You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/02/22 06:13:20 UTC
[GitHub] [apisix] spacewander commented on a change in pull request #6229: docs(authz-keycloak): add token refresh/expire time configuration
spacewander commented on a change in pull request #6229:
URL: https://github.com/apache/apisix/pull/6229#discussion_r811605899
##########
File path: docs/en/latest/plugins/authz-keycloak.md
##########
@@ -54,6 +54,10 @@ For more information on Keycloak, refer to [Keycloak Authorization Docs](https:/
| lazy_load_paths | boolean | optional | false | | Dynamically resolve the request URI to resource(s) using the resource registration endpoint instead of using the static permission. |
| http_method_as_scope | boolean | optional | false | | Map HTTP request type to scope of same name and add to all permissions requested. |
| timeout | integer | optional | 3000 | [1000, ...] | Timeout(ms) for the http connection with the Identity Server. |
+| access_token_expires_in | integer | optional | 300 | [1, ...] | The expiration time of the access token |
Review comment:
Need to add time unit in the doc
##########
File path: apisix/plugins/authz-keycloak.lua
##########
@@ -61,8 +61,13 @@ local schema = {
cache_ttl_seconds = {type = "integer", minimum = 1, default = 24 * 60 * 60},
keepalive = {type = "boolean", default = true},
keepalive_timeout = {type = "integer", minimum = 1000, default = 60000},
- keepalive_pool = {type = "integer", minimum = 1, default = 5}
- },
+ keepalive_pool = {type = "integer", minimum = 1, default = 5},
+ access_token_expires_in = {type = "integer", minimum = 1, default = 300},
+ access_token_expires_leeway = {type = "integer", minimum = 0, default = 0},
+ refresh_token_expires_in = {type = "integer", minimum = 1, default = 3600},
+ refresh_token_expires_leeway = {type = "integer", minimum = 0, default = 0},
+
+},
Review comment:
Please fix the indent and remove blank line
##########
File path: apisix/plugins/authz-keycloak.lua
##########
@@ -61,8 +61,13 @@ local schema = {
cache_ttl_seconds = {type = "integer", minimum = 1, default = 24 * 60 * 60},
keepalive = {type = "boolean", default = true},
keepalive_timeout = {type = "integer", minimum = 1000, default = 60000},
- keepalive_pool = {type = "integer", minimum = 1, default = 5}
- },
+ keepalive_pool = {type = "integer", minimum = 1, default = 5},
+ access_token_expires_in = {type = "integer", minimum = 1, default = 300},
Review comment:
We can remove the `or` logic now?
https://github.com/apache/apisix/blob/ecf08c6dd50c3ea3e7bf3c4723ada5e90bbeae13/apisix/plugins/authz-keycloak.lua#L318
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org