You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by "benatbermejo (via GitHub)" <gi...@apache.org> on 2023/05/31 14:06:37 UTC

[GitHub] [apisix] benatbermejo opened a new issue, #9583: help request: Consumer and Oauth 2.0 with Openid-connect

benatbermejo opened a new issue, #9583:
URL: https://github.com/apache/apisix/issues/9583

   ### Description
   
   I want to define traffic control restrictions for different consumers using Oauth 2.0 protocol.
   
   Is there a way to do it?
   
   I have defined Openid-connect pluging on routes with a instrospect endpoint to validate the tokens. The introspect service response contains the user-id and is saved on X-Userinfo header.  But there is no way to define a consumer with Openid-connect pluging. Would be nice to do that to avoid complex workflows on routes.
   
   
   ### Environment
   
   - APISIX version (run `apisix version`):3.2
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] help request: Consumer and Oauth 2.0 with Openid-connect [apisix]

Posted by "poostwoud (via GitHub)" <gi...@apache.org>.

poostwoud commented on issue #9583:
URL: https://github.com/apache/apisix/issues/9583#issuecomment-1884607128

   Using openid to identify the consumer would be a great feature. Why not use the client id and secret in the openid configuration for this? This would be similar to setting for example a key using key-auth right?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] starsz commented on issue #9583: help request: Consumer and Oauth 2.0 with Openid-connect

Posted by "starsz (via GitHub)" <gi...@apache.org>.

starsz commented on issue #9583:
URL: https://github.com/apache/apisix/issues/9583#issuecomment-1575956739

   > Is there a way to do it?
   Yes, now we don't support enabling Openid-connect plugin with consumers.
   But we can use `openid-connect plugin` and another auth plugin like key-auth to restrict the client.
   
   > It Would be nice to do that to avoid complex workflows on routes.
   I think it's a good idea.Let's hear from others


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] help request: Consumer and Oauth 2.0 with Openid-connect [apisix]

Posted by "cortex35 (via GitHub)" <gi...@apache.org>.

cortex35 commented on issue #9583:
URL: https://github.com/apache/apisix/issues/9583#issuecomment-1956631312

   Hello, thank you for your fantastic work. 
   
   We would like to use apisix, but we are stuck on one point. We want to utilize our identity provider with OpenID Connect and manage access restrictions through apisix. 
   
   I dont understand how use  key-auth plugin with openid-connect, we have to add a consumer api key to header in addition of access token ?
   
   Initially, I thought of using openid-connect plugins along with consumer related plugins like consumer-restriction or limit-*. However, based on my understanding from the issue and documentations I’ve found, it seems this is not currently possible.  Did i miss something ? 
   
   Is there a specific limitation preventing this feature ? 
   
   Could the openid-connect plugin check, for exemple, the "sub" in the access token and associate it with an apisix consumer ? 
   
   Thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] help request: Consumer and Oauth 2.0 with Openid-connect [apisix]

Posted by "coffee-coder99 (via GitHub)" <gi...@apache.org>.

coffee-coder99 commented on issue #9583:
URL: https://github.com/apache/apisix/issues/9583#issuecomment-2021281788

   I'm not sure where this feature stands, but we are looking to do the same. In the past I have requested a feature, and even offered to do the work myself with a PR. I still have not heard back on whether that would be welcome for that feature. Would it be welcome by the maintainers for this feature as well?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org