tzssangglass commented on code in PR #7690:
URL: https://github.com/apache/apisix/pull/7690#discussion_r947408785
##########
apisix/plugins/openid-connect.lua:
##########
@@ -263,7 +263,22 @@ function _M.rewrite(plugin_conf, ctx)
end
if not conf.redirect_uri then
- conf.redirect_uri = ctx.var.request_uri
+ -- NOTE: 'lua-resty-openidc' requires that 'redirect_uri' be
+ -- different from 'uri'. So default to append the
+ -- '.apisix/redirect' suffix if not configured.
+ local suffix = "/.apisix/redirect"
+ local uri = ctx.var.uri
+ if core.string.has_suffix(uri, suffix) then
+ -- This is the redirection response from the OIDC provider.
+ conf.redirect_uri = uri
+ else
+ if string.sub(uri, -1, -1) == "/" then
+ conf.redirect_uri = string.sub(uri, 1, -2) .. suffix
+ else
+ conf.redirect_uri = uri .. suffix
+ end
+ end
+ core.log.debug("auto set redirect_uri: ", conf.redirect_uri)
Review Comment:
When there is no `conf.redirect_uri`, it looks like we generate
`redirect_uri` for each request(except for the real redirect from IdP).
Can we inject a default value for `redirect_uri` when we add the
`openid-connect` plugin.
For example:
1. we require that the match condition for a road has to be a prefix match,
like `/openid/*`, then redirect_uri defaults to `/openid/.apisix/redirect`.
Listen to what others say.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
