apisix icon indicating copy to clipboard operation
apisix copied to clipboard

Published 20 hours ago verified publisher icon apache

help request: openid-connect and authz-casbin

Open satishviswanathan opened this issue 1 year ago • 3 comments

Description

I have the plugins openid-connect and authuz-casbin enabled. openid-connect plugin will connect to keycloak to authenticate the bearer token and then authuz-casbin for authorization.

Now I'm looking for a way where I can get the roles from keycloak and pass that as an input to casbin plugin to authorize. So when I call by end point I don't want to pass the user header key instead get a role from the jwt and send it to the casbin plugin.

Is this possible to acheive ?

curl -i http://127.0.0.1:9080/res -H 'user: bob' -X GET

Environment

apisix version - 3.6.0 OS : wsl container etcd version, 3.5.7 apisix-dashboard version, if have: 3.0.1

satishviswanathan avatar Jan 29 '24 19:01 satishviswanathan

Hi I am not familiar with the oidc plugin but it seems that this requirement needs custom development.

shreemaan-abhishek avatar Jan 30 '24 06:01 shreemaan-abhishek

@shreemaan-abhishek - understood. Thankyou for your feedback

satishviswanathan avatar Jan 30 '24 15:01 satishviswanathan

I have not tried openid-connect with authz-casbin but I did attempt your described scenario using openid-connect with authz-keycloak a while ago, so did another user (I am struggling to find their issue in this repo), and it did not work for me.

kayx23 avatar Feb 07 '24 16:02 kayx23