You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/14 01:28:59 UTC
[GitHub] [apisix] Coderyangg opened a new issue, #8516: help request: can oidc plugin filter some request?
Coderyangg opened a new issue, #8516:
URL: https://github.com/apache/apisix/issues/8516
### Description
in my project ,i use oidc plugin to check authorization,but is not all request need this,i want to filter this.but in oidc plugin config,i can not find the config to filter this
### Environment
- APISIX version (run `apisix version`):2.15
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350502864
This is just an example. If you don't know how to config. Please show your old config. And I change config for you.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350222325
Do you mean, you want to disable this plugin at some condition?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350261281
> Can you provide more detail about what you want to do for us? Using step to step description.
in my project,not all request need check authorization in headers.some request without authorization,i want it will not be
intercepted.like keycloak config,it provide keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350666711
> This is just an example. If you don't know how to change your config. Please show your old config. And I change it for you.
{
"bearer_only": true,
"client_id": "icappSupervision",
"client_secret": "xx",
"disable": false,
"discovery": "https://keycloak.icos.city/realms/dit/.well-known/openid-configuration",
"realm": "dit",
"scope": "openid profile"
}
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350751083
> correctly
> This means this config is working successfully! And this `time-out` error not responded by this plugin, is returned by the upstream you are config. You need to check out your upstream is working correctly.
got ,thank you
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350357096
You can try
```
"openid-connect":{
"_meta": {
"priority": 10000,
"filter": [
{"uri", "~~", "\/some_path"}
]
}
.......
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350345274
So you don't want authorization turned on for some of paths?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350744303
This means this config is working successfully!
And this `time-out` error not responded by apisix, is returned by the upstream you are config. You can change your upstream.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350702322
> Sorry , the correct is
>
> ```
> {
> "_meta": {
> "priority": 10000,
> "filter": [
> ["uri", "~~", "\/some_path"]
> ]
> },
> "bearer_only": true,
> "client_id": "icappSupervision",
> "client_secret": "xx",
> "disable": false,
> "discovery": "https://keycloak.icos.city/realms/dit/.well-known/openid-configuration",
> "realm": "dit",
> "scope": "openid profile"
> }
> ```
it is invalid,my request is still intercepted by apisix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg closed issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg closed issue #8516: help request: can oidc plugin filter some request?
URL: https://github.com/apache/apisix/issues/8516
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350734888
> https://github.com/api7/lua-resty-expr#operator-list `["uri", "~~", "\/some_path"]` mean enable auth at `/some_path`. If you want to disable auth at `/some_path` you can try this `["uri", "~=", "/some_path"]`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350733410
>
it will cause gateway timeout
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350716367
https://github.com/api7/lua-resty-expr#operator-list
`["uri", "~~", "\/some_path"]` mean enable auth at `/some_path`. If you want to disable auth at `/some_path` you can try this `["uri", "~=", "/some_path"]`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350225197
Maybe _meta is what you want. https://apisix.apache.org/docs/apisix/2.15/terminology/plugin/#plugin-common-configuration-under-_meta
```
"openid-connect":{
"_meta": {
"priority": 10000,
"filter": [
{"arg_name", "==", "arg_value"}
]
}
.......
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350677754
> > "_meta": {
> > "priority": 10000,
> > "filter": [
> > {"uri", "~~", "/some_path"}
> > ]
> > },
>
> 
it is not allowed like this in apisix
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350676829
> "_meta": {
> "priority": 10000,
> "filter": [
> {"uri", "~~", "\/some_path"}
> ]
> },
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350672834
just put `_meta` to your plugin
```
{
"_meta": {
"priority": 10000,
"filter": [
{"uri", "~~", "\/some_path"}
]
},
"bearer_only": true,
"client_id": "icappSupervision",
"client_secret": "xx",
"disable": false,
"discovery": "https://keycloak.icos.city/realms/dit/.well-known/openid-configuration",
"realm": "dit",
"scope": "openid profile"
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
mscb402 commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350250169
Can you provide more detail about what you want to do for us? Using step to step description.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350232847
> arg_name
not disable,for examble,there are 2 request in service, they are different path,i want oidc plugin only check request 1`s authorization
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Coderyangg commented on issue #8516: help request: can oidc plugin filter some request?
Posted by GitBox <gi...@apache.org>.
Coderyangg commented on issue #8516:
URL: https://github.com/apache/apisix/issues/8516#issuecomment-1350497744
> You can try
>
> ```
> "openid-connect":{
> "_meta": {
> "priority": 10000,
> "filter": [
> {"uri", "~~", "\/some_path"}
> ]
> }
> .......
> }
> ```
it seems not a json
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org