desidia26 opened a new issue, #7689: URL: https://github.com/apache/apisix/issues/7689
### Description I am attempting to put some services behind APISIX in such a manner that some services are behind an OIDC plugin, and others are not. Deployment was done via the [apisix/docker docker-compose](https://github.com/apache/apisix-docker/blob/master/example/docker-compose.yml) Configuration: Routes: ``` { "uri": "/thing/*", "name": "httpbin", "methods": [ "GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "CONNECT", "TRACE" ], "plugins": { "openid-connect": { "bearer_only": false, "client_id": "apisix", "client_secret": "somesecret", "disable": false, "discovery": "http://host.docker.internal:8091/auth/realms/my-realm/.well-known/openid-configuration";, "introspection_endpoint_auth_method": "client_secret_post", "realm": "my-realm", "redirect_uri": "http://localhost:9080/";, "scope": "openid profile" }, "proxy-rewrite": { "regex_uri": [ "/thing/(.*)", "/$1" ] } }, "upstream_id": "421225011701875398", "status": 1 } ``` Upstreams: ``` { "nodes": [ { "host": "httpbin.org", "port": 80, "weight": 1 } ], "timeout": { "connect": 6, "send": 6, "read": 6 }, "type": "roundrobin", "scheme": "http", "pass_host": "pass", "name": "httpbin", "keepalive_pool": { "idle_timeout": 60, "requests": 1000, "size": 320 } } ``` If I visit `http://localhost:9080/thing/get` (what I expect would be the equivalent of http://httpbin.org/get), I am routed to my IdP as expected, and then am redirected to: `http://localhost:9080/?state=3f8d35d79a43728d1419a0ba3192c82a&session_state=129b46da-8448-4dbe-8a90-01dc51844d21&code=bfa03039-ba35-413b-9bbd-ae97042f0d99.129b46da-8448-4dbe-8a90-01dc51844d21.3be76236-43a2-4f3f-a3a9-ccce5defb966`, which APISIX give a `{"error_msg":"404 Route Not Found"}` for. I tried setting the `redirect_uri` to something like `http://localhost:9080/thing/redirect`, but that sends me down the `request to the redirect_uri path but there's no session state found` rabbit hole. Of course everything works if I change the route to match on`/*`, but doesn't this make it so that I can no longer have some services that *aren't* behind the plugin? Any help on the matter would be greatly appreciated. Also let me know if I'm forgetting to elaborate on anything. ### Environment - APISIX version (run `apisix version`): `**2.15.0**` - Operating system (run `uname -a`): `**Linux dad329b3f8dd 5.10.104-linuxkit #1 SMP Thu Mar 17 17:08:06 UTC 2022 x86_64 Linux**` - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): `**nginx version: openresty/1.21.4.1**` - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
