Skip to content

feat: auth plugins respond with www-authenticate header with realm #12864

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shreemaan-abhishek merged 6 commits into from
Jan 8, 2026
Merged

feat: auth plugins respond with www-authenticate header with realm #12864

shreemaan-abhishek merged 6 commits into from
Jan 8, 2026
+858 −6

Conversation

@shreemaan-abhishek
Copy link
Contributor

@shreemaan-abhishek shreemaan-abhishek commented Jan 6, 2026
edited
Loading

Description

This PR adds a realm configuration option to several authentication plugins (basic-auth, key-auth, hmac-auth, jwt-auth, ldap-auth). This allows users to customize the realm value returned in the WWW-Authenticate header when an authentication request fails with a 401 Unauthorized status.

This is in line with standard concept in the HTTP authentication protocol (RFC 7235). It indicates to the client which "protection area" the currently requested resource belongs to. This helps the client (such as a browser or API client) determine which set of credentials to use to re-initiate the request.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

nic-6443
nic-6443 reviewed Jan 6, 2026
View reviewed changes
@shreemaan-abhishek
other plugins
cd33069 
Signed-off-by: Abhishek Choudhary <[email protected]>
@shreemaan-abhishek shreemaan-abhishek marked this pull request as ready for review January 6, 2026 10:46
@dosubot dosubot bot added size:XL This PR changes 500-999 lines, ignoring generated files. enhancement New feature or request labels Jan 6, 2026
nic-6443
nic-6443 previously approved these changes Jan 6, 2026
View reviewed changes
membphis
membphis reviewed Jan 7, 2026
View reviewed changes
apisix/plugins/basic-auth.lua Outdated
default = false,
},
realm = {
type = "string",
Copy link
Member

@membphis membphis Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it can not contain any ', "

maybe we should limit it

apisix/plugins/ldap-auth.lua Outdated
tls_verify = { type = "boolean", default = false },
uid = { type = "string", default = "cn" }
uid = { type = "string", default = "cn" },
realm = { type = "string", default = "ldap" }
Copy link
Member

@membphis membphis Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add a , at the end of this line always

@shreemaan-abhishek
rfc compliant
cbba647 
Signed-off-by: Abhishek Choudhary <[email protected]>
@shreemaan-abhishek
nit
315f659 
Signed-off-by: Abhishek Choudhary <[email protected]>
membphis
membphis previously approved these changes Jan 7, 2026
View reviewed changes
nic-6443
nic-6443 previously approved these changes Jan 8, 2026
View reviewed changes
@shreemaan-abhishek
docs
ce57ee7 
Signed-off-by: Abhishek Choudhary <[email protected]>
@shreemaan-abhishek shreemaan-abhishek dismissed stale reviews from nic-6443 and membphis via ce57ee7 January 8, 2026 03:36
membphis
membphis previously approved these changes Jan 8, 2026
View reviewed changes
@shreemaan-abhishek
fix
499da8c 
Signed-off-by: Abhishek Choudhary <[email protected]>
@shreemaan-abhishek shreemaan-abhishek merged commit 5083ad6 into apache:master Jan 8, 2026
38 of 42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@membphis membphis membphis approved these changes

@nic-6443 nic-6443 nic-6443 approved these changes

@Baoyuantop Baoyuantop Baoyuantop approved these changes

@bzp2010 bzp2010 Awaiting requested review from bzp2010

@moonming moonming Awaiting requested review from moonming

Assignees

No one assigned

Labels

enhancement New feature or request size:XL This PR changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shreemaan-abhishek @membphis @nic-6443 @Baoyuantop