SKDragon18 commented on issue #12027:
URL: https://github.com/apache/apisix/issues/12027#issuecomment-2708170836
this is my setting, i want apisix to check token by Introspect Endpoint
because access token not recall, it have old role.
"authz-keycloak": {
"_meta": {
"disable": false
},
"access_token_expires_in": 300,
"access_token_expires_leeway": 0,
"cache_ttl_seconds": 86400,
"client_id": "apisix",
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
"http_method_as_scope": false,
"keepalive": true,
"keepalive_pool": 5,
"keepalive_timeout": 60000,
"lazy_load_paths": false,
"permissions": [
"Default Resource",
"Giteav1"
],
"policy_enforcement_mode": "ENFORCING",
"refresh_token_expires_in": 3600,
"refresh_token_expires_leeway": 0,
"ssl_verify": true,
"timeout": 3000,
"token_endpoint":
"http://host.docker.internal:8080/realms/apisix_test_realm/protocol/openid-connect/token";
},
"openid-connect": {
"accept_none_alg": false,
"accept_unsupported_alg": true,
"access_token_expires_leeway": 0,
"access_token_in_authorization_header": true,
"bearer_only": true,
"client_credentials_requires_scope": false,
"client_id": "apisix",
"client_jwt_assertion_expires_in": 60,
"client_secret": "UDrN+4q9hETmxxxkda2PO0nTTudn9+PC",
"discovery":
"http://host.docker.internal:8080/realms/apisix_test_realm/.well-known/openid-configuration";,
"force_reauthorize": false,
"iat_slack": 120,
"introspection_endpoint":
"http://host.docker.internal:8080/realms/apisix_test_realm/protocol/openid-connect/token/introspect";,
"introspection_endpoint_auth_method": "client_secret_basic",
"introspection_interval": 0,
"jwk_expires_in": 86400,
"jwt_verification_cache_ignore": false,
"logout_path": "/logout",
"public_key": "-----BEGIN PUBLIC
KEY-----\nMIIBIjANBgkqhkiG9xxxxUJgAyvrktiN/fwOt4AOWKQLtVBAKods95g2MI0kb7JkWXGACBtT9KfoC4IhIdDR\n1zpfugYDwlX4nJm37Xu9dWa6QniwLO+45u4tesgtlzCizpWCb41FD2dKVpcRQHKW\n2QIDAQAB\n-----END
PUBLIC KEY-----",
"realm": "apisix_test_realm",
"refresh_token_expires_in": 0,
"refresh_token_in_authorization_header": true,
"renew_access_token_on_expiry": true,
"revoke_tokens_on_logout": false,
"scope": "openid email profile offline_access",
"set_access_token_header": true,
"set_id_token_header": true,
"set_refresh_token_header": true,
"set_userinfo_header": true,
"ssl_verify": false,
"timeout": 3,
"token_endpoint_auth_method": "client_secret_basic",
"token_signing_alg_values_expected": "RS256",
"unauth_action": "deny",
"use_nonce": false,
"use_pkce": false
},
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
