colmbrady commented on issue #7190: URL: https://github.com/apache/apisix/issues/7190#issuecomment-1158168951
Actually, thats what the Keycloak Java Adapter implementation does, so likely a possible approach. https://github.com/keycloak/keycloak/blob/bfce612641a70e106b20b136431f0e4046b5c37f/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java#L184 When a 403 happens, and if the adapter is configured to respect user-management-access, then it requests a ticket for the client, and returns it - instead of just returning a 403. I guess, this adapter is normally deployed on the resource server, as a gateway proxy. So its similar to the function ApiSix might serve as a Policy Enforcement Point -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
