You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/10 16:43:39 UTC

[GitHub] [apisix] azilentech opened a new issue #6574: feat: keycloak 1. Support of password grant type for token generation 2. Support for User Info Injection in the request

azilentech opened a new issue #6574:
URL: https://github.com/apache/apisix/issues/6574


   ### Issue description
   
   In Keycloak plugin,
   
   The following features can be helpful:
   1. There can be feature to support "password" grant type which can generate token via Keycloak token endpoint and return it in response.
   -  There can be configuration setting "token_generation_endpoint", which will contain URL endpoint. If incoming URL request match with this URL, identify the user name and password from incoming request parameters and call "token_endpoint". 
   
   2. There can be an optional configuration that can allow injecting Keycloak User Info in the incoming request.
   - There can be configuration settings: "include_user_info" and "token_userinfo_endpoint". Based on these values, the plugin will call Token Userinfo Endpoint and inject a new header "X-User-Info" in the request before forwarding it for further process.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] azilentech commented on issue #6574: feat: keycloak Support of password grant type for token generation

Posted by GitBox <gi...@apache.org>.

azilentech commented on issue #6574:
URL: https://github.com/apache/apisix/issues/6574#issuecomment-1065164770


   Hi,
   We have implemented this feature for our internal scenario already and If it can be helpful to a larger audience, we have created PR for review.
   We have kept only a single feature, as you suggested in the PR.
   Please let me know, your comments for the same.
   
   We will also create separate PR for Dashboard changes so that it can support these keyclaok plugin changes.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #6574: feat: keycloak 1. Support of password grant type for token generation 2. Support for User Info Injection in the request

Posted by GitBox <gi...@apache.org>.

spacewander commented on issue #6574:
URL: https://github.com/apache/apisix/issues/6574#issuecomment-1064711398


   2 questions:
   1. 
   > If incoming URL request match with this URL, identify the user name and password from incoming request
   
   I am wondering about the role of token_generation_endpoint. If the plugin is run, the incoming URL request matches the uri configured in the route. So can you provide a detailed explain  about the token_generation_endpoint?
   
   2. Could you open another issue for the feature request 2? One issue for one feature, please. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] azilentech commented on issue #6574: feat: keycloak Support of password grant type for token generation

Posted by GitBox <gi...@apache.org>.

azilentech commented on issue #6574:
URL: https://github.com/apache/apisix/issues/6574#issuecomment-1065935382


   In the code, instead of taking "token_generation_endpoint" as configuration setting name, I have used "password_grant_token_generation_incoming_uri" as setting name.
   As the previous name was making confusion with "token_endpoint" which was referring to keycloak url.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org