API First: From Zero to Hero (Part 3)

Securing the API with OpenID Connect (Authentication)

  • Build the custom Kong image from the Dockerfile we created
  • Use our generated image of Kong instead of the official image

Provisioning IAM

make -k run-integration-tests

Enable the plugin in the API

  1. Enable the Prometheus metrics plugin for all Routes (this setting is the default for swagger-to-kong and is defined via the kong-route-config-default.json file
  2. For Route swagger-petstore.showPetById, swagger-petstore.listPets and swagger-petstore.createPets (via the .* Regex) configure the security plugin (jwt-keycloak) already pointing to the IAM (keycloak) and also stating that the Access Token can be extracted from the HTTP Cookie oauthtoken (to facilitate integration with oidc-proxy)
  3. For Route swagger-petstore.listPets configure the additional CORS plugin.

CORS plugin

  1. In Konga, select the desired Service or Route and browse Plugins
  2. Click the Raw view icon (eye icon)
  3. Copy the generated JSON
  4. Remove unnecessary attributes and use JSON in the kong-route-config.json file

Configuring swagger-to-kong in the Makefile

make -k run-integration-tests

Configuring authentication on the client

  • Have the credentials (client_id and client_secret) as a Variable in the environment localhost
  • Invoke a Pre-request Script for all operations, which will talk to the IAM (Keycloak) to negotiate the credentials for an Access Token
  • Propagate the Access Token for all operations as Header Authorization: Bearer $TOKEN
  • Use an oauthtoken cookie for one of the operations instead of the Header to propagate the Access Token
  1. Click on Manage Environments
  2. In the Popup, select the environment localhost
  3. Add the variable client_id with the value newman
  4. Add the variable client_secret with the value 5b7aad6a-9efc-4d14–9fd4–641ed48754c5
  5. Add the tenant variable with the value http://keycloak:8083/auth/realms/test/protocol/openid-connect/token
  6. Click Update to make the changes effective
  7. Export the environment as done in the step Creating an environment and exporting

Creating the Pre-script in the collection

  1. In the Postman side navigation menu, right click on the collection Swagger Petstore and then click Edit
  2. In the popup, select the Pre-request Scripts tab
  3. Add the script below:

Configuring authentication on the collection

  1. In the Postman side navigation menu, right click on the collection Swagger Petstore and then click Edit
  2. In the popup, select the Authorization tab
  3. In the Type combo, select Bearer Token
  4. In the Token field, enter the value {{token}}
  5. Click Update to make the changes effective

Configuring authentication on requests (Bearer)

  1. In the collection Swagger Petstore, in the folder pets select the requests (List all pets and Create a pet) and one by one navigate to the tab Authorization
  2. In the TYPE combo select the type Inherit auth from parent
  3. Click Save to make the changes

Configuring authentication on requests (cookie)

  1. In the collection Swagger Petstore, in the folder pets select the request Info for a specific pet and navigate to the tab Authorization
  2. In the TYPE combo select the type No Auth
  3. Navigate to the Headers tab
  4. Add a Header with KEY oauthtoken and VALUE {{token}}
  5. Click Save to make the changes effective

Exporting the collection

Finishing

  • Use Postman to import and execute definitions from an openapi spec
  • How to create automated tests (collection) from Postman and export them for execution via the command line
  • How to create API mocks with Prism
  • How to use the swagger-to-kong tool to import openapi definitions into Kong (automatically creating Service and Route)
  • How to use the swagger-to-kong tool to configure plugins in the generated routes
  • How to use newman to run the collection created in Postman
  • How to protect the API (authentication) with Keycloak, Kong + plugin jwt-keycloak and swagger-to-kong (plugins)
  • How to run integration tests with Kong + Postgres, Keycloak, Prism, swagger-to-kong and newman

Next steps

--

--

--

Cloud Specialists providing professional services with DevOps, BigData, Cloud Native Applications and Security. https://www.3bit.com.br/3bit

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Handling Packages In Python

How to Easily Write an XML Parser in Julia

iOS Basic Knowledge Ramdon Quiz 1

My Website Development Experiences

CS373 Spring 2022 Week 8 — David Tang

SYSTEM DESIGN: HORIZONTAL VS VERTICAL SCALING

Exploring iOS’s Sandbox

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
3Bit Technologies

3Bit Technologies

Cloud Specialists providing professional services with DevOps, BigData, Cloud Native Applications and Security. https://www.3bit.com.br/3bit

More from Medium

What are Microservices ?

Locust Load Testing | Getting started

Mocking an API with Rapidmock

Microservices with event sourcing using .NET Core