kong-plugin-jwt-keycloak icon indicating copy to clipboard operation
kong-plugin-jwt-keycloak copied to clipboard

Published 20 hours ago verified publisher icon gbbirkisson

Adapt the plugin to kong v3.0.0

Open hanfi opened this issue 2 years ago • 5 comments

based on the new kong upgrade, the handler declaration and the schema declaration were fixed https://docs.konghq.com/gateway/latest/upgrade/

hanfi avatar Sep 16 '22 09:09 hanfi

I am not sure, if this PR will ever be merged, given the statement in the README Screenshot 2022-09-20 at 08 48 31

Maybe it is time to start looking for a new maintainer and a new home for this plugin. We are interested in keeping this plugin alive and would support any efforts in this matter.

I can see a few forks that actually contain somewhat recent commits. I will try to chime in the Maintainers, let's discuss this.

Morl99 avatar Sep 20 '22 06:09 Morl99

@hanfi I tried your PR with kong 3.0 and keycloak 18.0 when trying to reach endpoint with valid token, get this ..ocal/share/lua/5.1/kong/plugins/jwt-keycloak/handler.lua:327: attempt to index field 'super' (a nil value), it looks access function is not part of super JwtKeycloakHandler.super.access(self) code auto-complete also doesen't list access under super. only new is under super available.

gruppferi avatar Nov 02 '22 09:11 gruppferi

@gruppferi sry mate saw this one but didn't had time to fix it yet.

https://docs.konghq.com/gateway/latest/plugin-development/custom-logic/

image

https://github.com/Kong/kong-plugin

i have to fix this and make a commit.

hanfi avatar Nov 03 '22 12:11 hanfi

and since you are in the OIDC plugin PR also i'll fix it in both

hanfi avatar Nov 03 '22 12:11 hanfi

i did the commit, it's just two lines to delete :D try and tell me if it works for you.

hanfi avatar Nov 03 '22 13:11 hanfi

Hey @hanfi , could you please tag your repo as v1.1.1-0 ( with those changes) ?

Since if we pulling master and you add new changes it may break

Btw its working with kong 3.1.1 and ttps://github.com/revomatico/kong-oidc.git

sqoshi avatar Feb 07 '23 11:02 sqoshi

@sqoshi here tag pushed thx for the update https://github.com/hanfi/kong-plugin-jwt-keycloak/releases/tag/v1.1.1-0

hanfi avatar Feb 07 '23 15:02 hanfi

I'm using https://github.com/revomatico/kong-oidc for oidc and your repository for jwt. I enabled 2 plugin with scope required is user. When i get access token and connect to service with:

#!/bin/bash

auth_url='http://localhost:8080/'
realm_name='kong'
client_id='kong_client'
client_secret='CEkLLq8qhWvHhccWxk5LSirfWM0hkcDm'
username='user1'
password='123abc'
url='http://localhost:8000/httpbin2'
token=$(curl -X POST \
    "${auth_url}/realms/${realm_name}/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "client_id=${client_id}" \
    -d "client_secret=${client_secret}" \
    -d "username=${username}" \
    -d "password=${password}" \
    -d "grant_type=password" | jq -r '.access_token')

The connection successed authen with scope 'user'. But when I visit the configured route in kong with browser i get redirected to keycloak to authenticate and after success auth i get this error:

{"message":"Unauthorized"} Is this error by cookie? Can you help me this? @hanfi

ahhduy avatar Mar 14 '23 04:03 ahhduy

@ahhduy you should put this in a separate issue, this issue should not be a general Q&A issue, but be related to the kong 3 upgrade.

Morl99 avatar Mar 15 '23 07:03 Morl99

I am about to archive this repository. Please move your issues/PRs the successor of this repo: https://github.com/telekom-digioss/kong-plugin-jwt-keycloak

gbbirkisson avatar Aug 14 '23 14:08 gbbirkisson