Hi, Peter, I just found the Discussion[1], could you please provide some hints or suggestions if you're familiar with it?
[1] https://github.com/apache/apisix/discussions/5547 Best Regards! @ Zhiyuan Ju <https://github.com/juzhiyuan> Peter Zhu <[email protected]> 于2021年11月27日周六 下午5:42写道: > Hi, singhjoga. > > > What do you think? Is it possible to do? Are there any challenges in it? > > Good idea! And I had tried to test it in my local environment, and it > works! > In my opinion, I think it's not very difficult. > You can try to write some variables (like name, sub id ) into ctx.var. Then > we can limit by those variables in limit-* plugins. > > Looking forward to your PR, and if you need any help, let me know. > > > singhjoga <[email protected]> 于2021年11月27日周六 上午2:01写道: > > > Yes, that is what I mean to say. > > > > On Fri, 26 Nov 2021 at 03:59, ZhengSong Tu <[email protected]> > wrote: > > > > > 1. Did you mean to put the consumer_name to the ctx in open-connect > > plugin? > > > 2. Then we can limit by consumer_name in limit-* plugins. > > > > > > *ZhengSong Tu* > > > My GitHub: https://github.com/tzssangglass > > > Apache APISIX: https://github.com/apache/apisix > > > > > > Joga, singh <[email protected]> 于2021年11月26日周五 上午12:26写道: > > > > > > > > Hi Guys, > > > > I was advised on the discussions group to post my query here to see > if > > > somebody has already similar in mind. > > > > > > > > I have my consumers already defined in Keycloak. Consumers get the > > token > > > using Client Credentials flow i.e. using ClientId and ClientSecret. > Using > > > ‘openid-connect’ plugin I am able successfully authenticate/authorize > the > > > consumers. However, I would like to implement rate limiting based on > > > consumer name, because due to some reason I cannot do it based on > > consumer > > > ip address. > > > > Therefore, I need a way to identify the consumer from the token. I > know > > > that APISIX does not support this now. But I think with a small change > in > > > the ‘openid-connect’ plugin, it should be possible to do, because the > > > response from ‘introspection_endpoint’ already contains the attributes > > > (e.g. username, clientId etc.) needed to identify the consumer. > > > > > > > > I think ‘ladp_auth’ plugin already does this. > > > > > > > > What do you think? Is it possible to do? Are there any challenges in > > it? > > > > If yes, I would like to try my hands on this. Therefore, would need > > > getting started tips/hints for building, compiling and other related > > > processes. > > > > > > > > Best Regards, > > > > > > > > Joga > > > > > > > > > > > > Hyundai AutoEver Europe GmbH > > > > Kaiserleistr. 8A, 63067 Offenbach a.M., Deutschland > > > > Geschäftsführer/CEO: Jong-Il Yun Registergericht/registration > court: > > > Amtsgericht Offenbach Registernummer/registration number: HRB 42684 > > > USt-IdNr./tax ID-no.: DE252841722 > > > > > >
