sshniro commented on issue #1272: Support JWT scopes to allow or reject requests in OAuth2 plugin URL: https://github.com/apache/incubator-apisix/issues/1272#issuecomment-599997888 The following is the scenario I have in mind. The getProducts endpoint should be accessible via a token which has the read scope. ```bash curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/getProducts", "plugins": { "proxy-rewrite": { "scheme": "https" }, "openid-connect": { "client_id": "api_six_client_id", "client_secret": "client_secret_code", "discovery": "full_URL_of_the_discovery_endpoint", "required_scope": "read_scope", } } }' ``` And the deleteProducts endpoint should be accessible via the token with a deletescope. ```bash curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/deleteProducts", "plugins": { "proxy-rewrite": { "scheme": "https" }, "openid-connect": { "client_id": "api_six_client_id", "client_secret": "client_secret_code", "discovery": "full_URL_of_the_discovery_endpoint", "required_scope": "delete_scope", } } }' ``` This is how the core OpenID Library is suggesting to handle this scenario. ![image](https://user-images.githubusercontent.com/13045528/76847997-3e90dc80-6843-11ea-9781-baf711176a79.png) https://github.com/zmartzone/lua-resty-openidc#sample-configuration-for-oauth-20-jwt-token-validation
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services