feat: add multi-auth plugin #10482
feat: add multi-auth plugin #10482
Conversation
madhawa-gunasekara
force-pushed
the
issue-10196
branch
from
9a3bd0d
to
61a2b4f
Compare
madhawa-gunasekara
force-pushed
the
issue-10196
branch
7 times, most recently
from
f542242
to
3376deb
Compare
| } | ||
| }, | ||
| { | ||
| "jwt-auth": { |
There was a problem hiding this comment.
There is no test case to cover jwt?
There was a problem hiding this comment.
I added the test cases to cover jwt as well.
This is kind of a wrapper plugin to enable different authentication methods using "or" relationship.
I just added these 3 plugins to show case the compatibility of any plugin with type 'auth'.
docs/en/latest/plugins/multi-auth.md
Outdated
|
|
||
| ## Description | ||
|
|
||
| The `multi-auth` Plugin is used to add multiple authentication methods to a Route or a Service. Plugins with type 'auth' are supported. |
There was a problem hiding this comment.
For multiple different plug-ins, is there an "and" relationship or an "or" relationship between them? In other words, if there are two authentication plug-ins, do both plug-ins need to be verified?
There was a problem hiding this comment.
I added details in here
There was a problem hiding this comment.
Actually, it will go through the list of configured auth plugins, and exit after the first one is successfully authenticated. That means route can be shared between different consumers using different auth methods. If a consumer is using basic, he would be able to authenticate using basic, if another user uses jwt, he would be able to authenticate using jwt.
Maybe the doc can be clearer about the intent and use case.
There was a problem hiding this comment.
@madhawa-gunasekara did you see this?
There was a problem hiding this comment.
Yes, I will improve the docs
madhawa-gunasekara
force-pushed
the
issue-10196
branch
5 times, most recently
from
3bc05c4
to
48e0433
Compare
madhawa-gunasekara
force-pushed
the
issue-10196
branch
2 times, most recently
from
bfabbf7
to
577fc05
Compare
madhawa-gunasekara
force-pushed
the
issue-10196
branch
from
577fc05
to
264ff15
Compare
|
Hi @moonming, I fixed the changes you mentioned, can you rereview again? |
|
|
||
| ## Enable Plugin | ||
|
|
||
| To enable the Plugin, you have to create a Consumer object with multiple authentication configurations: |
There was a problem hiding this comment.
Better example and a more realistic use case is to have multiple consumers using different authentication plugins using the same route with multi-auth.
There was a problem hiding this comment.
I will add it as an example
| ## Description | ||
|
|
||
| The `multi-auth` Plugin is used to add multiple authentication methods to a Route or a Service. It supports plugins of type 'auth'. You can combine different authentication methods using "or" relationship with `multi-auth` plugin. If you want to use multiple methods in an "and" relationship, apply specific authentication plugins directly to the route or service. | ||
|
|
There was a problem hiding this comment.
As already mentioned, docs should state that authentication plugins will be tried in the order specified in plugin config, and as soon as one one match, it will let that consumer proceed with the service call.
|
@madhawa-gunasekara good job 👍 |
Description
Add multiple authentication for routes. This is the implementation of multi-auth plugin
{ "plugins":{ "multi-auth":{ "auth_plugins":[ { "basic-auth":{ } }, { "key-auth":{ "query":"apikey", "hide_credentials":true, "header":"apikey" } }, { "jwt-auth":{ "cookie":"jwt", "query":"jwt", "hide_credentials":true, "header":"authorization" } } ] } } }Fixes #10196
Checklist