You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/06/13 17:24:32 UTC

[GitHub] [incubator-apisix] sshniro commented on issue #1679: feature : OAuth Authorization plugin for Keycloak

sshniro commented on issue #1679:
URL: https://github.com/apache/incubator-apisix/issues/1679#issuecomment-643652813


   Yes @chnliyong its a subset of PEP.
   
   ![image](https://user-images.githubusercontent.com/13045528/84575018-91c6ec80-adaa-11ea-94f6-662896c1aa1d.png)
   
   In the official authorization adapter, you can define the scopes and paths for your endpoints and Keycloak internally makes these API calls to check if you have the permission to the required scope. Also, in the keycloak policy enforcer file you can opt-out to not to define the paths and the adapters does a lazy loading to fetch the matching paths and resources dynamically.
   
   Therefore as the first implementation I propose to implement this by having the definitions of what is the resource and scope needed to access a route, and future enhancements would support lazy loading of paths and permissions.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org