apisix
apisix copied to clipboard
feat: `authz-casdoor` should support fetching access token using username and password
Description
Hello, I am doing a POC with Apisix and Casdoor. I wanted to use the flow "Resource owner password credentials grant" to let my user use only their username and password to authenticate to an application. Everything is done programmaticaly. Nevertheless, I don't see an option or a method to do that. It's natively supported by the keycloak plugin ("UMA") but not for openid-connect.
I believe the request rewrite could do the job but I am not sure about security. Thanks for your help !
Environment
- APISIX version (run
apisix version
): 3.9 - Operating system (run
uname -a
): Redhat (Docker Image apache/apisix:3.9.0-redhat) - OpenResty / Nginx version (run
openresty -V
ornginx -V
): See above - etcd version, if relevant (run
curl http://127.0.0.1:9090/v1/server_info
): Not using etcd but standalone mode
I find it difficult to understand your problem. Right now, it seems that you are trying to use a feature from Casdoor but it doesn't work.
Are there any error logs? Is APISIX missing some configuration parameters? ?
Hello and thanks for your answer
The Resource Owner Password Credentials (ROPC) grant flow lets the client use the resource owner's user name and password to get an access token.
I have an API behind APISIX. APISIX check the authentication via Casdoor. When a user wants to get a token for the API, it goes to Casdoor, request a token by providing a client_id, username and password.
I would like to hide the client_id and that the user only provides his username / password. Exactly like what the keycloak plugin does : https://apisix.apache.org/docs/apisix/3.1/plugins/authz-keycloak/#generating-a-token-using-password-grant
Is it something I need to code myself or is it something that apisix is able to natively handle ?
Thanks
I have minimal experience in working with the casdoor/keycloak/oidc plugins but I can confirm that client-secret
is a required field for authz-casdoor
plugin.
https://github.com/shreemaan-abhishek/apisix/blob/07b3cc3f63db8fc4ae3706baa324a76ee3049338/apisix/plugins/authz-casdoor.lua#L36-L38
is it something that apisix is able to natively handle ?
No APISIX doesn't yet support this.