You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "Cheol-Soon-Choi (via GitHub)" <gi...@apache.org> on 2023/04/24 08:21:04 UTC
[GitHub] [apisix] Cheol-Soon-Choi opened a new issue, #9364: help request: Please help me on how to use the openid-connect plugin!
Cheol-Soon-Choi opened a new issue, #9364:
URL: https://github.com/apache/apisix/issues/9364
### Description
I want to manage routing calls using keycloak's access token.
After building the keycloak server,
Register keycloak in apisix service,
The token was acquired through
curl --location '{apisix}/realms/apisix_test_realm/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={username}' \
--data-urlencode 'client_id=apisix' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'password={password}'
Set up routing as below,
{
"uri": "/test*",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"OPTIONS"
],
"plugins": {
"openid-connect": {
"bearer_only": true,
"client_id": "apisix",
"client_secret": "{client_secret}",
"discovery": "http://{keycloak}:8080/realms/apisix_test_realm/.well-known/openid-configuration",
"introspection_endpoint": "http://{keycloak}:8080/realms/apisix_test_realm/protocol/openid-connect/token/introspect",
"introspection_endpoint_auth_method": "client_secret_basic",
"realm": "apisix_test_realm"
}
},
"upstream": {
"nodes": [
{
"host": "127.0.0.1",
"port": 8999,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 20
},
"type": "roundrobin",
"scheme": "http",
"pass_host": "pass",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
},
"status": 1
}
A 401 error occurs when the call is made as follows, including the acquired token. I don't know where the problem is. How should I solve it?
curl --location '{apisix}/test' \
--header 'Authorization: Bearer {access token}'
### Environment
- APISIX version (run `apisix version`): 3.2
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Cheol-Soon-Choi commented on issue #9364: help request: Please help me on how to use the openid-connect plugin!
Posted by "Cheol-Soon-Choi (via GitHub)" <gi...@apache.org>.
Cheol-Soon-Choi commented on issue #9364:
URL: https://github.com/apache/apisix/issues/9364#issuecomment-1519615265
Additionally, by directly calling the keycloak server, access token introspect succeeds.
curl --location '{keycloak}/realms/apisix_test_realm/protocol/openid-connect/token/introspect' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=apisix' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'token={access token}'
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] LiteSun commented on issue #9364: help request: Please help me on how to use the openid-connect plugin!
Posted by "LiteSun (via GitHub)" <gi...@apache.org>.
LiteSun commented on issue #9364:
URL: https://github.com/apache/apisix/issues/9364#issuecomment-1523078413
@Cheol-Soon-Choi, could you show more logs when you get 401, including the apisix log and keycloak log.
And this guide link may be helpful to you. https://www.keycloak.org/2021/12/apisix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] kayx23 commented on issue #9364: help request: Please help me on how to use the openid-connect plugin!
Posted by "kayx23 (via GitHub)" <gi...@apache.org>.
kayx23 commented on issue #9364:
URL: https://github.com/apache/apisix/issues/9364#issuecomment-1519811479
@Cheol-Soon-Choi just FYI there's an apache apisix [slack channel](https://apisix.apache.org/docs/general/join/). You might get quicker response there.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Cheol-Soon-Choi closed issue #9364: help request: Please help me on how to use the openid-connect plugin!
Posted by "Cheol-Soon-Choi (via GitHub)" <gi...@apache.org>.
Cheol-Soon-Choi closed issue #9364: help request: Please help me on how to use the openid-connect plugin!
URL: https://github.com/apache/apisix/issues/9364
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org