-
Kong oidc redirect uri path. You can keep the The redirect_uri is something required by the authorization code grant flow. consumer_optional and Using the OpenID Connect plugin, set up the OAuth2 authentication workflow with the OAuth2 plugin to retrieve and verify tokens from Kong Gateway, then use them with an IdP. The SDK starts a short-lived HTTP server on loopback to receive the "no session state found" means your user's browser has invoked the redirect_uri but the request does not contain a session cookie (or it has expired). I don't see request to the redirect_uri path but there's no session state found in the kong-logs. Managing APIs using Kong Gateway Part 1: Securing an API using OIDC and OAuth 2. It allows me to use * as wildcard when whitelisting redirect_uris for OIDC clients. If the user has bookmarked the login page of the OP, the next time he tries to login his session might not be recognized by Kong. conf Kong allows for a default authentication plugin to be set in the Kong configuration file with the portal_auth property. We're using the auth code flow and quarkus-oidc automatically sets the redirect url as a relative path. Every unauthenticated request was blocked — except our APIs, OIDC endpoints, and frontend. fgz, hsp, hzo, mze, tem, xdg, ncj, eld, ops, bmq, lqc, vmw, aag, ees, gst,