You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/05/10 11:17:50 UTC
[GitHub] [apisix] Keyruu opened a new issue, #7017: help request: openid-connect plugin: get userinfo in frontend
Keyruu opened a new issue, #7017:
URL: https://github.com/apache/apisix/issues/7017
### Description
I already talked about the issue I am facing in Slack.
My use case is:
I have a website, a frontend. This website needs to have the redirect to the OIDC provider. I want to do this with APISIX.
The website has a session cookie with the session id of APISIX. This cookie doesn’t have any info on the user, as far as I know.
How would I get the user info, like the username in the website?
The X-Userinfo Header would only be available to other APIs I request with the session header.
I want to display the username on the website after login.
I already got to the point where I can get the X-Userinfo Header to the frontend with this config:
`{
"uri": "/*",
"plugins": {
"openid-connect": {
"bearer_only": false,
"client_id": "clientid",
"client_secret": "secret",
"discovery": "openid_endpoint",
"redirect_uri": "http://localhost:9080/"
},
"response-rewrite": {
"headers": {
"Custom-Header": "$http_x_userinfo"
}
}
},
"upstream": {
"nodes": [
{
"host": "httpbin.org",
"port": 80,
"weight": 1
}
]
}
}`
I want to put the userinfo inside of a cookie so I can access it more easily in my frontend.
But if I do this:
`...
"Set-Cookie": "userinfo=$http_x_userinfo"
...`
The OIDC flow won't work anymore. I think it overrides the Set-Cookies from the OIDC plugin.
This is the error I am getting:
`[lua] openidc.lua:1378: authenticate(): request to the redirect_uri path but there's no session state found`
I hope someone can help me with this :D
### Environment
- APISIX version (run `apisix version`): 2.13
- Operating system (run `uname -a`): I use APISIX in Docker but my Operating system is: Darwin legendre.local 20.6.0 Darwin Kernel Version 20.6.0: Tue Feb 22 21:10:41 PST 2022; root:xnu-7195.141.26~1/RELEASE_X86_64 x86_64
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`): openresty/1.19.9.1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Keyruu closed issue #7017: help request: openid-connect plugin: get userinfo in frontend
Posted by GitBox <gi...@apache.org>.
Keyruu closed issue #7017: help request: openid-connect plugin: get userinfo in frontend
URL: https://github.com/apache/apisix/issues/7017
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Keyruu commented on issue #7017: help request: openid-connect plugin: get userinfo in frontend
Posted by GitBox <gi...@apache.org>.
Keyruu commented on issue #7017:
URL: https://github.com/apache/apisix/issues/7017#issuecomment-1122392782
Okay so the problem is: If I set "Set-Cookie" in response-rewrite, it removes the other Set-Cookie Headers that were already there. I would like to add another Set-Cookie Header in there tho. Is this possbile?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Keyruu commented on issue #7017: help request: openid-connect plugin: get userinfo in frontend
Posted by GitBox <gi...@apache.org>.
Keyruu commented on issue #7017:
URL: https://github.com/apache/apisix/issues/7017#issuecomment-1122483001
I got it working. I used a serverless function and added the userinfo in a cookie:
`"serverless-post-function": {
"disable": false,
"functions": [
"return function(conf, ctx) local core = require(\"apisix.core\"); if core.request.header(ctx, \"X-Userinfo\") then\n core.response.add_header(\"Set-Cookie\", \"userinfo=\" .. core.request.header(ctx, \"X-Userinfo\") .. \";\")\n end; end"
],
"phase": "rewrite"
},`
It would be cool if this could just be a flag in the OIDC plugin because in my opinion this would be very useful for everyone.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org