You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/03/15 02:37:20 UTC
[GitHub] [incubator-apisix] sshniro opened a new issue #1272: Support JWT
scopes to allow or reject requests in OAuth2 plugin
sshniro opened a new issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
URL: https://github.com/apache/incubator-apisix/issues/1272
### Issue description
The JWT contains the scopes available for a user via the scope attribute. Scope represents the capabilities the token has such as `read` or `delete`. It would be good if we can define a required set of scopes and allow or reject the request based on the required scope.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] moonming commented on issue #1272: Support JWT
scopes to allow or reject requests in OAuth2 plugin
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
URL: https://github.com/apache/incubator-apisix/issues/1272#issuecomment-606453871
`required_scope` should be `scope`?
others look good to me.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] membphis commented on issue #1272: Support JWT
scopes to allow or reject requests in OAuth2 plugin
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
URL: https://github.com/apache/incubator-apisix/issues/1272#issuecomment-599171946
can you provide an example?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [incubator-apisix] sshniro commented on issue #1272: Support JWT
scopes to allow or reject requests in OAuth2 plugin
Posted by GitBox <gi...@apache.org>.
sshniro commented on issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
URL: https://github.com/apache/incubator-apisix/issues/1272#issuecomment-599997888
The following is the scenario I have in mind.
The getProducts endpoint should be accessible via a token which has the read scope.
```bash
curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/getProducts",
"plugins": {
"proxy-rewrite": {
"scheme": "https"
},
"openid-connect": {
"client_id": "api_six_client_id",
"client_secret": "client_secret_code",
"discovery": "full_URL_of_the_discovery_endpoint",
"required_scope": "read_scope",
}
}
}'
```
And the deleteProducts endpoint should be accessible via the token with a deletescope.
```bash
curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/deleteProducts",
"plugins": {
"proxy-rewrite": {
"scheme": "https"
},
"openid-connect": {
"client_id": "api_six_client_id",
"client_secret": "client_secret_code",
"discovery": "full_URL_of_the_discovery_endpoint",
"required_scope": "delete_scope",
}
}
}'
```
This is how the core OpenID Library is suggesting to handle this scenario.
https://github.com/zmartzone/lua-resty-openidc#sample-configuration-for-oauth-20-jwt-token-validation
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [apisix] spacewander commented on issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #1272:
URL: https://github.com/apache/apisix/issues/1272#issuecomment-765454260
Is it still in need?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #1272:
URL: https://github.com/apache/apisix/issues/1272
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1272: Support JWT
scopes to allow or reject requests in OAuth2 plugin
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin
URL: https://github.com/apache/incubator-apisix/issues/1272#issuecomment-600104189
@moonming you can take a look
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services