Social Login and Microservices authentication


I’m studying microservices and service mesh (Kong API Gateway and Istio to be more specific) and I’m trying to implement end-user authentication. All in all, what I want is that a user can sign in with some social provider (Github, Facebook, etc.) and this same user will request other endpoints inside my service mesh. The API Gateway will validate the authentication and automatically forward the headers with the user. In order to do that, It must be authenticated at user-level so other microservices can be aware of who is making that request

I found out that Kong API Gateway has a plugin to protect the microservices and forward the authenticated user when it’s logged in. It’s Nokia OpenID Connect plugin (

Although it seems that I need to have an Identity Provider set up, but I don’t understand very well how to use Hydra in this context. Which authentication flow should I use if each user has its own access token/credentials? How should I manage my users? Should I store the access token from Facebook or Github in my database? Also the Social provider consent screen is more than enough, I don’t want another consent screen (that being Hydra) to be displayed

I would recommend reading: