vincentClaudel commented on issue #10986: URL: https://github.com/apache/apisix/issues/10986#issuecomment-1978241940
> Could you elaborate by providing an example? Currently the way in APISIX is: say the route uri is /oidc/* and the plugin redirect uri is /oidc/redirect_uri (this should also be whitelisted in the openid provider), any subpaths of /oidc/* /oidc/whatever/whatever will match this route and authenticate using oidc. I was thinking about these use case. Three domains _a.testing.apisix.com_, _b.testing.apisix.com_ and a _auth.testing.apisix.com_. Endpoints A and B are applicative endpoints, the third one is the owner of the auth callback route. A and B could be protected by the gateway API as long as the authentication callback set the auth cookie on _.testing.apisix.com_. In this case, one can just whitelist _auth.testing.apisix.com_ on its openID provider and protect any endpoint sharing the same subdomain. Gloo for instance works that way as well. Hope it is clearer. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
