whatsmore opened a new issue #2428: URL: https://github.com/apache/apisix/issues/2428
### Issue description 启动测试基本可用了,因为需要鉴权服务,所以想使用其中的几个插件来满足鉴权的能力,使用 key-auth 测试了一下基本通了,但是对于一个 route,可能会有多个用户,因此改用 authz-keycloak 插件。 因为并不了解 ,因此按照[文档](https://github.com/apache/apisix/blob/master/doc/zh-cn/plugins/authz-keycloak.md),启动一个容器然后上去配置 `docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=123456 -p 8090:8080 sshniro/keycloak-apisix` 配置过程基于网上的教程,配置了相应的client和对应的用户,并设置了密码。 使用 `curl --location --request POST 'http://localhost:8090/auth/realms/test/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'username=test' --data-urlencode 'password=123456' --data-urlencode 'client_id=test-client' --data-urlencode 'grant_type=password'` 获取了对应的access_token 使用 `curl --location --request POST 'http://localhost:8090/auth/realms/test/protocol/openid-connect/userinfo' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'access_token=eyJ.................hbG` 验证token是正确可用的 返回结果 `{"sub":"11d5f929-9348-4114-8e7a-e3ee3fa2fac3","email_verified":false,"preferred_username":"test"}` 再在route中配置相应的token_endpoint `http://127.0.0.1:8090/auth/realms/test/protocol/openid-connect/token` 将policy_enforcement_mode设置为`PERMISSIVE ` 调用 `curl http://127.0.0.1:9080/authtest/ -H 'Authorization: Bearer {eyJ.................hbG}'` 报错如下: `{"error":"invalid_grant","error_description":"Invalid bearer token"}` 改为 `curl http://127.0.0.1:9080/authtest/ -H 'Authorization: Bearer eyJ.................hbG'` 报错如下: `{"error":"invalid_request","error_description":"You must provide the issuedFor"}` 在未开启 authz-keycloak 插件时,上述 curl 命令是可用的 请问是我的 keycloak 的配置有问题吗? ### Environment * apisix version (cmd: `apisix version`):1.5 * OS:macOS ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
