[GitHub] [apisix] spacewander commented on a change in pull request #4978: docs(openid-connect): add Authentication through OIDC Relying Party flow description

[GitBox <gi...@apache.org>]

spacewander commented on a change in pull request #4978:
URL: https://github.com/apache/apisix/pull/4978#discussion_r702410358



##########
File path: docs/zh/latest/plugins/openid-connect.md
##########
@@ -142,6 +142,41 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13
 }'
 ```
 
+#### 通过 OIDC 依赖方认证流程进行身份验证
+
+当一个请求在请求头或会话 Cookie 中不包含访问令牌时，
+插件可以充当 OIDC 依赖方并重定向到身份提供者的授权端点以通过 OIDC 授权代码流程；
+请参阅 https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth 。
+一旦用户通过身份提供者进行身份验证，插件将代表用户从身份提供者获取和管理访问令牌和更多信息。
+该信息当前存储在会话 cookie 中，该插件将识别 cookie 并使用其中的信息，以避免再次执行认证流程。
+
+以下命令将此操作模式添加到路由：
+
+```bash
+curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+  "uri": "/get",
+  "plugins": {
+    "proxy-rewrite": {
+      "scheme": "https"
+    },
+    "openid-connect": {
+      "client_id": "api_six_client_id",
+      "client_secret": "client_secret_code",
+      "discovery": "full_URL_of_the_discovery_endpoint",
+      "bearer_only": false,
+      "realm": "master"
+}
+  },
+  "upstream": {
+    "type": "roundrobin",
+    "nodes": {
+      "httpbin.org:443": 1
+    }
+  }
+}'
+```
+

Review comment:
       Does the zh version miss the translation of "In this case, the plugin can enforce that the access token, the ID token, and the UserInfo object get set in respective configured request headers."?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org