feat: add required scopes configuration property to openid-connect plugin
#10493
Conversation
|
@csotiriou thanks for this PR. It will be great if you can add test cases for it :) |
|
Hello @moonming I'm trying to wrap my head around the test implementation, my familiarity with lua is limited. However, I have reached the point where I'm making a sample test. I noticed that for the openid-connect plugin there are some sample oidc providers with a dummy client-id and client-secret used. Must I use the same and have the same configuration in my keycloak? If not, how are tests going to pass during automation? |
|
@Revolyssup Please check how to write a more appropriate test case. I am not familiar with this plug-in. |
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
|
@moonming @csotiriou I have added the test case and fixed the lint tests to save time. |
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
|
@csotiriou thanks for your great work 👍 |
|
I think you need to add a test case for scope validation |
@soulbird Do you mean the case where the correct scope is passed and the request succeeds? |
@csotiriou please fix this when you have time. |
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
yes |
…tiriou/apisix into feature/oidc-required-scopes
Thanks for the notification, @moonming , It seems that the merge conflicts in the conflicting documentation files have been resolved by @Revolyssup faster, thank you for the help! |
Fixes #10352
This adds the optional
required_scopesconfiguration property in theopenid-connectplugin configuration. In cases where the introspection endpoint of the OIDC server is called, the plugin will check if all required scopes are present in the scopes returned by the introspection endpoint.I have also updated the documentation to reflect this, in case anyone finds this PR valuable.