Help - How to protect my asp dot net core api with this?

[ImAbhishekTomar]

Anyone knows that what is this 🤯 konghq is?

My organization is protection all REST api using this konghq (and they called this stargate and its build on top of konghq).

My organization most of the api is based on the java but now they gave me a project that have many dot net core API without any authentication that I want to secure with this konghq and validate OAuth incoming token.

On my enterprise GitHub I submit some PR and they give me a proxy JSON file (proxy file have Proxy URL and other property's and ProxyURL is auto created by stargate GitHub) and namespace JSON file that have client token for consumers.

don't know how can I connect my api with this stargate (kong) and protect API with JWT toke coming from OAuth.

My Question - I just want to know that how can i use this proxy information and validate incoming OAuth token in my provider api app and protect my api as per the documentation i need use this proxyURL and namespace(auto.api) that provided in proxy file for api authorization.

Thanks!! in advance

PROXY-JSON

{
  "kind": "stargate-proxy",
  "action": "create",
  "spec": {
    "name": "dx.stage.proxy",
    "routeId": "**********************",
    "serviceId": "**********************",
    "url": "http://**********************/api-stargatedev",
    "proxyUrl": "https://abc-stage-core.company.com/api/dev/clm/auto.api/v1.0",
    "auth": [
      {
        "type": "jwt"
      },
      {
        "type": "oauth2",
        "grant": "client_credentials"
      }
    ],
    "connectTimeout": 2000,
    "readTimeout": 9000,
    "writeTimeout": 9000,
    "authorizedConsumers": [
      "umr.automations.api"
    ],
    "mtlsUpstreamRouting": false
  },
  "metadata": {
    "namespace": "auto.api",
    "proxyUrl": {
      "host": "abc-stage-core.company.com",
      "domain": "claims",
      "env": "dev",
      "namespace": "auto.api",
      "version": "v1.0",
      "type": "api"
    },
    "certificationFileName": ""
  }
}

NAME-SAPCE-JSON (I think this is for consumer use)

{
  "kind": "stargate-team",
  "spec": {
    "id": "0000000000000000000000000000",
    "credentials": [
      {
        "env": "prod",
        "oauthClientId": "0000000000000000000000000",
        "oauthClientSecret": "0000000000000000000000000",
        "jwtKey": "0000000000000000000000000",
        "jwtSecret": "0000000000000000000000000"
      },
      {
        "env": "nonprod",
        "oauthClientId": "1111111111111111",
        "oauthClientSecret": "222222222222222",
        "jwtKey": "WWWWWWWWWWWWWWWWWWW",
        "jwtSecret": "SSSSSSSSSSSSSSSSSSSS"
      }
    ]
  },
  "metadata": {
    "namespace": "umr.automations.api"
  }
}

Below code sample i m just providing for reference that currently how i am using JAVA based api that secure with this stargate konghq

Client - Code for generating OAuth Token for consumer

public static string GenerateToken()
        {
            var url= "https://abc-stage-core.company.com/auth/oauth2/cached/token";
            var client = new RestClient(new Uri(url));
            var request = new RestRequest("Authenticate", Method.POST);
            var d = new ContentType();
            request.AddHeader("Content-Type", "application/json");

            HttpContent httpContent = new StringContent(@"{ the json string }");

            var credentials = new
            {
                grant_type = "client_credentials",
                scope = "all",
                client_id = "1111111111111111",
                client_secret = "222222222222222"
            };

            request.AddJsonBody(credentials);

            var response = client.Execute(request);
            var content = response.Content;

            //This removes outer quotes from the token
            var token = content.Trim('"');
            return token;
        }

Client - consumer want to use my api like this

public static Responce AddCalltrack(string token)
{
        var url = @"<API URL>";
            var client = new RestClient(new Uri(url));
            var request = new RestRequest(Method.POST);
            request.AddHeader("Authorization", token);
            request.AddHeader("Content-Type", "application/json");
            var Request1 = new Request {};
          var JOSN = JsonConvert.SerializeObject(Request1,Formatting.None); 

        request.AddJsonBody(JOSN);

        var response = client.Execute(request);
        var content = response.Content.Trim('"');
        var formatedObj = JsonConvert.DeserializeObject<ApiModal.Responce>(content);

        return formatedObj;
}

https://stackoverflow.com/questions/67204985/what-is-konghq-api-and-how-to-protect-my-asp-dot-net-core-api-with-this

[ImAbhishekTomar]

Anyone please help on this issue.....

[Tieske]

@ImAbhishekTomar this looks somewaht like Kong config, but has been modified. Probably best to check with the "Stargate" team howe to use their product

[ImAbhishekTomar]

Hi @Tieske ,

This is not a stargate product Stargate just a product name that used by my company and this platform build on top of Kong.

About Stargate Architecture
Stargate is an Opensource API Gateway application based on Kong API Gateway, which itself is based on OpenResty and Nginx. The application is organized as several Environments, each of which is comprised of two Clusters; a DMZ Cluster and a CORE Cluster, to facilitate the various routing flows.

[Tieske]

From the JSON snippets above it seems like it is a heavily customized version, there are a lot of properties I do not recognize from Kong

[ImAbhishekTomar]

dose Kong and OAuth work like this, this my understanding after reading all Kong and my company documents. can you please help if this looks incorrect?

My major question is what is this proxy url in Kong and how this works?

@Tieske thank you so much for your time and support.