fernando-arellano commented on issue #12028:
URL: https://github.com/apache/apisix/issues/12028#issuecomment-2894797783
> > But lua-resty-session has different varies for session storage.
>
> Can you elaborate on your original request? What do you expect the oidc
authentication process to look like?
@Baoyuantop from my understanding we would like to be able to configure
things like the session name. Domain SameSite ( Cookie settings ). That is
currently supported but `lua-resty-sesion` and the `resty-oidc` however the
plugin prohibits to configure that.
resti-oidi:
```
-- Configure lua-resty-session
-- The full list of configuration options is documented in the
lua-resty-session GitHub repository:
https://github.com/bungle/lua-resty-session?tab=readme-ov-file#session-configuration
local session_opts = {
-- When using cookies to store sessions, set a shared secret
for session cookie encryption. This allows sessions to remain valid after a
restart of nginx.
-- It also enables "stateless" session management, so
multiple instances of nginx can handle requests without the need for "sticky"
load balancing techniques.
-- secret = "xxxxxxxxxxxxxxxxxxx",
-- Optionally, set the cookie prefix to prevent accidental
overwriting of the session cookie
-- cookie_prefix = "__Host-",
-- Login session cookies should be HTTP Only
cookie_http_only = true,
-- Login session cookies should be marked as "Secure"
cookie_secure = true,
-- Set the same site cookie policy
cookie_same_site = "Lax",
-- Set this to true if you want login session cookies to
persist a browser restart
remember = true
}
-- call authenticate for OpenID Connect user authentication
local res, err = require("resty.openidc").authenticate(opts, nil,
nil, session_opts) <------- Session options can be passed here.
```
However the plugin only allows to pass the secret via conf.secret here:
https://github.com/apache/apisix/blob/0bb54e0a9b18aaa3f2c609ebc0b6d3ea8b2c564c/apisix/plugins/openid-connect.lua#L668
If we are allowed to remove the additional properties validation from
https://github.com/apache/apisix/blob/0bb54e0a9b18aaa3f2c609ebc0b6d3ea8b2c564c/apisix/plugins/openid-connect.lua#L87
I believe we would be able to configure some of the session arguments unless
there is a reason why we shouldn't configure those.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
