apisix icon indicating copy to clipboard operation
apisix copied to clipboard

Published 20 hours ago verified publisher icon apache

feat: As a user, I want to authenticate clients by client_id and client_secret headers

Open soulbird opened this issue 3 years ago • 6 comments

Description

We would like to authenticate clients by client_id and client_secret headers. But one key-auth plugin offers just one header to use. I tried to connect 2 key-auth plugins in plugin orchestration section but that didn't work

soulbird avatar Jul 25 '22 02:07 soulbird

Cannot capture the background, could you describe it deliberately?

tokers avatar Jul 26 '22 01:07 tokers

We can set header or query as an array, for example:

"key-auth": {
     "header": ["client_id", "client_secret"]
}

The plugin will then try to read the credential from a header or query string parameter which with the same name configured in header or query array. cc @tokers @spacewander

soulbird avatar Jul 27 '22 08:07 soulbird

@soulbird API keys are bound on APISIX consumers, so will the key-auth plugin contain multiple API keys for the same consumer? Or an API request will map with a few consumers?

tokers avatar Jul 27 '22 08:07 tokers

It's my understanding that the key-auth plugin still contains only one key, but the value of the key can be a combination of client_id and client_secret in the request header. The current value of key comes from header or query , maybe we can add a var_combination configuration to support the combination of multiple variables into a key.

soulbird avatar Jul 27 '22 15:07 soulbird

It's my understanding that the key-auth plugin still contains only one key, but the value of the key can be a combination of client_id and client_secret in the request header. The current value of key comes from header or query , maybe we can add a var_combination configuration to support the combination of multiple variables into a key.

That would be complicated IMHO, I'm not sure if this is reasonable. Since such a rule asks the user to construct a key as per the combination rule.

tokers avatar Jul 28 '22 01:07 tokers

It's my understanding that the key-auth plugin still contains only one key, but the value of the key can be a combination of client_id and client_secret in the request header. The current value of key comes from header or query , maybe we can add a var_combination configuration to support the combination of multiple variables into a key.

That would be complicated IMHO, I'm not sure if this is reasonable. Since such a rule asks the user to construct a key as per the combination rule.

Sounds reasonable, let's see if more people are interested in this feature.

soulbird avatar Jul 28 '22 05:07 soulbird

This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the [email protected] list. Thank you for your contributions.

github-actions[bot] avatar Jul 15 '23 10:07 github-actions[bot]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.

github-actions[bot] avatar Jul 29 '23 10:07 github-actions[bot]