shreemaan-abhishek commented on code in PR #11090: URL: https://github.com/apache/apisix/pull/11090#discussion_r1546345257
########## apisix/plugins/openid-connect.lua: ########## @@ -386,7 +400,20 @@ local function introspect(ctx, conf) else -- Validate token against introspection endpoint. -- TODO: Same as above for public key validation. + if conf.introspection_addon_headers then + -- http_request_decorator option provides by lua-resty-openidc Review Comment: ```suggestion -- http_request_decorator option provided by lua-resty-openidc ``` ########## t/plugin/openid-connect6.t: ########## @@ -155,3 +155,213 @@ passed } --- response_body passed + + + +=== TEST 4: Update route with Keycloak introspection endpoint and introspection addon headers. +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "openid-connect": { + "client_id": "course_management", + "client_secret": "d1ec69e9-55d2-4109-a3ea-befa071579d5", + "discovery": "http://127.0.0.1:8080/realms/University/.well-known/openid-configuration", + "redirect_uri": "http://localhost:3000", + "ssl_verify": false, + "timeout": 10, + "bearer_only": true, + "realm": "University", + "introspection_endpoint_auth_method": "client_secret_post", + "introspection_endpoint": "http://127.0.0.1:8080/realms/University/protocol/openid-connect/token/introspect", + "introspection_addon_headers": { + "X-Addon-Header-A": "VALUE", Review Comment: hardcoding values in configuration doesn't make sense, I think the configuration should just specify header fields which would be extracted from the original request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org