[I] help request: APISIXRoute with openid-connect plugin: Supporting multiple client IDs? [apisix]

Mon, 06 Nov 2023 00:04:16 -0800 


csotiriou opened a new issue, #10454:
URL: https://github.com/apache/apisix/issues/10454

   ### Description
   
   I have the following simple **use case** using **APISIX Ingress Controller** 
with OpenID connect (with Keycloak as the OpenID provide, I don't know if that 
plays a role). I believe, however, that my question may apply to APISIX itself, 
and not just the Ingress Controller use case.
   
   - ClientID1 has to be able to access APIs A1, A2, A3
   - ClientID2 has to be able to access A2,A3,A4
   
   As you can see, there will be APIs that need to be able to be accessed by 
more than one client (such as A2 and A3).
   
   My question is:
   Can I have a configuration in an APISIXRoute with the openid plugin 
configured multiple times but with different client id? below is an example of 
a route that I want to be accessed with a valid token from either ClientID1 or 
ClientID2 `client_credentials` token
   
   ```yaml
   apiVersion: apisix.apache.org/v2
   kind: ApisixRoute
   metadata:
     name: api2-apisix
   spec:
     http:
     - name: echo2http
       match:
         hosts:
         - echo2.k8s.orb.local
         paths:
         - "/*"
       backends:
       - serviceName: echoserver2-service
         servicePort: 80
       plugins:
         - name: "openid-connect"
           enable: true
           config:
             client_id: "ClientID1"
             client_secret: "ljyo3d9bbDqOvQYBMP9Bgr6HjoDuQegV"
             discovery: ".....apisixrealm/.well-known/openid-configuration"
             bearer_only: true
             realm: "apisixrealm"
         - name: "openid-connect"
           enable: true
           config:
             client_id: "ClientID2"
             client_secret: "..."
             discovery: "....apisixrealm/.well-known/openid-configuration"
             bearer_only: true
             realm: "apisixrealm"
   ```
   
   Is something like this supported? If not, is there any other way I can 
support my use case?
   
   Thank you in advance
   
   ### Environment
   
   I'm using APISIX Ingress Controller installed in Kubernetes, a very simple 
configuration using the defaults.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to