OIDC plugin doesn't work with Rate Limiting plugin

[Trojan295]

Hello,

The currently plugin implementation doesn't work with the Rate Limiting plugin. If I configure the Rate Limiting to limit via user credential and use this plugin to determine the user, then it falls back to limiting via IP.

After my investigation I found out, that's it because the field ngx.ctx.authenticated_credential isn't set. Other authentication plugins set this field, so looks this is a missing implementation.

Br, Damian

[tookko]

Most authentication plugins assume that Kong is the authorization server, which is not the case in this plugin. However, if it's as simple to get compatibility with other plugins as setting that field, it would be a simple thing to do. We would also need to ensure that this plugin gets executed before other plugins potentially using the information. See https://github.com/Mashape/kong/issues/267

Would you like to do some testing on if it works better with the field enabled?

[Trojan295]

Kong plugins have a priority mechanism. By default it's set to 0 (get executed as last), which is in case of this plugin also. Looking at other authentication plugins they have priority set to 1000. It's no biggie to change this also.

I already tried to modify this plugin to add injecting this ngx.ctx.authenticated_credential field. I also had to copy the authenticated_credential.sub field to authenticated_credential.id to make it work with Rate Limiting. Looks a bit like a hack, but it needs to be added to be compliant with other Kong authentication plugins and make it useful for other plugins.

I will push this to my forked repository next week.