jenskeiner commented on a change in pull request #3308:
URL: https://github.com/apache/apisix/pull/3308#discussion_r561735319
##########
File path: apisix/plugins/authz-keycloak.lua
##########
@@ -224,31 +275,326 @@ local function authz_keycloak_get_token_endpoint(conf)
end
-local function is_path_protected(conf)
- -- TODO if permissions are empty lazy load paths from Keycloak
- if conf.permissions == nil then
- return false
+local function authz_keycloak_get_resource_registration_endpoint(conf)
+ return authz_keycloak_get_endpoint(conf, "resource_registration_endpoint")
+end
+
+
+-- computes access_token expires_in value (in seconds)
+local function authz_keycloak_access_token_expires_in(opts, expires_in)
+ return (expires_in or opts.access_token_expires_in or 300)
+ - 1 - (opts.access_token_expires_leeway or 0)
+end
+
+
+-- computes refresh_token expires_in value (in seconds)
+local function authz_keycloak_refresh_token_expires_in(opts, expires_in)
+ return (expires_in or opts.refresh_token_expires_in or 3600)
+ - 1 - (opts.refresh_token_expires_leeway or 0)
+end
+
+
+local function authz_keycloak_ensure_sa_access_token(conf)
+ local client_id = authz_keycloak_get_client_id(conf)
+ local ttl = conf.cache_ttl_seconds
+ local token_endpoint = authz_keycloak_get_token_endpoint(conf)
+
+ if not token_endpoint then
+ log.error("Unable to determine token endpoint.")
+ return 500, "Unable to determine token endpoint."
+ end
+
+ local session = authz_keycloak_cache_get("access_tokens", token_endpoint
.. ":"
+ .. client_id)
Review comment:
See above, we're now requiring `client_id` (or `audience`).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
