search

nokia / kong-oidc

OIDC plugin for Kong
Apache License 2.0
465 stars 329 forks source link

Guidance on implementing Authorization based on scope #167

Open harshmanvar opened 4 years ago

harshmanvar commented 4 years ago

i am looking forward to restricting user access based on scope. i am using Kong API gateway here is my docker file used for adding nokia-oidc plugin. https://github.com/nokia/kong-oidc

docker file : 

FROM kong:latest  
USER root
RUN apk update && apk add git unzip luarocks
RUN luarocks install kong-oidc  
USER kong

in token, i am getting scope like "openid profile email"

"session_state": "8d408ace-4692-458c-a7d0-69b19c1ded11",
  "acr": "0",
  "allowed-origins": [
    "*"
  ],
  "scope": "openid profile email",

i am looking how restrict used based on scope exist or not as openid is default one.

Selection_078

it's not working as expected. if myscope not exist in token still i am able to login.

please help thanks in advance...!

harsh4870 commented 4 years ago

Resolve issue by using plugin keycloak-jwt.