shreemaan-abhishek commented on code in PR #11090:
URL: https://github.com/apache/apisix/pull/11090#discussion_r1546345257
##########
apisix/plugins/openid-connect.lua:
##########
@@ -386,7 +400,20 @@ local function introspect(ctx, conf)
else
-- Validate token against introspection endpoint.
-- TODO: Same as above for public key validation.
+ if conf.introspection_addon_headers then
+ -- http_request_decorator option provides by lua-resty-openidc
Review Comment:
```suggestion
-- http_request_decorator option provided by lua-resty-openidc
```
##########
t/plugin/openid-connect6.t:
##########
@@ -155,3 +155,213 @@ passed
}
--- response_body
passed
+
+
+
+=== TEST 4: Update route with Keycloak introspection endpoint and
introspection addon headers.
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "openid-connect": {
+ "client_id": "course_management",
+ "client_secret":
"d1ec69e9-55d2-4109-a3ea-befa071579d5",
+ "discovery":
"http://127.0.0.1:8080/realms/University/.well-known/openid-configuration";,
+ "redirect_uri": "http://localhost:3000";,
+ "ssl_verify": false,
+ "timeout": 10,
+ "bearer_only": true,
+ "realm": "University",
+ "introspection_endpoint_auth_method":
"client_secret_post",
+ "introspection_endpoint":
"http://127.0.0.1:8080/realms/University/protocol/openid-connect/token/introspect";,
+ "introspection_addon_headers": {
+ "X-Addon-Header-A": "VALUE",
Review Comment:
hardcoding values in configuration doesn't make sense, I think the
configuration should just specify header fields which would be extracted from
the original request.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
