Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can you add other session configuration parameters of openid-connect? #10797

Open
illidan33 opened this issue Jan 11, 2024 · 13 comments
Open

Can you add other session configuration parameters of openid-connect? #10797

illidan33 opened this issue Jan 11, 2024 · 13 comments
Assignees
@Revolyssup
Labels
help wanted Extra attention is needed

Comments

@illidan33
Copy link
Contributor

illidan33 commented Jan 11, 2024
edited
Loading

Description

I want to set the session expiration time, but the documentation only supports 'secret'.
The document only provides the secret parameter for configuring a session. Can you add support for other session configuration parameters.

The document's url is https://apisix.apache.org/zh/docs/apisix/plugins/openid-connect/

image

"openid-connect": {
"_meta": {
"disable": false
},
"access_token_in_authorization_header": true,
"refresh_session_interval": 3600,
"scope": "",
"session": {
"secret": ""
},
"timeout": 3,
"use_pkce": true
}

Openid-connect uses the lua-resty-sesseion package, which provides session configuration. Its address is
https://github.com/bungle/lua-resty-session

image

Environment

  • APISIX version (run apisix version): /usr/local/openresty//luajit/bin/luajit ./apisix/cli/apisix.lua version
    3.7.0
  • Operating system (run uname -a): Linux apisix-apisix-6d996f8c4f-tzjt8 4.19.91-26.6.al7.x86_64
  • OpenResty / Nginx version (run openresty -V or nginx -V): nginx version: openresty/1.21.4.2
    built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
    built with OpenSSL 1.1.1s 1 Nov 2022 (running with OpenSSL 1.1.1w 11 Sep 2023)
    TLS SNI support enabled
    configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DAPISIX_RUNTIME_VER=1.0.1 -DNGX_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_HTTP_GRPC_CLI_ENGINE_PATH=/usr/local/openresty/libgrpc_engine.so -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include' --add-module=../ngx_devel_kit-0.3.2 --add-module=../echo-nginx-module-0.63 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.33 --add-module=../ngx_lua-0.10.25 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.34 --add-module=../array-var-nginx-module-0.06 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --add-module=../ngx_stream_lua-0.0.13 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -Wl,-rpath,/usr/local/openresty/wasmtime-c-api/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib' --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../mod_dubbo-1.0.2 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../ngx_multi_upstream_module-1.1.1 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../apisix-nginx-module-1.15.0 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../apisix-nginx-module-1.15.0/src/stream --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../apisix-nginx-module-1.15.0/src/meta --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../wasm-nginx-module-0.6.5 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../lua-var-nginx-module-v0.5.3 --add-module=/tmp/tmp.gLDkH7DPEH/openresty-1.21.4.2/../grpc-client-nginx-module-v0.4.4 --with-poll_module --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-http_ssl_module
  • APISIX Dashboard version, if relevant: dashboard_version | 3.0.1
@kayx23
Copy link
Member

kayx23 commented Jan 11, 2024

I thought session expiry is something one could configure on the IdP side?

@kayx23 kayx23 added the question label for questions asked by users label Jan 11, 2024
@illidan33
Copy link
Contributor Author

I thought session expiry is something one could configure on the IdP side?

The session is set by plugin openid-connect when i use apisix. So it has nothing to do with idp, which does not control the session set by openid-connect.

@kayx23 kayx23 added help wanted Extra attention is needed and removed question label for questions asked by users labels Jan 11, 2024
@kayx23
Copy link
Member

kayx23 commented Jan 11, 2024

@lakshya8066 @Vacant2333 Please help with this question if you can, thanks.

@Vacant2333
Copy link
Contributor

hello @illidan33 looks like we can add this parameter to the APISIX plugin
image

@illidan33
Copy link
Contributor Author

illidan33 commented Jan 12, 2024
edited
Loading

hello @illidan33 looks like we can add this parameter to the APISIX plugin image

@Vacant2333 Thank you! Can you add an extra field ‘rolling_timeout’?

@Vacant2333
Copy link
Contributor

hello @illidan33 looks like we can add this parameter to the APISIX plugin image

Thank you! Can you add an extra field ‘rolling_time’?

yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that

@illidan33
Copy link
Contributor Author

hello @illidan33 looks like we can add this parameter to the APISIX plugin image

Thank you! Can you add an extra field ‘rolling_time’?

yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that

Of course.

@illidan33
Copy link
Contributor Author

hello @illidan33 looks like we can add this parameter to the APISIX plugin image

Thank you! Can you add an extra field ‘rolling_time’?

yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that

Of course.

@Vacant2333 The following are common session configuration fields, please add them to the plugin, thank you.

  • cookie_name
  • cookie_path
  • cookie_http_only
  • cookie_secure
  • cookie_priority
  • cookie_same_site
  • cookie_same_party
  • remember
  • remember_safety
  • remember_cookie_name
  • stale_ttl
  • idling_timeout
  • rolling_timeout
  • absolute_timeout
  • remember_rolling_timeout
  • remember_absolute_timeout

@Vacant2333
Copy link
Contributor

hello @illidan33 looks like we can add this parameter to the APISIX plugin image

Thank you! Can you add an extra field ‘rolling_time’?

yes, can u help me list the parameters that which we need add to the plugin, and i will check and try to do that

Of course.

@Vacant2333 The following are common session configuration fields, please add them to the plugin, thank you.

  • cookie_name
  • cookie_path
  • cookie_http_only
  • cookie_secure
  • cookie_priority
  • cookie_same_site
  • cookie_same_party
  • remember
  • remember_safety
  • remember_cookie_name
  • stale_ttl
  • idling_timeout
  • rolling_timeout
  • absolute_timeout
  • remember_rolling_timeout
  • remember_absolute_timeout

ok, i will need consider these was necessay, thanks!

@Vacant2333
Copy link
Contributor

@kayx23 how do u think about add these parameters, can u help assign this issue to me? cc @shreemaan-abhishek

@Revolyssup Revolyssup assigned Revolyssup and unassigned Vacant2333 Jan 19, 2024
@Revolyssup Revolyssup moved this from 📋 Backlog to 🏗 In progress in Apache APISIX backlog Jan 19, 2024
@illidan33
Copy link
Contributor Author

@Vacant2333 Hi, will the update come online in the near future?

@Revolyssup
Copy link
Contributor

@illidan33 Yes this is on the proposal stage currently so there is no fixed date but this task is on my plate

@illidan33 illidan33 mentioned this issue Feb 6, 2024
Merged
5 tasks
@illidan33
Copy link
Contributor Author

@Vacant2333 @Revolyssup hi, I solved the issue. Can you take a look.
[https://github.com//pull/10919](session configuration)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Revolyssup Revolyssup

Labels
help wanted Extra attention is needed
Projects
Apache APISIX backlog
Status: 🏗 In progress
Milestone
No milestone
Development

No branches or pull requests
4 participants
@illidan33 @Vacant2333 @kayx23 @Revolyssup