You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/10/23 17:20:47 UTC

[GitHub] [apisix] remicres opened a new issue, #8150: help request: oauth2 token in URL?

remicres opened a new issue, #8150:
URL: https://github.com/apache/apisix/issues/8150

   ### Description
   
   Hi,
   
   Following the documentation, I have successfully use Apisix with a keycloak instance (https://apisix.apache.org/docs/apisix/plugins/openid-connect/) with bearer only. I used the docker image in standalone mode.
   The token is passed to Apisix in the headers, apisix asks keycloak if its valid, and gives the defined route if okay. It works fine.
   
   I am wondering if Apisix could do the same thing, with the bearer in the plain incoming URL instead of inside the `Authorization: Bearer XxxXX` header?
   (I mean `https://some-domain.com/some-path/mything.json?access_token=XxxXX`)
   
   Many thanks
   
   ### Environment
   
   - APISIX version (run `apisix version`):
   - Operating system (run `uname -a`):
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #8150: help request: oauth2 token in URL?

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1288261056

   That may need a bit modification.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] remicres closed issue #8150: help request: oauth2 token in URL?

Posted by GitBox <gi...@apache.org>.

remicres closed issue #8150: help request: oauth2 token in URL?
URL: https://github.com/apache/apisix/issues/8150


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] help request: oauth2 token in URL? [apisix]

Posted by "lakewatcher (via GitHub)" <gi...@apache.org>.

lakewatcher commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1976109507

   @remicres May I ask how to configure the keepalive_pool for the forward-auth plugin? Is it possible that the configuration is too small, leading to blockage issues?
   eg: If the time that spent on permission processing is 100ms and the QPS  is 200, how to  configure keepalive_pool  ? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] help request: oauth2 token in URL? [apisix]

Posted by "lakewatcher (via GitHub)" <gi...@apache.org>.

lakewatcher commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1978060643

   Now the "forward-auth" plugin can configure keepalive and keepalive_pool , and  I don't know how to make them better ..  Thank you all the same


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] remicres commented on issue #8150: help request: oauth2 token in URL?

Posted by GitBox <gi...@apache.org>.

remicres commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1290072998

   I finally managed to do it with the `forward-auth` plugin. Apisix is really great.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] help request: oauth2 token in URL? [apisix]

Posted by "remicres (via GitHub)" <gi...@apache.org>.

remicres commented on issue #8150:
URL: https://github.com/apache/apisix/issues/8150#issuecomment-1976672460

   Hi @lakewatcher ,
   
   Here is why I did (it was a while ago so it might need to be refreshed)
   
   dockerfile
   ```
   FROM apache/apisix
   COPY docker-entrypoint.sh /
   RUN chmod 755 /docker-entrypoint.sh
   ```
   
   The following seems to be a modified entrypoint, a bit ugly but it worked for my poc.
   
   docker-entrypoint.sh
   ```
   #!/usr/bin/env bash
   set -eo pipefail
   PREFIX=${APISIX_PREFIX:=/usr/local/apisix}
   if [[ "$1" == "docker-start" ]]; then
       if [ "$APISIX_STAND_ALONE" = "true" ]; then
           cat > ${PREFIX}/conf/config.yaml << _EOC_
   deployment:
     role: data_plane
     role_data_plane:
       config_provider: yaml
   _EOC_
   
           cat > ${PREFIX}/conf/apisix.yaml << _EOC_
   routes:
     -
       id: myserver
       uri: /*
       upstream:
         nodes:
           $TGT_HOST: 1 # ok
         type: roundrobin
       plugin_config_id: 1
   plugin_configs:
     -
       id: 1
       plugins:
         forward-auth:
           uri: $AUTH_URL
           request_headers: ["Authorization"],
   
   #END
   _EOC_
           /usr/bin/apisix init
       else
           /usr/bin/apisix init
           /usr/bin/apisix init_etcd
       fi
       
       exec /usr/local/openresty/bin/openresty -p /usr/local/apisix -g 'daemon off;'
   fi
   
   exec "$@"
   ```
   
   Build the docker image as `your:image` then test:
   
   ```commandLine
   docker run \
   -e AUTH_URL="http://some-server.com:8008/some/api" \
   -d \
   --name apache-apisix \
   -p 9080:9080 \
   -e APISIX_STAND_ALONE=true your:image
   ```
   
   Hope that helps


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org