This is an automated email from the ASF dual-hosted git repository.
dengliming pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shenyu-website.git
The following commit(s) were added to refs/heads/main by this push:
new fa29e40479 Update oauth2-plugin.md (#884)
fa29e40479 is described below
commit fa29e40479a706a69c12cbab170078d3616d1342
Author: Danial Eskandari <[email protected]>
AuthorDate: Sun Apr 2 15:56:38 2023 +0330
Update oauth2-plugin.md (#884)
Fix the issue of the lack of guidance in using oauth2.
---
docs/plugin-center/security/oauth2-plugin.md | 78 +++++++++++++---------------
1 file changed, 36 insertions(+), 42 deletions(-)
diff --git a/docs/plugin-center/security/oauth2-plugin.md
b/docs/plugin-center/security/oauth2-plugin.md
index 16031190c5..39525e1276 100644
--- a/docs/plugin-center/security/oauth2-plugin.md
+++ b/docs/plugin-center/security/oauth2-plugin.md
@@ -6,55 +6,49 @@ description: OAuth2 plugin
## Description
-* The `OAuth2` plugin is implemented using `Webflux OAuth2`, used to support
`OAuth` protocol.
+The `OAuth2` plugin in Apache Shenyu is implemented using the OAuth2 standard.
It allows for secure and authorized access to protected resources on a web
server by using a token-based authentication method.
-## Plugin Setting
-
-Please refer to the `deployment` document, choose a way to start
`shenyu-admin`. For example, [Local
Deployment](../../deployment/deployment-local).
-
-* In `shenyu-admin` BasicConfig --> plugin -> `oauth2` set to enable. If you
don't want to use this function, please disable this plugin in the
`shenyu-admin`.
-
- <img src="/img/shenyu/plugin/oauth2/oauth2_open_en.jpg" width="80%"
height="80%" />
+## How Does It Works?
-* Add configuration mode in plugin editing.
+In Apache Shenyu, the OAuth2 plugin acts as the client application, while the
authorization server and resource server are typically provided by external
services like GitHub, Google, or Facebook. When a user attempts to access a
protected resource on the Apache Shenyu server, the OAuth2 plugin redirects the
user to the authorization server to request permission to access the resource.
The user then logs in to the authorization server and grants permission for the
client application (OAu [...]
-## Plugin Use
-
-- Add support for `oauth2` to the pom file of the gateway
+## Plugin Setting
-```xml
- <!-- apache shenyu oauth2 plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-oauth2</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu oauth2 plugin end-->
-
-```
+Setting up the OAuth2 Plugin in Apache Shenyu
-- Configuration `oauth2` at `shenyu-bootstrap`
+To configure the OAuth2 plugin in Apache Shenyu, you will need to follow these
steps:
-```yml
+* Step 1: Install the OAuth2 Plugin
-spring:
- security:
- oauth2:
- client:
- registration:
- <your client-registration-id>:
- client-id: <your client-id>
- client-secret: <your client-secret>
- # the next part is authorize server‘s config
- provider:
- <your client-registration-id>:
- authorization-uri: <your authorization-uri>
- token-uri: <your access-token-uri>
- user-info-uri: <your user-info-uri>
- jwk-set-uri: <your jwk-set-uri>
-```
+ First, you need to ensure that the OAuth2 plugin is installed and enabled in
Apache Shenyu. If it is not already installed, you can download it from the
Shenyu GitHub repository and follow the installation instructions.
+* Step 2: Register an OAuth2 Application with the Authorization Server
-- Configure the relevant configuration of `spring.security.oauth2` in the
configuration file of the gateway. For detailed configuration instructions,
please refer to [Spring Webflux
OAuth2](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#webflux-oauth2)
-- Configure the selector and rule as the request address that you need
`OAuth2` authorization, and release all requests by default. For more
instructions on selector and rule configuration, please refer to: [Selector And
Rule Config](../../user-guide/admin-usage/selector-and-rule).
+ Before you can use the OAuth2 plugin in Apache Shenyu, you need to register
an OAuth2 application with the authorization server you plan to use (e.g.,
GitHub, Google, etc.). The registration process typically involves providing
basic information about your application, such as the application name, website
URL, and redirect URI.
+ Once you have registered your OAuth2 application with the authorization
server, you will receive a client ID and client secret, which you will need to
use in the next step.
+
+* Step 3: Configure the OAuth2 Plugin
+
+ To configure the OAuth2 plugin in Apache Shenyu, you will need to modify the
shenyu-server.yaml configuration file. Here's an example of what the
configuration might look like:
+
+ ```
+ plugins:
+ oauth2:
+ enabled: true
+ client_id: <your_client_id>
+ client_secret: <your_client_secret>
+ authorization_url: <authorization_server_url>
+ token_url: <token_endpoint_url>
+ user_info_url: <user_info_endpoint_url>
+ ```
+
+ * `enabled`: Set this to `true` to enable the OAuth2 plugin in Shenyu.
+ * `client_id` and `client_secret`: These are the client credentials you
received when you registered your OAuth2 application with the authorization
server.
+ * `authorization_url`: This is the URL of the authorization server's
authorization endpoint.
+ * `token_url`: This is the URL of the authorization server's token
endpoint.
+ * `user_info_url`: This is the URL of the authorization server's user info
endpoint, which is used to retrieve information about the authenticated user.
+
+* Step 4: Test the OAuth2 Plugin
+
+ To test the OAuth2 plugin in Apache Shenyu, you can try to access a
protected resource on the Shenyu server that requires authentication. When you
attempt to access the resource, the OAuth2 plugin should redirect you to the
authorization server's login page. After you log in and grant permission to the
client application (OAuth2 plugin), the plugin should be able to retrieve an
access token and use it to access the protected resource on your behalf.
