You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/10/23 17:20:47 UTC
[GitHub] [apisix] remicres opened a new issue, #8150: help request: oauth2 token in URL?
remicres opened a new issue, #8150:
URL: https://github.com/apache/apisix/issues/8150
### Description
Hi,
Following the documentation, I have successfully use Apisix with a keycloak instance (https://apisix.apache.org/docs/apisix/plugins/openid-connect/) with bearer only. I used the docker image in standalone mode.
The token is passed to Apisix in the headers, apisix asks keycloak if its valid, and gives the defined route if okay. It works fine.
I am wondering if Apisix could do the same thing, with the bearer in the plain incoming URL instead of inside the `Authorization: Bearer XxxXX` header?
(I mean `https://some-domain.com/some-path/mything.json?access_token=XxxXX`)
Many thanks
### Environment
- APISIX version (run `apisix version`):
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #8150: help request: oauth2 token in URL?
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1288261056
That may need a bit modification.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] remicres closed issue #8150: help request: oauth2 token in URL?
Posted by GitBox <gi...@apache.org>.
remicres closed issue #8150: help request: oauth2 token in URL?
URL: https://github.com/apache/apisix/issues/8150
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] help request: oauth2 token in URL? [apisix]
Posted by "lakewatcher (via GitHub)" <gi...@apache.org>.
lakewatcher commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1976109507
@remicres May I ask how to configure the keepalive_pool for the forward-auth plugin? Is it possible that the configuration is too small, leading to blockage issues?
eg: If the time that spent on permission processing is 100ms and the QPS is 200, how to configure keepalive_pool ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] help request: oauth2 token in URL? [apisix]
Posted by "lakewatcher (via GitHub)" <gi...@apache.org>.
lakewatcher commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1978060643
Now the "forward-auth" plugin can configure keepalive and keepalive_pool , and I don't know how to make them better .. Thank you all the same
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] remicres commented on issue #8150: help request: oauth2 token in URL?
Posted by GitBox <gi...@apache.org>.
remicres commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1290072998
I finally managed to do it with the `forward-auth` plugin. Apisix is really great.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] help request: oauth2 token in URL? [apisix]
Posted by "remicres (via GitHub)" <gi...@apache.org>.
remicres commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1976672460
Hi @lakewatcher ,
Here is why I did (it was a while ago so it might need to be refreshed)
dockerfile
```
FROM apache/apisix
COPY docker-entrypoint.sh /
RUN chmod 755 /docker-entrypoint.sh
```
The following seems to be a modified entrypoint, a bit ugly but it worked for my poc.
docker-entrypoint.sh
```
#!/usr/bin/env bash
set -eo pipefail
PREFIX=${APISIX_PREFIX:=/usr/local/apisix}
if [[ "$1" == "docker-start" ]]; then
if [ "$APISIX_STAND_ALONE" = "true" ]; then
cat > ${PREFIX}/conf/config.yaml << _EOC_
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
_EOC_
cat > ${PREFIX}/conf/apisix.yaml << _EOC_
routes:
-
id: myserver
uri: /*
upstream:
nodes:
$TGT_HOST: 1 # ok
type: roundrobin
plugin_config_id: 1
plugin_configs:
-
id: 1
plugins:
forward-auth:
uri: $AUTH_URL
request_headers: ["Authorization"],
#END
_EOC_
/usr/bin/apisix init
else
/usr/bin/apisix init
/usr/bin/apisix init_etcd
fi
exec /usr/local/openresty/bin/openresty -p /usr/local/apisix -g 'daemon off;'
fi
exec "$@"
```
Build the docker image as `your:image` then test:
```commandLine
docker run \
-e AUTH_URL="http://some-server.com:8008/some/api" \
-d \
--name apache-apisix \
-p 9080:9080 \
-e APISIX_STAND_ALONE=true your:image
```
Hope that helps
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org