Yilialinn commented on code in PR #11867: URL: https://github.com/apache/apisix/pull/11867#discussion_r2000497955
########## docs/en/latest/plugins/hmac-auth.md: ########## @@ -6,7 +6,7 @@ keywords: - Plugin - HMAC Authentication - hmac-auth -description: This document contains information about the Apache APISIX hmac-auth Plugin. +description: The hmac-auth plugin supports HMAC (Hash-based Message Authentication Code) authentication as a mechanism to ensure the integrity of requests, preventing them from being modified during transmissions. Review Comment: ```suggestion description: The hmac-auth Plugin supports HMAC (Hash-based Message Authentication Code) authentication as a mechanism to ensure the integrity of requests, preventing them from being modified during transmissions. ``` ########## docs/en/latest/plugins/hmac-auth.md: ########## @@ -69,20 +74,24 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"/ ::: -Before proceeding, create a sample consumer and configure its credential, which will be used for all examples below. +### Implement HMAC Authentication on a Route + +The following example demonstrates how to implement HMAC authentications on a route. You will also attach a consumer custom ID to authenticated request in the `Consumer-Custom-Id` header, which can be used to implement additional logics as needed. -Create a consumer `john`: +Create a consumer `john` with a custom ID label: ```shell curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT \ -H "X-API-KEY: ${admin_key}" \ -d '{ - "username": "john" + "username": "john", + "labels": { + "custom_id": "495aec6a" } }' ``` -Create `hmac-auth` credential for `john`: +Create `hmac-auth` Credential for the consumer: Review Comment: ```suggestion Create `hmac-auth` Credential for the Consumer: ``` ########## docs/en/latest/plugins/hmac-auth.md: ########## @@ -32,7 +32,9 @@ description: This document contains information about the Apache APISIX hmac-aut The `hmac-auth` plugin supports HMAC (Hash-based Message Authentication Code) authentication as a mechanism to ensure the integrity of requests, preventing them from being modified during transmissions. To use the plugin, you would configure HMAC secret keys on [Consumers](../terminology/consumer.md) and enable the plugin on Routes or Services. -Once enabled, the plugin verifies the HMAC signature in the request's `Authorization` header and check that incoming requests are from trusted sources. Specifically, when APISIX receives an HMAC-signed request, the key ID is extracted from the `Authorization` header. APISIX then retrieves the corresponding consumer configuration, including the secret key. If the key ID is valid and exists, APISIX generates an HMAC signature using the request's `Date` header and the secret key. If this generated signature matches the signature provided in the `Authorization` header, the request is authenticated and forwarded to upstream services. +When a consumer is successfully authenticated, APISIX adds additional headers, such as `X-Consumer-Username`, `X-Credential-Indentifier`, and other consumer custom headers if configured, to the request, before proxying it to the Upstream service. The Upstream service will be able to differentiate between consumers and implement additional logics as needed. If any of these values is not available, the corresponding header will not be added. Review Comment: ```suggestion When a Consumer is successfully authenticated, APISIX adds additional headers, such as `X-Consumer-Username`, `X-Credential-Indentifier`, and other Consumer custom headers if configured, to the request, before proxying it to the Upstream service. The Upstream service will be able to differentiate between Consumers and implement additional logics as needed. If any of these values is not available, the corresponding header will not be added. ``` ########## docs/en/latest/plugins/hmac-auth.md: ########## @@ -69,20 +74,24 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"/ ::: -Before proceeding, create a sample consumer and configure its credential, which will be used for all examples below. +### Implement HMAC Authentication on a Route + +The following example demonstrates how to implement HMAC authentications on a route. You will also attach a consumer custom ID to authenticated request in the `Consumer-Custom-Id` header, which can be used to implement additional logics as needed. -Create a consumer `john`: +Create a consumer `john` with a custom ID label: ```shell curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT \ -H "X-API-KEY: ${admin_key}" \ -d '{ - "username": "john" + "username": "john", + "labels": { + "custom_id": "495aec6a" } }' ``` -Create `hmac-auth` credential for `john`: +Create `hmac-auth` Credential for the consumer: Review Comment: Check accordingly ########## docs/en/latest/plugins/hmac-auth.md: ########## @@ -6,7 +6,7 @@ keywords: - Plugin - HMAC Authentication - hmac-auth -description: This document contains information about the Apache APISIX hmac-auth Plugin. +description: The hmac-auth plugin supports HMAC (Hash-based Message Authentication Code) authentication as a mechanism to ensure the integrity of requests, preventing them from being modified during transmissions. Review Comment: Check accordingly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
