ojeker commented on issue #13408:
URL: https://github.com/apache/apisix/issues/13408#issuecomment-4542717452
@Baoyuantop Thank you - that solved my issue!
The following as breadcrumbs for other users with similar issues.
My updated and now working apisix.yaml:
```
routes:
- id: users
uris:
- /
- /*
plugins:
openid-connect:
client_id: apisix
client_secret: secret
discovery:
http://authn_srv:8080/default/.well-known/openid-configuration
bearer_only: true
use_jwks: true
ssl_verify: false
_meta:
priority: 2599
serverless-post-function:
phase: rewrite
functions:
- |
return function(conf, ctx)
local core = require("apisix.core")
local cjson = require("cjson.safe")
local userinfo = core.request.header(ctx, "X-Userinfo")
local claims = userinfo and
cjson.decode(ngx.decode_base64(userinfo))
if claims and claims.sub then
core.request.set_header(ctx, "X-Userinfo-Sub", claims.sub)
end
end
_meta:
priority: 2580
authz-casbin:
model_path: casbin/acl_model.conf
policy_path: casbin/acl_perm.csv
username: X-Userinfo-Sub
_meta:
priority: 2560
upstream:
type: roundrobin
nodes:
"upstream:80": 1
#END
```
A blog post explaining the execution phases and the plugin priorities:
https://apisix.apache.org/blog/2023/12/14/apisix-plugins-priority-leaky-abstraction/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
