bzp2010 opened a new issue #6007: URL: https://github.com/apache/apisix/issues/6007
## Background Forward Auth cleverly moves the authentication and authorization logic to a dedicated external service, where the gateway forwards the user's request to the authentication service and blocks the original request and replaces the result when the authentication service responds with a non-20x state. In this way, we can achieve a custom error return or user redirection to the authentication page if the authentication fails. ## Scheme ### Configure schema Name | Type | Requirement | Default | Description -- | -- | -- | -- | -- host | string | required | | Auth service host (eg. https://localhost:8999) ssl_verify | boolean | optional | true | Whether to verify the certificate request_headers | array | optional | [] | Request headers allowed to be forwarded response_headers | array | optional | [] | Response headers allowed to be returned ### Implementation Through the plugin, part of the requested information is forwarded to the authentication service during the access phase, which will transmit the following information by way of a request header. Method | Schema | Domain | Path | Source IP -- | -- | -- | -- | -- X-Forwarded-Method | X-Forwarded-Proto | X-Forwarded-Host | X-Forwarded-Uri | X-Forwarded-For At the same time, the request headers will be forwarded according to the list of request headers set in the `request_headers` in the configuration, if not set, all request headers will be forwarded. After the authentication service response, if the response code is 20x, the request will be forwarded upstream normally, otherwise the response of the authentication service will be forwarded to the client, and the response headers will be filtered using `response_headers`. ## Other What are your ideas? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
