Closed Tieske closed 1 year ago
ioneyed
commented
7 years ago Would it not be considerable to allow the administrators to choose which mechanism for authentication is top priority? it would be interesting to see a way to prioritize the order of plugins for each and every plugin as well as global plugins.
Tieske
commented
7 years ago That will probably be a part of the redesign of the plugin api. But then still this issue is a reminder for the defaults to be used
ioneyed
commented
7 years ago From looking at the development side of plugins it seems there is already an order system in place any reason that this is not exposed in the schema's of the plugins to allow a different order? An order map could be created at an endpoint on the admin to accept an api id/name to see the order of plugins applied based on some database lookups.
https://github.com/Mashape/kong/blob/master/kong/plugins/oauth2/handler.lua#L15
OAuthHandler.PRIORITY = 1000
hbagdi
commented
1 year ago Please use plugin-ordering feature for this purpose. It is an enterprise only feature at the time of this comment.
Multiple auth methods can be combined on an api. To optimize performance the priority of the "external" auth plugins (LDAP, OAuth2-introspection, etc), should be lower than the other ones. This will make sure they will always be tried last as they are slowest.