Kong · Schema
Oauth2PluginConfig
API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source
Properties
| Name | Type | Description |
|---|---|---|
| config | object | |
| name | object | |
| protocols | array | A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins th |
| route | object | If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used. |
| service | object | If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/Oauth2PluginConfig",
"title": "Oauth2PluginConfig",
"x-speakeasy-entity": "PluginOauth2",
"properties": {
"config": {
"type": "object",
"properties": {
"accept_http_if_already_terminated": {
"description": "Accepts HTTPs requests that have already been terminated by a proxy or load balancer.",
"type": "boolean",
"default": false
},
"anonymous": {
"description": "An optional string (consumer UUID or username) value to use as an \u201canonymous\u201d consumer if authentication fails.",
"type": "string"
},
"auth_header_name": {
"description": "The name of the header that is supposed to carry the access token.",
"type": "string",
"default": "authorization"
},
"enable_authorization_code": {
"description": "An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).",
"type": "boolean",
"default": false
},
"enable_client_credentials": {
"description": "An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).",
"type": "boolean",
"default": false
},
"enable_implicit_grant": {
"description": "An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).",
"type": "boolean",
"default": false
},
"enable_password_grant": {
"description": "An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).",
"type": "boolean",
"default": false
},
"global_credentials": {
"description": "An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has `config.global_credentials=true`.",
"type": "boolean",
"default": false
},
"hide_credentials": {
"description": "An optional boolean value telling the plugin to show or hide the credential from the upstream service.",
"type": "boolean",
"default": true
},
"mandatory_scope": {
"description": "An optional boolean value telling the plugin to require at least one `scope` to be authorized by the end user.",
"type": "boolean",
"default": false
},
"persistent_refresh_token": {
"type": "boolean",
"default": false
},
"pkce": {
"description": "Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin.",
"type": "string",
"default": "lax",
"enum": [
"lax",
"none",
"strict"
]
},
"provision_key": {
"description": "The unique key the plugin has generated when it has been added to the Service.",
"type": "string",
"x-encrypted": true
},
"realm": {
"description": "When authentication fails the plugin sends `WWW-Authenticate` header with `realm` attribute value.",
"type": "string"
},
"refresh_token_ttl": {
"description": "Time-to-live value for data",
"type": "number",
"default": 1209600,
"maximum": 100000000,
"minimum": 0
},
"reuse_refresh_token": {
"description": "An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.",
"type": "boolean",
"default": false
},
"scopes": {
"description": "Describes an array of scope names that will be available to the end user. If `mandatory_scope` is set to `true`, then `scopes` are required.",
"type": "array",
"items": {
"type": "string"
}
},
"token_expiration": {
"description": "An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to `0` to disable the expiration.",
"type": "number",
"default": 7200
}
}
},
"name": {
"const": "oauth2"
},
"protocols": {
"description": "A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.",
"type": "array",
"items": {
"enum": [
"grpc",
"grpcs",
"http",
"https",
"ws",
"wss"
],
"type": "string"
},
"format": "set",
"default": [
"grpc",
"grpcs",
"http",
"https",
"ws",
"wss"
]
},
"route": {
"description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.",
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
}
}
},
"service": {
"description": "If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.",
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
}
}
}
}
}