apisix icon indicating copy to clipboard operation
apisix copied to clipboard

Published 20 hours ago verified publisher icon apache

Hope "forward auth" can set cache time,and, Options requests can be approved

Open jiangxiulong opened this issue 1 year ago • 9 comments

Description

  1. Because without caching, the pressure on the auth service would be significant. Of course, the auth service itself can have caching, but there will still be HTTP overhead

  2. Options requests can be approved, which enhances out of the box and is more convenient, eliminating the need for excessive processing in the auth service

We hope your company can consider this. Thank you

jiangxiulong avatar Jan 11 '24 06:01 jiangxiulong

@Sn0rt @shreemaan-abhishek

sheharyaar avatar Jan 11 '24 14:01 sheharyaar

would you like to contribute this?

shreemaan-abhishek avatar Jan 14 '24 13:01 shreemaan-abhishek

I am working on other issues right now.

sheharyaar avatar Jan 14 '24 15:01 sheharyaar

@sheharyaar no not you, I was asking @jiangxiulong.

shreemaan-abhishek avatar Jan 15 '24 16:01 shreemaan-abhishek

@shreemaan-abhishek Sorry, I think my current abilities are not enough

jiangxiulong avatar Jan 16 '24 07:01 jiangxiulong

@jiangxiulong Hi, Please provide your usage scenario. I think that for the authentication system, the probability of repeated authentication requests from the same user is very small. For requests from a large number of users, I think caching at the gateway layer has no practical significance.

smileby avatar Feb 07 '24 09:02 smileby

@smileby Thank you, good New Year. I have several services, and except for logging in, I have used 'forward auth' with a token to verify the auth service. It passes normal access and does not pass directly through 403, which means that all interfaces need to access the auth service before reaching the business layer. I am a bit worried about the pressure on the auth service, so I am considering adding a cache in this layer that can directly solve the problem

I don't know if my usage is incorrect?

jiangxiulong avatar Feb 20 '24 04:02 jiangxiulong

@smileby Thank you, good New Year. I have several services, and except for logging in, I have used 'forward auth' with a token to verify the auth service. It passes normal access and does not pass directly through 403, which means that all interfaces need to access the auth service before reaching the business layer. I am a bit worried about the pressure on the auth service, so I am considering adding a cache in this layer that can directly solve the problem

I don't know if my usage is incorrect?

I don't think it's universal, maybe there's something wrong with my understanding, let's see what other people think

smileby avatar Feb 22 '24 01:02 smileby