Co-authored-by: homeward <97138894+hf400159@users.noreply.github.com>
3.0 KiB
title | keywords | description | ||||
---|---|---|---|---|---|---|
authz-casdoor |
|
This document contains information about the Apache APISIX authz-casdoor Plugin. |
Description
The authz-casdoor
Plugin can be used to add centralized authentication with Casdoor.
Attributes
Name | Type | Required | Description |
---|---|---|---|
endpoint_addr | string | True | URL of Casdoor. |
client_id | string | True | Client ID in Casdoor. |
client_secret | string | True | Client secret in Casdoor. |
callback_url | string | True | Callback URL used to receive state and code. |
:::info IMPORTANT
endpoint_addr
and callback_url
should not end with '/'.
:::
:::info IMPORTANT
The callback_url
must belong to the URI of your Route. See the code snippet below for an example configuration.
:::
Enabling the Plugin
You can enable the Plugin on a specific Route as shown below:
curl "http://127.0.0.1:9080/apisix/admin/routes/1" -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d '
{
"methods": ["GET"],
"uri": "/anything/*",
"plugins": {
"authz-casdoor": {
"endpoint_addr":"http://localhost:8000",
"callback_url":"http://localhost:9080/anything/callback",
"client_id":"7ceb9b7fda4a9061ec1c",
"client_secret":"3416238e1edf915eac08b8fe345b2b95cdba7e04"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"httpbin.org:80": 1
}
}
}'
Example usage
Once you have enabled the Plugin, a new user visiting this Route would first be processed by the authz-casdoor
Plugin. They would be redirected to the login page of Casdoor.
After successfully logging in, Casdoor will redirect this user to the callback_url
with GET parameters code
and state
specified. The Plugin will also request for an access token and confirm whether the user is really logged in. This process is only done once and subsequent requests are left uninterrupted.
Once this is done, the user is redirected to the original URL they wanted to visit.