feat(identity): authenticate principals with Basic Auth#5451
Open
juliamrch wants to merge 16 commits into
Open
feat(identity): authenticate principals with Basic Auth#5451juliamrch wants to merge 16 commits into
juliamrch wants to merge 16 commits into
Conversation
✅ Deploy Preview for kongdeveloper ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Signed-off-by: Diana <75819066+cloudjumpercat@users.noreply.github.com>
Co-authored-by: Diana <75819066+cloudjumpercat@users.noreply.github.com>
Signed-off-by: Diana <75819066+cloudjumpercat@users.noreply.github.com>
Signed-off-by: Diana <75819066+cloudjumpercat@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds new Kong Identity documentation covering the core concepts of Directories/Principals and a Gateway how-to showing how to authenticate Principals using the Basic Authentication plugin.
Changes:
- Introduces a new Kong Identity reference page explaining Principals, Directories, identities, credentials, metadata, and limits.
- Adds a new Gateway how-to that creates a Directory + Principal and configures the Basic Auth plugin to authenticate Principals.
- Includes validation steps demonstrating unauthorized vs authorized requests.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| app/kong-identity/principals-and-directories.md | New reference page defining Kong Identity Principals/Directories and how they map to Gateway concepts. |
| app/_how-tos/gateway/authenticate-principals-with-basic-authentication.md | New how-to for configuring Basic Auth to authenticate Kong Identity Principals and validating requests. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Guaris
reviewed
Jun 3, 2026
Comment on lines
+170
to
+274
| ## Create a directory | ||
|
|
||
| {% navtabs "create-directory" %} | ||
| {% navtab "UI" %} | ||
|
|
||
| UI steps will be added once the feature is available for testing. | ||
|
|
||
| {% endnavtab %} | ||
| {% navtab "API" %} | ||
|
|
||
| Send a `POST` request to the [`/v2/directories` endpoint](/api/konnect/kong-identity/v2/#/operations/createDirectory): | ||
|
|
||
| <!--vale off--> | ||
| {% konnect_api_request %} | ||
| url: /v2/directories | ||
| status_code: 201 | ||
| method: POST | ||
| body: | ||
| name: example-directory | ||
| description: Example directory for principals | ||
| allow_all_control_planes: true | ||
| {% endkonnect_api_request %} | ||
| <!--vale on--> | ||
|
|
||
| {% endnavtab %} | ||
| {% navtab "Terraform" %} | ||
|
|
||
| Terraform steps will be added once the feature is available for testing. | ||
|
|
||
| {% endnavtab %} | ||
| {% endnavtabs %} | ||
|
|
||
| ## Configure a principal | ||
|
|
||
| Configuring a principal is a multi-step process. You always create the principal first, then attach identities. Metadata is optional. | ||
|
|
||
| {% navtabs "configure-principal" %} | ||
| {% navtab "UI" %} | ||
|
|
||
| UI steps will be added once the feature is available for testing. | ||
|
|
||
| {% endnavtab %} | ||
| {% navtab "API" %} | ||
|
|
||
| 1. Create the principal by sending a `POST` request to the [`/v2/directories/{directoryId}/principals` endpoint](/api/konnect/kong-identity/v2/#/operations/createPrincipal): | ||
| {% capture create_principal %} | ||
| <!--vale off--> | ||
| {% konnect_api_request %} | ||
| url: /v2/directories/$DIRECTORY_ID/principals | ||
| status_code: 201 | ||
| method: POST | ||
| body: | ||
| display_name: example-principal | ||
| description: Example principal | ||
| {% endkonnect_api_request %} | ||
| <!--vale on--> | ||
| {% endcapture %} | ||
| {{ create_principal | indent: 3}} | ||
|
|
||
| 1. Link an identity to a principal by sending a `POST` request to the [`/v2/directories/{directoryId}/principals/{principalId}/identities` endpoint](/api/konnect/kong-identity/v2/#/operations/createIdentity). In this example, you'll be attaching a `control_plane_consumer` identity to map the principal to a Consumer in a {{site.base_gateway}} control plane: | ||
| {% capture link_identity %} | ||
| <!--vale off--> | ||
| {% konnect_api_request %} | ||
| url: /v2/directories/$DIRECTORY_ID/principals/$PRINCIPAL_ID/identities | ||
| status_code: 201 | ||
| method: POST | ||
| body: | ||
| type: control_plane_consumer | ||
| control_plane_id: $CONTROL_PLANE_ID | ||
| consumer_id: $CONSUMER_ID | ||
| {% endkonnect_api_request %} | ||
| <!--vale on--> | ||
| {% endcapture %} | ||
| {{ link_identity | indent: 3}} | ||
|
|
||
| For other identity types and the fields each one accepts, see [Identities](#identities). | ||
|
|
||
| {:.info} | ||
| > If you want to authenticate clients against this principal using basic auth or an API key, you also need to add the credentials in separate API calls: | ||
| > * **Basic auth:** `POST` to [`/v2/directories/{directoryId}/principals/{principalId}/basic-auths`](/api/konnect/kong-identity/v2/#/operations/createBasicAuth) to create the basic auth entry, then `POST` to [`/v2/directories/{directoryId}/principals/{principalId}/basic-auths/{basicAuthId}/passwords`](/api/konnect/kong-identity/v2/#/operations/createPassword) to set a password. | ||
| > * **API key:** `POST` to [`/v2/directories/{directoryId}/principals/{principalId}/api-keys`](/api/konnect/kong-identity/v2/#/operations/createKey). | ||
|
|
||
| 1. (Optional) Add or update metadata on the principal by sending a `PATCH` request to the [`/v2/directories/{directoryId}/principals/{principalId}` endpoint](/api/konnect/kong-identity/v2/#/operations/updatePrincipal): | ||
| {% capture update_metadata %} | ||
| <!--vale off--> | ||
| {% konnect_api_request %} | ||
| url: /v2/directories/$DIRECTORY_ID/principals/$PRINCIPAL_ID | ||
| status_code: 200 | ||
| method: PATCH | ||
| body: | ||
| metadata: | ||
| business_unit: payments | ||
| tier: gold | ||
| {% endkonnect_api_request %} | ||
| <!--vale on--> | ||
| {% endcapture %} | ||
| {{ update_metadata | indent: 3}} | ||
|
|
||
| {% endnavtab %} | ||
| {% navtab "Terraform" %} | ||
|
|
||
| Terraform steps will be added once the feature is available for testing. | ||
|
|
||
| {% endnavtab %} | ||
| {% endnavtabs %} |
Contributor
Author
There was a problem hiding this comment.
Not sure, it's more a tutorial that @cloudjumpercat included in a reference page (this page comes from a cherry-pick from her branch) than a how-to .
Contributor
There was a problem hiding this comment.
Is this a core workflow for identity? If so why not have it as a how to?
Contributor
There was a problem hiding this comment.
@Guaris This content will be in the various how tos since creating a principal and directory are required for those flows. It also exists on the Principals reference page (work in progress, PR is here if you want to check it out) similar to what we have for Gateway entities, like Set up a Consumer. That way information about the entity + general steps of how to configure it using various tools are in one space. We'll have links to the how tos on the reference page as well for users who want the more opinionated how to flows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
closes #5037
This PR contains a new guide for Kong Identity, using Principals and Basic Auth.
Preview Links
https://deploy-preview-5451--kongdeveloper.netlify.app/how-to/authenticate-principals-with-basic-authentication/
Checklist
descriptionentry in frontmatter.