apisix/docs/en/latest/plugins/authz-casdoor.md
Navendu Pottekkat b2f3273b6a
docs: update "Authentication" Plugins (#6824)
Co-authored-by: homeward <97138894+hf400159@users.noreply.github.com>
2022-04-15 09:05:25 +08:00

3.0 KiB

title keywords description
authz-casdoor
APISIX
Plugin
Authz Casdoor
authz-casdoor
This document contains information about the Apache APISIX authz-casdoor Plugin.

Description

The authz-casdoor Plugin can be used to add centralized authentication with Casdoor.

Attributes

Name Type Required Description
endpoint_addr string True URL of Casdoor.
client_id string True Client ID in Casdoor.
client_secret string True Client secret in Casdoor.
callback_url string True Callback URL used to receive state and code.

:::info IMPORTANT

endpoint_addr and callback_url should not end with '/'.

:::

:::info IMPORTANT

The callback_url must belong to the URI of your Route. See the code snippet below for an example configuration.

:::

Enabling the Plugin

You can enable the Plugin on a specific Route as shown below:

curl "http://127.0.0.1:9080/apisix/admin/routes/1" -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d '
{
  "methods": ["GET"],
  "uri": "/anything/*",
  "plugins": {
    "authz-casdoor": {
        "endpoint_addr":"http://localhost:8000",
        "callback_url":"http://localhost:9080/anything/callback",
        "client_id":"7ceb9b7fda4a9061ec1c",
        "client_secret":"3416238e1edf915eac08b8fe345b2b95cdba7e04"
    }
  },
  "upstream": {
    "type": "roundrobin",
    "nodes": {
      "httpbin.org:80": 1
    }
  }
}'

Example usage

Once you have enabled the Plugin, a new user visiting this Route would first be processed by the authz-casdoor Plugin. They would be redirected to the login page of Casdoor.

After successfully logging in, Casdoor will redirect this user to the callback_url with GET parameters code and state specified. The Plugin will also request for an access token and confirm whether the user is really logged in. This process is only done once and subsequent requests are left uninterrupted.

Once this is done, the user is redirected to the original URL they wanted to visit.