OpenID Connect 1.0 RP is actually a suite of several Kong plugins related to OpenID Connect. There are several use cases that the plugins try to solve. The plugin suite consists of:


  • OpenID Connect Verification Plugin that is used for ID Token and access token verification, and supports automatic key rotation based on OpenID Connect Discovery, and caching. We also support dynamic rate-limiting based on the claims provided.

  • OpenID Connect Authentication Plugin implements OpenID Connect authentication flow within the Kong. It manages the access and id tokens for the client, including caching and refreshing them, and provides the client a session.

  • OpenID Connect Protection Plugin is used with the authentication plugin to protect specific API services.

  • OpenID Connect Revocation Plugin allows the tokens to be revoked, and black-listed for usage.

  • OpenID Connect Dereferencing Plugin enables the Kong act as a central place where the opaque tokens are dereferenced and other information (e.g. OpenID Connect User Info) is gathered before the request is proxied to the API Service. This plugin also implements the caching to ease the burden on external sources.

We look forward expanding the plugin suite with a new plugins as the need for them arises. For that we especially want to get feedback from the Mashape Enterprise customers.


Enteprise-Only This plugin is only available with an Enterprise Subscription.

Requesting Access

This plugin is only available with a Mashape Enterprise subscription.

If you are already a Mashape Enteprise customer, you can request access to the plugin by opening an official support ticket using our Enteprise support channels.

If you are not a Mashape Enterprise customer, you can inquire about our Enterprise offering by contacting us.

Keep up with the latest features