vamsipatils commented on issue #11918: URL: https://github.com/apache/apisix/issues/11918#issuecomment-2607033234
Thank you for your thoughtful response and for sharing your insights on incorporating `jwt_claim` as a key in the `limit-count` plugin. While I recognize the practicality of relying on custom authentication plugins, I believe this enhancement offers significant benefits for a diverse set of users and scenarios. Here's a summary of why this feature is valuable: 1. **Minimizing Dependency on Custom Plugins**: Native support for `jwt_claim` in the `limit-count` plugin eliminates the need for users to develop and maintain custom plugins, making the platform more accessible, especially for those without extensive development resources. 2. **Improved Security**: By leveraging JWT claims directly within the plugin, we reduce the need to expose sensitive data in context variables. This approach not only aligns with security best practices but also minimizes potential attack vectors. 3. **Ease of Implementation**: JWT-based authentication is widely adopted, and many users are familiar with its configuration. Allowing rate limiting directly through JWT claims streamlines the process and ensures compatibility with common workflows. 4. **Increased Versatility**: The ability to define rate limits dynamically based on claims such as user roles, tenant IDs, or custom attributes expands the use cases the plugin can address. This flexibility makes it valuable for environments with diverse and evolving needs. 5. **Seamless Integration**: By maintaining backward compatibility, this enhancement ensures no disruption to existing configurations, offering an opt-in capability for those who need it. While custom plugins undoubtedly have their merits in specific contexts, integrating this functionality into the `limit-count` plugin provides a more robust, out-of-the-box solution that benefits a broader audience. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
