Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Supplements the openid-connect configuration doc #11330

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

docs: Supplements the openid-connect configuration doc #11330

wants to merge 2 commits into from

Conversation

wensenz
Copy link

@wensenz wensenz commented Jun 5, 2024

This configuration is used when token introspection endpoints require additional parameters

Description

Supplements the openid-connect configuration document

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)
@wensenz
Update openid-connect.md
b953a86 
This configuration is used when token introspection endpoints require additional parameters
@moonming moonming requested a review from kayx23 June 5, 2024 07:14
@kayx23
Copy link
Member

kayx23 commented Jun 5, 2024

Will need to add this to the schema of apisix/plugins/openid-connect.lua as well and update the English doc.

Preferably add a test case.
@kayx23 kayx23 added the wait for update wait for the author's response in this issue/PR label Jun 7, 2024
@wensenz
Copy link
Author

wensenz commented Jun 14, 2024

Will need to add this to the schema of apisix/plugins/openid-connect.lua as well and update the English doc.

Preferably add a test case.

done..
@kayx23
Copy link
Member

kayx23 commented Jun 14, 2024

Will need to add this to the schema of apisix/plugins/openid-connect.lua as well and update the English doc.
Preferably add a test case.

done..

schema is not updated? in apisix/plugins/openid-connect.lua
@wensenz
Copy link
Author

wensenz commented Jun 17, 2024

Will need to add this to the schema of apisix/plugins/openid-connect.lua as well and update the English doc.
Preferably add a test case.

done..

schema is not updated? in apisix/plugins/openid-connect.lua

This is not necessary. In apisix/plugins/openid-connect.lua:413 -> lua-resty-openidc/lib/resty/openidc.lua:1740, the introspection_params is already supported.
@wensenz
Copy link
Author

wensenz commented Jun 17, 2024

Configure the plugin like this, it works

"plugins": {
    "openid-connect": {
      "_meta": {
        "disable": false
      },
      "bearer_only": true,
      "client_id": "your client_id",
      "client_secret": "your client_secret",
      "discovery": "http://your host/.well-known/openid-configuration",
      "introspection_endpoint": "http://your host/api/login/oauth/introspect",
      "introspection_endpoint_auth_method": "client_secret_basic",
      "introspection_params": {
        "token_type_hint": "access_token"
      }
    }
  },
@kayx23
Copy link
Member

kayx23 commented Jun 19, 2024

Yes it will work; however introspection_params should still be added to the plugin schema. The other parameters supported by lua-resty-openidc and APISIX were also added to schema in the same way. @shreemaan-abhishek thoughts?
@kayx23 kayx23 added discuss and removed wait for update wait for the author's response in this issue/PR user responded labels Jun 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
discuss
2 participants
@wensenz @kayx23