shreemaan-abhishek
commented
8 months ago Hi I am not familiar with the oidc plugin but it seems that this requirement needs custom development.
Open satishviswanathan opened 8 months ago
shreemaan-abhishek
commented
8 months ago Hi I am not familiar with the oidc plugin but it seems that this requirement needs custom development.
satishviswanathan
commented
8 months ago @shreemaan-abhishek - understood. Thankyou for your feedback
kayx23
commented
8 months ago I have not tried openid-connect with authz-casbin but I did attempt your described scenario using openid-connect with authz-keycloak a while ago, so did another user (I am struggling to find their issue in this repo), and it did not work for me.
Description
I have the plugins openid-connect and authuz-casbin enabled. openid-connect plugin will connect to keycloak to authenticate the bearer token and then authuz-casbin for authorization.
Now I'm looking for a way where I can get the roles from keycloak and pass that as an input to casbin plugin to authorize. So when I call by end point I don't want to pass the user header key instead get a role from the jwt and send it to the casbin plugin.
Is this possible to acheive ?
curl -i http://127.0.0.1:9080/res -H 'user: bob' -X GET
Environment
apisix version - 3.6.0 OS : wsl container etcd version, 3.5.7 apisix-dashboard version, if have: 3.0.1