AlinsRan opened a new pull request, #13381: URL: https://github.com/apache/apisix/pull/13381
## Summary Add the `dingtalk-auth` plugin that integrates [DingTalk](https://www.dingtalk.com/) (Ding Talk / 钉钉) OAuth 2.0 authentication into APISIX routes. ## How it works 1. When a request arrives without a valid session cookie, the plugin checks for a DingTalk authorization code in a configurable query parameter (default: `code`) or HTTP header (default: `X-DingTalk-Code`). 2. If no code is found, the request is redirected (302) to the configured `redirect_uri` (typically the DingTalk OAuth login page). 3. If a code is present, the plugin exchanges it for an access token via the DingTalk token API (`access_token_url`), then retrieves user information from the DingTalk user info API (`userinfo_url`). 4. The access token is cached in an LRU cache (TTL: 7000 s) to avoid redundant requests. 5. Verified user information is stored in an encrypted `lua-resty-session` v4 cookie session. Subsequent requests carrying the session cookie bypass all DingTalk API calls. 6. When `set_userinfo_header` is `true` (default), the upstream receives the user information in the `X-Userinfo` header as a Base64-encoded JSON object. ## Key attributes | Attribute | Default | Notes | |-----------|---------|-------| | `app_key` | — | Required | | `app_secret` | — | Required; stored encrypted | | `secret` | — | Required; 8–32 chars; stored encrypted | | `redirect_uri` | — | Required | | `code_query` | `code` | Query param name for the auth code | | `code_header` | `X-DingTalk-Code` | Header name for the auth code | | `cookie_expires_in` | `86400` | Session cookie TTL in seconds | | `secret_fallbacks` | — | Supports zero-downtime key rotation | Plugin priority: **2430** (between `key-auth` 2500 and `consumer-restriction` 2400). ## Changes - `apisix/plugins/dingtalk-auth.lua` — plugin implementation - `t/plugin/dingtalk-auth.t` — test suite (13 test cases) - `docs/en/latest/plugins/dingtalk-auth.md` — English documentation - `conf/config.yaml.example` — register plugin in default list - `docs/en/latest/config.json` — add to sidebar navigation - `t/admin/plugins.t` — register plugin in admin test list -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
