You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/09/03 07:39:35 UTC
[GitHub] [apisix] okaybase opened a new pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
okaybase opened a new pull request #4978:
URL: https://github.com/apache/apisix/pull/4978
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
add Authentication through OIDC Relying Party flow description
### Pre-submission checklist:
* [x] Did you explain what problem does this PR solve? Or what new features have been added?
* [ ] Have you added corresponding test cases?
* [x] Have you modified the corresponding document?
* [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
Posted by GitBox <gi...@apache.org>.
spacewander merged pull request #4978:
URL: https://github.com/apache/apisix/pull/4978
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] okaybase commented on a change in pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
Posted by GitBox <gi...@apache.org>.
okaybase commented on a change in pull request #4978:
URL: https://github.com/apache/apisix/pull/4978#discussion_r702414613
##########
File path: docs/zh/latest/plugins/openid-connect.md
##########
@@ -142,6 +142,41 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13
}'
```
+#### 通过 OIDC 依赖方认证流程进行身份验证
+
+当一个请求在请求头或会话 Cookie 中不包含访问令牌时,
+插件可以充当 OIDC 依赖方并重定向到身份提供者的授权端点以通过 OIDC 授权代码流程;
+请参阅 https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth 。
+一旦用户通过身份提供者进行身份验证,插件将代表用户从身份提供者获取和管理访问令牌和更多信息。
+该信息当前存储在会话 cookie 中,该插件将识别 cookie 并使用其中的信息,以避免再次执行认证流程。
+
+以下命令将此操作模式添加到路由:
+
+```bash
+curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/get",
+ "plugins": {
+ "proxy-rewrite": {
+ "scheme": "https"
+ },
+ "openid-connect": {
+ "client_id": "api_six_client_id",
+ "client_secret": "client_secret_code",
+ "discovery": "full_URL_of_the_discovery_endpoint",
+ "bearer_only": false,
+ "realm": "master"
+}
+ },
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "httpbin.org:443": 1
+ }
+ }
+}'
+```
+
Review comment:
okay~ done~ thanks~ @spacewander
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on a change in pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
Posted by GitBox <gi...@apache.org>.
starsz commented on a change in pull request #4978:
URL: https://github.com/apache/apisix/pull/4978#discussion_r701760575
##########
File path: docs/zh/latest/plugins/openid-connect.md
##########
@@ -142,6 +142,41 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13
}'
```
+#### 通过 OIDC 依赖方认证流程进行身份验证
+
+当一个请求在请求头中不包含访问令牌时,也不在会话 cookie 中,
Review comment:
```suggestion
当一个请求在请求头或会话 Cookie 中不包含访问令牌时,
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a change in pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
Posted by GitBox <gi...@apache.org>.
spacewander commented on a change in pull request #4978:
URL: https://github.com/apache/apisix/pull/4978#discussion_r702410358
##########
File path: docs/zh/latest/plugins/openid-connect.md
##########
@@ -142,6 +142,41 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13
}'
```
+#### 通过 OIDC 依赖方认证流程进行身份验证
+
+当一个请求在请求头或会话 Cookie 中不包含访问令牌时,
+插件可以充当 OIDC 依赖方并重定向到身份提供者的授权端点以通过 OIDC 授权代码流程;
+请参阅 https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth 。
+一旦用户通过身份提供者进行身份验证,插件将代表用户从身份提供者获取和管理访问令牌和更多信息。
+该信息当前存储在会话 cookie 中,该插件将识别 cookie 并使用其中的信息,以避免再次执行认证流程。
+
+以下命令将此操作模式添加到路由:
+
+```bash
+curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/get",
+ "plugins": {
+ "proxy-rewrite": {
+ "scheme": "https"
+ },
+ "openid-connect": {
+ "client_id": "api_six_client_id",
+ "client_secret": "client_secret_code",
+ "discovery": "full_URL_of_the_discovery_endpoint",
+ "bearer_only": false,
+ "realm": "master"
+}
+ },
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "httpbin.org:443": 1
+ }
+ }
+}'
+```
+
Review comment:
Does the zh version miss the translation of "In this case, the plugin can enforce that the access token, the ID token, and the UserInfo object get set in respective configured request headers."?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] okaybase commented on a change in pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
Posted by GitBox <gi...@apache.org>.
okaybase commented on a change in pull request #4978:
URL: https://github.com/apache/apisix/pull/4978#discussion_r701762420
##########
File path: docs/zh/latest/plugins/openid-connect.md
##########
@@ -142,6 +142,41 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13
}'
```
+#### 通过 OIDC 依赖方认证流程进行身份验证
+
+当一个请求在请求头中不包含访问令牌时,也不在会话 cookie 中,
Review comment:
okay~ done~ thanks~ @starsz
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] okaybase commented on a change in pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description
Posted by GitBox <gi...@apache.org>.
okaybase commented on a change in pull request #4978:
URL: https://github.com/apache/apisix/pull/4978#discussion_r701762420
##########
File path: docs/zh/latest/plugins/openid-connect.md
##########
@@ -142,6 +142,41 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13
}'
```
+#### 通过 OIDC 依赖方认证流程进行身份验证
+
+当一个请求在请求头中不包含访问令牌时,也不在会话 cookie 中,
Review comment:
okay~ done~ thanks~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org