Kong: add ability to enable / disable consumer credentials without deleting them

Created on 31 Jul 2015 · 6Comments · Source: Kong/kong

scenario:

I want to disable certain consumers from using certain credentials temporarily without changing their keys.

expectation:

I can change enabled flag on a credentials object (in oauth2 or other authentication plugins)

proposal

Source

ahmadnassri

❤2 👍2

Most helpful comment

I would like this too. I would do the following:

user signs up with email address and password
create consumer and basic auth credentials where username=email address, password=password and disabled=true
send email address verification email to user
user can't login with basic auth credentials
user clicks link in verification email
patch basic auth credential disabled=false

This allows me to store the password while the email address verification is in progress.

rzschech on 18 Aug 2017

👍2

All 6 comments

cc: @lucamaraschi

ahmadnassri on 31 Jul 2015

+1 or at least the ability to delete a key. If a key is compromised there are no options to invalidate the compromised key and issue a new one. is there?

coreybeaumont on 15 Jul 2016

@coreybeaumont yes, you can execute an HTTP DELETE request to that key.

subnetmarco on 15 Jul 2016

👍1

@thefosk thanks - the structure of the url was not initially apparent to successfully delete. Anyways, active | inactive would still be a great help.

coreybeaumont on 15 Jul 2016

I would like this too. I would do the following:

user signs up with email address and password
create consumer and basic auth credentials where username=email address, password=password and disabled=true
send email address verification email to user
user can't login with basic auth credentials
user clicks link in verification email
patch basic auth credential disabled=false

This allows me to store the password while the email address verification is in progress.

rzschech on 18 Aug 2017

👍2