seanleblanc commented on issue #6260:
URL: https://github.com/apache/apisix/issues/6260#issuecomment-1034182182
Sure, this is our most recent config, which kind of works. I see that adding
the public key works, but without that, it seems to try to do something like
POSTing to introspection_endpoint? It seems the scope value is not used to
inspect the scope(s) in the token, but instead is used somehow with these
endpoints? So basically any valid token gets through.
{
"access_token_in_authorization_header": true,
"bearer_only": true,
"client_id": "unconfigured",
"client_secret": "unconfigured",
"disable": false,
"discovery":
"https://KEYCLOAKHOST/auth/realms/REALM/.well-known/openid-configuration";,
"public_key": "-----BEGIN PUBLIC KEY-----\....KEY\n-----END PUBLIC
KEY-----"
}
The samples you are showing seem to be from authz-keycloak? We are using
keycloak for testing, but are likely to be using something else in other
envs/projects. Will authz-keycloak interop only with Keycloak, or can it be
used with any JWT token provider, assuming it has endpoints for certs? Also, in
that sample up above for authz-keycloak, it has a client_id value, how is that
used? Is it expecting the jwt token to have that client_id as a value, or is it
somehow using that to authenticate to Keycloak for some reason?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
