yuweizzz commented on code in PR #11090:
URL: https://github.com/apache/apisix/pull/11090#discussion_r1557117202
##########
t/plugin/openid-connect6.t:
##########
@@ -155,3 +155,213 @@ passed
}
--- response_body
passed
+
+
+
+=== TEST 4: Update route with Keycloak introspection endpoint and
introspection addon headers.
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "openid-connect": {
+ "client_id": "course_management",
+ "client_secret":
"d1ec69e9-55d2-4109-a3ea-befa071579d5",
+ "discovery":
"http://127.0.0.1:8080/realms/University/.well-known/openid-configuration";,
+ "redirect_uri": "http://localhost:3000";,
+ "ssl_verify": false,
+ "timeout": 10,
+ "bearer_only": true,
+ "realm": "University",
+ "introspection_endpoint_auth_method":
"client_secret_post",
+ "introspection_endpoint":
"http://127.0.0.1:8080/realms/University/protocol/openid-connect/token/introspect";,
+ "introspection_addon_headers":
["X-Addon-Header-A", "X-Addon-Header-B"]
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 5: Obtain valid token and access route with it, introspection work as
expected when configured extras headers.
+--- config
+ location /t {
+ content_by_lua_block {
+ -- Obtain valid access token from Keycloak using known username
and password.
+ local json_decode = require("toolkit.json").decode
+ local http = require "resty.http"
+ local httpc = http.new()
+ local uri =
"http://127.0.0.1:8080/realms/University/protocol/openid-connect/token";
+ local res, err = httpc:request_uri(uri, {
+ method = "POST",
+ body =
"grant_type=password&client_id=course_management&client_secret=d1ec69e9-55d2-4109-a3ea-befa071579d5&[email protected]&password=123456",
+ headers = {
+ ["Content-Type"] = "application/x-www-form-urlencoded"
+ }
+ })
+
+ -- Check response from keycloak and fail quickly if there's no
response.
+ if not res then
+ ngx.say(err)
+ return
+ end
+
+ -- Check if response code was ok.
+ if res.status == 200 then
+ -- Get access token from JSON response body.
+ local body = json_decode(res.body)
+ local accessToken = body["access_token"]
+
+ -- Access route using access token. Should work.
+ uri = "http://127.0.0.1:"; .. ngx.var.server_port .. "/hello"
+ local res, err = httpc:request_uri(uri, {
+ method = "GET",
+ headers = {
+ ["Authorization"] = "Bearer " .. body["access_token"],
+ ["X-Addon-Header-A"] = "Value-A",
Review Comment:
the test just for compare with test 6 and test 8. It should work normally if
we don't pass these headers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
