jenskeiner commented on a change in pull request #2859:
URL: https://github.com/apache/apisix/pull/2859#discussion_r531735142
##########
File path: doc/plugin-develop.md
##########
@@ -168,8 +168,8 @@ local _M = {
Determine which phase to run, generally access or rewrite. If you don't know
the [Openresty life
cycle](https://openresty-reference.readthedocs.io/en/latest/Directives/), it's
recommended to know it in advance. For example key-auth is an authentication
plugin, thus the authentication should be completed
before forwarding the request to any upstream service. Therefore, the plugin
can be executed in the rewrite and access phases.
-In APISIX, the authentication logic is implemented in the rewrite phase.
Generally, IP access and interface
-permission are completed in the access phase.
+In APISIX, the authentication logic is implemented in the access phase.
Generally, IP access and interface
Review comment:
Ok, understood why you need to run in the rewrite phase. Then I would
propose to change the phase for all authentication-type plugins to *rewrite*,
instead of adjusting the phase for `authz-keycloak` from *rewrite* to *access*.
Also, I think it would make the plugin development guidelines clearer if the
reason they need to run in the rewrite phase was pointed out more clearly.
If you're fine with this, I can update this PR accordingly. Just let me know
what you think.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
