy }}/auth-demo/combined",
      "name": "Combined - WF Auth",
      "description": "",
      "method": "GET",
      "body": {},
      "parameters": [],
      "headers": [],
      "authentication": {
        "type": "bearer",
        "token": "{% response 'body', 'req_c2615db489d64a8fa3c0447c9b5ca9ca', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
      },
      "metaSortKey": -1662561306566.75,
      "isPrivate": false,
      "settingStoreCookies": true,
      "settingSendCookies": true,
      "settingDisableRenderRequestBody": false,
      "settingEncodeUrl": true,
      "settingRebuildPath": true,
      "settingFollowRedirects": "global",
      "_type": "request"
    },
    {
      "_id": "env_b976cd204f1cb1d2f6c884ed315795518762d6f8",
      "parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
      "modified": 1663080085183,
      "created": 1656586385599,
      "name": "Base Environment",
      "data": {
        "url": "{{ _.base_url }}/auth/admin/realms/{{ _.realm }}",
        "auth_url": "{{ _.base_url }}/auth/realms/{{ _.realm }}",
        "realm": "Kong_Management",
        "client_id": "km-kong-manager-sa",
        "kong_proxy": "https://kube-kongtest-proxy.service.intradsm1.sdeconsul.csnzoo.com"
      },
      "dataPropertyOrder": {
        "&": ["url", "auth_url", "realm", "client_id", "kong_proxy"]
      },
      "color": null,
      "isPrivate": false,
      "metaSortKey": 1656586385599,
      "_type": "environment"
    },
    {
      "_id": "jar_b976cd204f1cb1d2f6c884ed315795518762d6f8",
      "parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
      "modified": 1663082946442,
      "created": 1656586385600,
      "name": "Default Jar",
      "cookies": [
        {
          "key": "KC_RESTART",
          "expires": "1970-01-01T00:00:10.000Z",
          "maxAge": 0,
          "domain": "kube-auth-provider.service.intradsm1.sdeconsul.csnzoo.com",
          "path": "/auth/realms/Kong_Management/",
          "httpOnly": true,
          "extensions": ["Version=1"],
          "hostOnly": true,
          "creation": "2022-06-30T11:03:26.634Z",
          "lastAccessed": "2022-09-13T14:11:56.921Z",
          "id": "774354437447262"
        },
        {
          "key": "KC_RESTART",
          "expires": "1970-01-01T00:00:10.000Z",
          "maxAge": 0,
          "domain": "authwayfairio.csnzoo.com",
          "path": "/auth/realms/Kong_Management/",
          "httpOnly": true,
          "extensions": ["Version=1"],
          "hostOnly": true,
          "creation": "2022-09-13T14:15:48.711Z",
          "lastAccessed": "2022-09-13T15:29:06.441Z",
          "id": "9023089874790617"
        }
      ],
      "_type": "cookie_jar"
    },
    {
      "_id": "spc_2bb1e33bb7a24b559cd93821283e62c0",
      "parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
      "modified": 1656586385595,
      "created": 1656586385595,
      "fileName": "Keycloak",
      "contents": "",
      "contentType": "yaml",
      "_type": "api_spec"
    },
    {
      "_id": "env_2c7d69191b5a4dd6af4ef9e31a236b7b",
      "parentId": "env_b976cd204f1cb1d2f6c884ed315795518762d6f8",
      "modified": 1663079976020,
      "created": 1656586532150,
      "name": "prod",
      "data": {
        "base_url": "https://auth.wayfair.io",
        "client_uuid": "86875682-6be7-4ac5-ac98-67a2a859741c",
        "client_secret": "KEYCLOAK CLIENT SECRET",
        "wf_auth_url": "https://sso.auth.wayfair.com",
        "wf_auth_client_id": "WF AUTH CLIENT ID",
        "wf_auth_client_secret": "WF AUTH CLIENT SECRET"
      },
      "dataPropertyOrder": {
        "&": [
          "base_url",
          "client_uuid",
          "client_secret",
          "wf_auth_url",
          "wf_auth_client_id",
          "wf_auth_client_secret"
        ]
      },
      "color": null,
      "isPrivate": true,
      "metaSortKey": 1656586532150,
      "_type": "environment"
    },
    {
      "_id": "env_3c026b133f7743d588efab3d7c7ee9a5",
      "parentId": "env_b976cd204f1cb1d2f6c884ed315795518762d6f8",
      "modified": 1663080077452,
      "created": 1656586557024,
      "name": "dev",
      "data": {
        "base_url": "https://authwayfairio.csnzoo.com",
        "client_uuid": "05d03a4f-fb0d-4e4a-858c-340ce10956b6",
        "client_secret": "KEY CLOAK CLIENT SECRET",
        "wf_auth_url": "https://ssoauthwayfaircom.csnzoo.com",
        "wf_auth_client_id": "WF AUTH CLIENT ID",
        "wf_auth_client_secret": "WF AUTH CLIENT SECRET"
      },
      "dataPropertyOrder": {
        "&": [
          "base_url",
          "client_uuid",
          "client_secret",
          "wf_auth_url",
          "wf_auth_client_id",
          "wf_auth_client_secret"
        ]
      },
      "color": null,
      "isPrivate": true,
      "metaSortKey": 1656586557024,
      "_type": "environment"
    }
  ]
}
IdP	`issuers_allowed`	`extra_jwks_uris`	Other Config
Keycloak	`https://authwayfairio.csnzoo.com/auth/realms/MY_REALM`	`https://authwayfairio.csnzoo.com/auth/realms/MY_REALM/protocol/openid-connect/certs`	set `client_id`
WF-Auth / SSO	`https://ssoauthwayfaircom.csnzoo.com/`	`https://ssoauthwayfaircom.csnzoo.com/.well-known/openid-configuration/jwks`
Monolith	`https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home` AND `https://partnerswayfaircom.csnzoo.com/`	`http://127.0.0.1:17000/jwks/jwks.json`	set `enable_hs_signatures: true`
	_format_version: "1.1"
	_workspace: authdemospace
	services:
	- host: httpbin.org
	name: httpbin
	path: /anything
	port: 80
	protocol: http
	routes:
	- https_redirect_status_code: 426
	methods:
	- GET
	- POST
	name: auth-demo-combined
	paths:
	- /auth-demo/combined
	plugins:
	- config:
	audience_required:
	- https://apiwayfaircom.csnzoo.com/
	- account
	auth_methods:
	- bearer
	bearer_token_param_type:
	- header
	client_id:
	- km-kong-manager-sa
	enable_hs_signatures: true
	extra_jwks_uris:
	- https://authwayfairio.csnzoo.com/auth/realms/Kong_Management/protocol/openid-connect/certs
	- https://ssoauthwayfaircom.csnzoo.com:443/.well-known/openid-configuration/jwks
	- http://127.0.0.1:17000/jwks/jwks.json
	issuer: https://authwayfairio.csnzoo.com/auth/realms/Kong_Management/.well-known/openid-configuration
	issuers_allowed:
	- https://authwayfairio.csnzoo.com/auth/realms/Kong_Management
	- https://ssoauthwayfaircom.csnzoo.com/
	- https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home
	- https://partnerswayfaircom.csnzoo.com/
	enabled: true
	name: openid-connect
	protocols:
	- http
	- https
	tags:
	- auth:keycloak
	- auth:wf-auth
	- auth:mono
	preserve_host: false
	protocols:
	- https
	- https_redirect_status_code: 426
	methods:
	- GET
	- POST
	name: auth-demo-keycloak
	paths:
	- /auth-demo/keycloak
	plugins:
	- config:
	auth_methods:
	- bearer
	bearer_token_param_type:
	- header
	client_id:
	- km-kong-manager-sa
	issuer: https://authwayfairio.csnzoo.com/auth/realms/Kong_Management/.well-known/openid-configuration
	enabled: true
	name: openid-connect
	protocols:
	- http
	- https
	tags:
	- auth:keycloak
	preserve_host: false
	protocols:
	- https
	- https_redirect_status_code: 426
	methods:
	- GET
	- POST
	name: auth-demo-mono-auth
	paths:
	- /auth-demo/mono
	plugins:
	- config:
	audience_required:
	- https://apiwayfaircom.csnzoo.com/
	auth_methods:
	- bearer
	bearer_token_param_type:
	- header
	enable_hs_signatures: true
	extra_jwks_uris:
	- http://127.0.0.1:17000/jwks/jwks.json
	issuer: https://authwayfairio.csnzoo.com/auth/realms/Partner_Home/.well-known/openid-configuration
	issuers_allowed:
	- https://partnerswayfaircom.csnzoo.com/auth/realms/Partner_Home
	- https://partnerswayfaircom.csnzoo.com/
	enabled: true
	name: openid-connect
	protocols:
	- http
	- https
	tags:
	- auth:mono
	preserve_host: false
	protocols:
	- https
	- https_redirect_status_code: 426
	methods:
	- GET
	- POST
	name: auth-demo-wf-auth
	paths:
	- /auth-demo/wf-auth
	plugins:
	- config:
	auth_methods:
	- bearer
	bearer_token_param_type:
	- header
	issuer: https://ssoauthwayfaircom.csnzoo.com/.well-known/openid-configuration
	scopes_required: null
	enabled: true
	name: openid-connect
	protocols:
	- http
	- https
	tags:
	- auth:wf-auth
	preserve_host: false
	protocols:
	- https
	{
	"_type": "export",
	"__export_format": 4,
	"__export_date": "2022-09-13T16:01:02.107Z",
	"__export_source": "insomnia.desktop.app:v2022.5.1",
	"resources": [
	{
	"_id": "req_f759bc8e2baa40359aa550b70b037c8e",
	"parentId": "fld_bafb50fccff74a58bf0d0db3be84b385",
	"modified": 1663080050005,
	"created": 1656586858153,
	"url": "{{ _.auth_url }}/protocol/openid-connect/token",
	"name": "Get Keycloak Auth Token",
	"description": "",
	"method": "POST",
	"body": {
	"mimeType": "application/x-www-form-urlencoded",
	"params": [
	{
	"id": "pair_26382ba97e4f4e6b933ca5909f225f8d",
	"name": "client_id",
	"value": "{{ _.client_id }}",
	"description": ""
	},
	{
	"id": "pair_bde98c1b10c0472faad3b3cbb68cd4ae",
	"name": "client_secret",
	"value": "{{ _.client_secret }}",
	"description": ""
	},
	{
	"id": "pair_d1919a7c230a4eee995e16fff95c965a",
	"name": "grant_type",
	"value": "client_credentials",
	"description": ""
	}
	]
	},
	"parameters": [],
	"headers": [
	{
	"name": "Content-Type",
	"value": "application/x-www-form-urlencoded",
	"id": "pair_33b6e6e72db14d3a8f1a7bc23e5c25b9"
	},
	{
	"id": "pair_bb5e444fd6de4cb28805600b962ba140",
	"name": "JSONPath-filter",
	"value": "$.access_token",
	"description": ""
	}
	],
	"authentication": {},
	"metaSortKey": -1663079783756,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "fld_bafb50fccff74a58bf0d0db3be84b385",
	"parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
	"modified": 1663079995663,
	"created": 1663079995663,
	"name": "Get Tokens",
	"description": "",
	"environment": {},
	"environmentPropertyOrder": null,
	"metaSortKey": -1663079995663,
	"_type": "request_group"
	},
	{
	"_id": "wrk_e07744683edf44fe9fa83e81e5109c44",
	"parentId": null,
	"modified": 1656586385594,
	"created": 1656586385594,
	"name": "Keycloak",
	"description": "",
	"scope": "collection",
	"_type": "workspace"
	},
	{
	"_id": "req_c2615db489d64a8fa3c0447c9b5ca9ca",
	"parentId": "fld_bafb50fccff74a58bf0d0db3be84b385",
	"modified": 1663080055196,
	"created": 1663079783706,
	"url": "{{ _.wf_auth_url }}/oauth/token",
	"name": "Get WF Auth Token",
	"description": "",
	"method": "POST",
	"body": {
	"mimeType": "application/x-www-form-urlencoded",
	"params": [
	{
	"name": "client_id",
	"value": "{{ _.wf_auth_client_id }}",
	"id": "pair_9f6e1612087b49d09708c014402b8595"
	},
	{
	"id": "pair_e2b1231ae4714b4a883ef05357c0f3b9",
	"name": "client_secret",
	"value": "{{ _.wf_auth_client_secret }}",
	"description": ""
	},
	{
	"id": "pair_795aa0436dff420e90ec188ab2c2fb92",
	"name": "grant_type",
	"value": "client_credentials",
	"description": ""
	}
	]
	},
	"parameters": [],
	"headers": [
	{
	"name": "content-type",
	"value": "application/x-www-form-urlencoded",
	"id": "pair_c728c39feddb41d0b56d6224aa312e2e"
	}
	],
	"authentication": {},
	"metaSortKey": -1663079783706,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "req_0398f4bc69cd48e3a2a52637ff206f55",
	"parentId": "fld_bcbe70277e9840829149ad7004835cfc",
	"modified": 1663082676536,
	"created": 1663078681946,
	"url": "{{ _.kong_proxy }}/auth-demo/keycloak",
	"name": "Keycloak",
	"description": "",
	"method": "GET",
	"body": {},
	"parameters": [],
	"headers": [],
	"authentication": {
	"type": "bearer",
	"token": "{% response 'body', 'req_f759bc8e2baa40359aa550b70b037c8e', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
	},
	"metaSortKey": -1663078681946,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "fld_bcbe70277e9840829149ad7004835cfc",
	"parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
	"modified": 1663078676138,
	"created": 1663078676138,
	"name": "Kong Tests",
	"description": "",
	"environment": {},
	"environmentPropertyOrder": null,
	"metaSortKey": -1663078676138,
	"_type": "request_group"
	},
	{
	"_id": "req_a556e9fe17314b23a84ef4547411359d",
	"parentId": "fld_bcbe70277e9840829149ad7004835cfc",
	"modified": 1663082729232,
	"created": 1663081326454,
	"url": "{{ _.kong_proxy }}/auth-demo/mono",
	"name": "Mono Auth",
	"description": "",
	"method": "GET",
	"body": {},
	"parameters": [],
	"headers": [],
	"authentication": {
	"type": "bearer",
	"token": "{% prompt 'partner_home_bearer_token', 'Partner Home Bearer Token', '', '', false, true %}"
	},
	"metaSortKey": -1662992452716.125,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "req_9ea0c7b4525a4ad9b74382432a5ccb9a",
	"parentId": "fld_bcbe70277e9840829149ad7004835cfc",
	"modified": 1663084818809,
	"created": 1663081530687,
	"url": "{{ _.kong_proxy }}/auth-demo/combined",
	"name": "Combined - Mono Auth",
	"description": "",
	"method": "GET",
	"body": {},
	"parameters": [],
	"headers": [],
	"authentication": {
	"type": "bearer",
	"token": "{% prompt 'partner_home_bearer_token', 'Partner Home Bearer Token', '', '', false, true %}"
	},
	"metaSortKey": -1662949338101.1875,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "req_81358e0de0274a6c9ef64e241cd9c261",
	"parentId": "fld_bcbe70277e9840829149ad7004835cfc",
	"modified": 1663082860665,
	"created": 1663080601120,
	"url": "{{ _.kong_proxy }}/auth-demo/combined",
	"name": "Combined - Keycloak",
	"description": "",
	"method": "GET",
	"body": {},
	"parameters": [],
	"headers": [],
	"authentication": {
	"type": "bearer",
	"token": "{% response 'body', 'req_f759bc8e2baa40359aa550b70b037c8e', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
	},
	"metaSortKey": -1662906223486.25,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "req_796edcd7fa0f4f1f8e1e864562acd51d",
	"parentId": "fld_bcbe70277e9840829149ad7004835cfc",
	"modified": 1663082764468,
	"created": 1663080069072,
	"url": "{{ _.kong_proxy }}/auth-demo/wf-auth",
	"name": "WF Auth",
	"description": "",
	"method": "GET",
	"body": {},
	"parameters": [],
	"headers": [],
	"authentication": {
	"type": "bearer",
	"token": "{% response 'body', 'req_c2615db489d64a8fa3c0447c9b5ca9ca', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
	},
	"metaSortKey": -1662733765026.5,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "req_17dd5c91567e45ffb587c1592ab78a9a",
	"parentId": "fld_bcbe70277e9840829149ad7004835cfc",
	"modified": 1663082959801,
	"created": 1663080638282,
	"url": "{{ _.kong_proxy }}/auth-demo/combined",
	"name": "Combined - WF Auth",
	"description": "",
	"method": "GET",
	"body": {},
	"parameters": [],
	"headers": [],
	"authentication": {
	"type": "bearer",
	"token": "{% response 'body', 'req_c2615db489d64a8fa3c0447c9b5ca9ca', 'b64::JC5hY2Nlc3NfdG9rZW4=::46b', 'always', 60 %}"
	},
	"metaSortKey": -1662561306566.75,
	"isPrivate": false,
	"settingStoreCookies": true,
	"settingSendCookies": true,
	"settingDisableRenderRequestBody": false,
	"settingEncodeUrl": true,
	"settingRebuildPath": true,
	"settingFollowRedirects": "global",
	"_type": "request"
	},
	{
	"_id": "env_b976cd204f1cb1d2f6c884ed315795518762d6f8",
	"parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
	"modified": 1663080085183,
	"created": 1656586385599,
	"name": "Base Environment",
	"data": {
	"url": "{{ _.base_url }}/auth/admin/realms/{{ _.realm }}",
	"auth_url": "{{ _.base_url }}/auth/realms/{{ _.realm }}",
	"realm": "Kong_Management",
	"client_id": "km-kong-manager-sa",
	"kong_proxy": "https://kube-kongtest-proxy.service.intradsm1.sdeconsul.csnzoo.com"
	},
	"dataPropertyOrder": {
	"&": ["url", "auth_url", "realm", "client_id", "kong_proxy"]
	},
	"color": null,
	"isPrivate": false,
	"metaSortKey": 1656586385599,
	"_type": "environment"
	},
	{
	"_id": "jar_b976cd204f1cb1d2f6c884ed315795518762d6f8",
	"parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
	"modified": 1663082946442,
	"created": 1656586385600,
	"name": "Default Jar",
	"cookies": [
	{
	"key": "KC_RESTART",
	"expires": "1970-01-01T00:00:10.000Z",
	"maxAge": 0,
	"domain": "kube-auth-provider.service.intradsm1.sdeconsul.csnzoo.com",
	"path": "/auth/realms/Kong_Management/",
	"httpOnly": true,
	"extensions": ["Version=1"],
	"hostOnly": true,
	"creation": "2022-06-30T11:03:26.634Z",
	"lastAccessed": "2022-09-13T14:11:56.921Z",
	"id": "774354437447262"
	},
	{
	"key": "KC_RESTART",
	"expires": "1970-01-01T00:00:10.000Z",
	"maxAge": 0,
	"domain": "authwayfairio.csnzoo.com",
	"path": "/auth/realms/Kong_Management/",
	"httpOnly": true,
	"extensions": ["Version=1"],
	"hostOnly": true,
	"creation": "2022-09-13T14:15:48.711Z",
	"lastAccessed": "2022-09-13T15:29:06.441Z",
	"id": "9023089874790617"
	}
	],
	"_type": "cookie_jar"
	},
	{
	"_id": "spc_2bb1e33bb7a24b559cd93821283e62c0",
	"parentId": "wrk_e07744683edf44fe9fa83e81e5109c44",
	"modified": 1656586385595,
	"created": 1656586385595,
	"fileName": "Keycloak",
	"contents": "",
	"contentType": "yaml",
	"_type": "api_spec"
	},
	{
	"_id": "env_2c7d69191b5a4dd6af4ef9e31a236b7b",
	"parentId": "env_b976cd204f1cb1d2f6c884ed315795518762d6f8",
	"modified": 1663079976020,
	"created": 1656586532150,
	"name": "prod",
	"data": {
	"base_url": "https://auth.wayfair.io",
	"client_uuid": "86875682-6be7-4ac5-ac98-67a2a859741c",
	"client_secret": "KEYCLOAK CLIENT SECRET",
	"wf_auth_url": "https://sso.auth.wayfair.com",
	"wf_auth_client_id": "WF AUTH CLIENT ID",
	"wf_auth_client_secret": "WF AUTH CLIENT SECRET"
	},
	"dataPropertyOrder": {
	"&": [
	"base_url",
	"client_uuid",
	"client_secret",
	"wf_auth_url",
	"wf_auth_client_id",
	"wf_auth_client_secret"
	]
	},
	"color": null,
	"isPrivate": true,
	"metaSortKey": 1656586532150,
	"_type": "environment"
	},
	{
	"_id": "env_3c026b133f7743d588efab3d7c7ee9a5",
	"parentId": "env_b976cd204f1cb1d2f6c884ed315795518762d6f8",
	"modified": 1663080077452,
	"created": 1656586557024,
	"name": "dev",
	"data": {
	"base_url": "https://authwayfairio.csnzoo.com",
	"client_uuid": "05d03a4f-fb0d-4e4a-858c-340ce10956b6",
	"client_secret": "KEY CLOAK CLIENT SECRET",
	"wf_auth_url": "https://ssoauthwayfaircom.csnzoo.com",
	"wf_auth_client_id": "WF AUTH CLIENT ID",
	"wf_auth_client_secret": "WF AUTH CLIENT SECRET"
	},
	"dataPropertyOrder": {
	"&": [
	"base_url",
	"client_uuid",
	"client_secret",
	"wf_auth_url",
	"wf_auth_client_id",
	"wf_auth_client_secret"
	]
	},
	"color": null,
	"isPrivate": true,
	"metaSortKey": 1656586557024,
	"_type": "environment"
	}
	]
	}