-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
help request: how to config proxy server for apisix to process oauth2 via openid-connect #9922
Comments
hi @Sn0rt |
NP. I am take a look now. This text looks very difficult to understand. Can you draw a picture? I can't understand this code at all. I can only guess. |
hi @Sn0rt below is the way we use proxy to access other app in 外网 with proxy in java springboot way ** public WebClient proxyWebClient(
ReactorClientHttpConnector connector,
RncProperties rncProperties,
WebClient.Builder webClientBuilder) {
HttpClient httpClient =
HttpClient.create(myproxyProvider())
.proxy(proxy -> proxy.type(ProxyProvider.Proxy.HTTP)
.host(myProxyProperties.getProxyHost())
.port(Integer.parseInt(myProxyProperties.getProxyPort())));
connector = new ReactorClientHttpConnector(httpClient);
return webClientBuilder
.clientConnector(connector)
.baseUrl(rncProperties.getBaseUrl())
.build();
}
|
How can you see in this picture that APISIX takes over the user's authentication request? |
well, it is my error. - uri: /api/sso/*
service_id: my-admin
plugins:
openid-connect:
client_id: apisix
client_secret: xxx
discovery: https://xxx.com/auth/realms/xxx-xxx/.well-known/openid-configuration
scope: openid
bearer_only: false
realm: xxx-xxx
redirect_uri: /api/sso/callback
logout_path: /api/sso/logout
introspection_endpoint_auth_method: client_secret_post
post_logout_redirect_uri: xxx.com
set_access_token_header: false
set_id_token_header: false
and i did't put this flow in picture |
in short. Do you want APISIX to pass a proxy when using the openid-connect plugin to access the auth service? |
yes, i would like to know how can i use forward proxy in apisix for this plugin of a specified url |
Currently it is not supported to use proxy when using openid-connect. That is the fourth stage in the picture If you want to do it, we are also very welcome, and I can provide necessary help. |
i wish i could find solutions to deal it |
ok. can you close this issues ? |
ok,and may i confirm that is there has a forward proxy apisix plugin now? |
I don't quite understand your question. |
Because our goal is ==> access oauth2 server in another network (外网) during openid-connect work flow So I want to know if there is already a plugin that allows apisix to access a url via the forward proxy server |
Finally, for bros who may encounter this problem in the future too I tried another solution Configure discovery url in openid-connect a new url instead of oauth2 server Let your app like springboot handle the url to forward the request and response using webclient/restTemplate with forward http proxy |
hi @Sn0rt |
你可以讲中文, 我没有非常理解你最后一个问题是什么. |
emmm 想确认一下apisix现在还没有做正向代理 |
APISIX 就不是做这个用的. 包括 nginx . |
是的 不过作为网关来说 不过 插件化的优势 就是能在主业外添加各种各样 那看来现在应该还没有这样的插件😃 |
* docs: add proxy_opts attribute for openid-connect.md (#9922) * test: add proxy_opts attribute for openid-connect.md (#9922) * feat: add proxy_opts attribute for openid-connect (#9922) * fix: openid-connect support http(s) proxy Signed-off-by: Sn0rt <wangguohao.2009@gmail.com> * fix: update openid-connect doc by autocorrect Signed-off-by: Sn0rt <wangguohao.2009@gmail.com> * fix: new response of the 24th test case of openid-connect.t Signed-off-by: Sn0rt <wangguohao.2009@gmail.com> * fix: reindex: t/plugin/openid-connect.t Signed-off-by: Sn0rt <wangguohao.2009@gmail.com> * feat(openid-connect): add proxy_opts attribute * feat: add proxy_opts attribute for openid-connect * feat: add proxy_opts attribute for openid-connect * fix: resolve doc lint --------- Signed-off-by: Sn0rt <wangguohao.2009@gmail.com> Co-authored-by: darksheep404 <sfa_freshman@qq.com> Co-authored-by: Sn0rt <wangguohao.2009@gmail.com> Co-authored-by: monkeyDluffy6017 <monkeydluffy6017@gmail.com>
Description
how to config proxy server for apisix to access oauth2 provider in different network
request background
hi apisix team:
因为有区分内外网隔离环境
访问外部认证服务器需要走代理从内网服务器从内网出外网
在Springboot中需要配置代理服务器 like
这样 使用这个Webclient的请求可以走代理服务器到外网
请问apisix是否支持通过配置来实现这一功能
Environment
The text was updated successfully, but these errors were encountered: