janmpo opened a new issue, #11106: URL: https://github.com/apache/apisix/issues/11106
### Description As a user, I want to rely on APISIX for everything related with 3rd party authentication / authorization (not my own services), so that I can centralize all API request in APISIX including APIs that do not belong to me. Rationale: nowadays all the management of credentials is done inside the application and every 3rd party imposes you to use user/pass or openidc or oauth2 or others authn / authz mechanisms. In this way I can provide a single entry point to my code and rely on APISIX for the different tasks that involves getting access (i.e.: if it is an oauth2 APISIX will be in charge of getting the token, add the token header to my app REST request, refresh automatically the token, etc) and my code applications will use an APISIX route which is protected as any other route but with the difference that this route is a 3rd party one getting rid off of all the complexity of the different accesses method of API service providers. From the API service provider, it will get the same headers, and will notice no difference, as if it were coded in my client but the magic will be done by APISIX. All SSL handshake and others will be done by APISIX in order to manipulate the headers / messages properly. On top of, all the credentials will be stored on APISIX and my application is not aware of this credentials (only the ones to access APISIX routes). As far as I seen on APISIX keycloak-authz has a mechanisim to get the token via "password_grant_token_generation_incoming_uri" however the idea is that APISIX is in charge of everything not only to deliver the new token to the application. Finally, I don't know if it has sense to include it in APISIX, as far as I read APISIX is related on how to get rid off of the access complexity to your own services instead of third party. Thanks for reading and my apologizes if it has no sense. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
