darkSheep404 commented on issue #11918: URL: https://github.com/apache/apisix/issues/11918#issuecomment-2611705711
Hi @vamsipatils You offer a lot of good things about JWT, but I insist that this should be done in a separate jwt-auth plugin. And then pass username in header or var so that all traffice limit-count,limit-req,limit-conn can be used Unfortunately, apisix's current `jwt-auth` plugin works with the apisix consumer, not a generic authentication scenario. Seems apisix `openid-connect` plugin with config `bearly_only:true` can do this too. It already support set user-info in header, [Authentication between Services: Set bearer_only to true and configure the introspection_endpoint or public_key attribute. In this scenario, APISIX will reject requests without a token or invalid token in the request header.] (https://apisix.apache.org/docs/apisix/plugins/openid-connect/)  I remember that Kong have this type plugin `jwt-keycloak` too, which is more specifically focused on the jwt domain But this is just my opinion, you can try to propose a PR and see if the community will accept it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
