how to do upstream authentification (other than mtls) ? #12212
Replies: 2 comments
-
|
Yes, authentication can be upstreamed at the gateway level using OAuth2 in Apache APISIX. You can use the To add a basic authentication header or cache an OAuth2 token before forwarding requests to the upstream, you can use the Here is an example configuration snippet: local schema = {
type = "object",
properties = {
uri = {type = "string"},
upstream_headers = {
type = "array",
default = {},
items = {type = "string"},
description = "authorization response header that will be sent to the upstream"
},
-- other configurations
},
required = {"uri"}
}
function _M.access(conf, ctx)
-- existing code
local res, err = httpc:request_uri(conf.uri, params)
if not res then
-- handle error
end
-- append headers that need to be get from the auth response header
for _, header in ipairs(conf.upstream_headers) do
local header_value = res.headers[header]
if header_value then
core.request.set_header(ctx, header, header_value)
end
end
endBy configuring To continue talking to Dosu, mention @dosu. Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other |
Beta Was this translation helpful? Give feedback.
-
|
None can be done natively juste configuration ? |
Beta Was this translation helpful? Give feedback.
-
There a posibility to do oauth2/openidc.authentification basic (other than mtls) to upsteam at gateway level ?
Exemple, the consumer do authentification to the gateway, them the gateway forward the request to the upstream but before forwarding the request they add basic authentification header or do oauth2 token request (and cache the token based on the exxpire time of the token) them add this token in authentication bearer header....
Beta Was this translation helpful? Give feedback.
All reactions