You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by "hamlinzheng (via GitHub)" <gi...@apache.org> on 2023/03/19 15:17:11 UTC

[GitHub] [apisix] hamlinzheng opened a new issue, #9110: help request: The effective time of the OpenID Connect Plugin in session mode

hamlinzheng opened a new issue, #9110:
URL: https://github.com/apache/apisix/issues/9110

   ### Description
   
   Thank you very much for your wonderful work!
   I use OpenID Connect Plugin with OIDC Provider([Authing](https://www.authing.cn/) OR [Casdoor](https://casdoor.org/zh/docs/integration/lua/apisix)) in my web project, I try to follow the [tutorial](https://apisix.apache.org/docs/apisix/plugins/openid-connect/), and it works fine, i can get OIDC auth with setting `bearer_only` to false.
   However, I have observed that my visits are often redirected to OIDC Provider to re-authenticate (about a few minutes), I think this is abnormal because I set the `access_token` expiration time in OIDC to 14 days. So is this an issue of the session timeliness on the APISIX side?
   The second problem is that when i set `bearer_only` to true, i can use Bearer token in header to access, but when i set `bearer_only` to false, i can't access with the same token, I want to know what's wrong with my operation.
   As https://github.com/apache/apisix/issues/5761
   
   Here is the result of accessing the protected httpbin:
   ![2023-03-19_22-41_1](https://user-images.githubusercontent.com/42463835/226184417-eeb5c637-3a60-4ddd-a68a-9c87358eba49.jpg)
   
   By the way, the generated cookie is too long, is there a way to reduce it?
   ![2023-03-19_22-41](https://user-images.githubusercontent.com/42463835/226184435-17d4c53e-5e5b-416d-86eb-b80f5fe41b7b.jpg)
   
   
   I appreciate your support very much.
   
   ### Environment
   
   I try apisix with latest [apisix-docker](https://github.com/apache/apisix-docker)
   - APISIX version (run `apisix version`): 3.2.0
   - Operating system (run `uname -a`): Ubuntu20 with Docker version 23.0.1, build a5ee5b1
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): 3.4.15
   - APISIX Dashboard version, if relevant: 3.0.0
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] kingluo commented on issue #9110: help request: The effective time of the OpenID Connect Plugin in session mode

Posted by "kingluo (via GitHub)" <gi...@apache.org>.

kingluo commented on issue #9110:
URL: https://github.com/apache/apisix/issues/9110#issuecomment-1592751177

   @hamlinzheng check the error.log and find something useful to locate this issue. Maybe you should set the log level to DEBUG.
   https://github.com/zmartzone/lua-resty-openidc/blob/734a3f4dba0faf037abe993c678e43b1bab3025a/lib/resty/openidc.lua#L1359


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org