Skip to content

Update new format and add log #217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
caubenganha wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Update new format and add log #217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
07c7160
Remove deprecated kong base url
caubenganha Dec 15, 2022
49b1aed
Update fomart schema
caubenganha Dec 15, 2022
3f2eb1c
Add name
caubenganha Dec 15, 2022
fe9af37
Remove deprecated code
caubenganha Dec 15, 2022
23387e4
Add log
caubenganha Dec 27, 2022
0a9e060
Add log
caubenganha Dec 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions kong/plugins/oidc/handler.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,14 @@
local BasePlugin = require "kong.plugins.base_plugin"
local OidcHandler = BasePlugin:extend()

local utils = require("kong.plugins.oidc.utils")
local filter = require("kong.plugins.oidc.filter")
local session = require("kong.plugins.oidc.session")

OidcHandler.PRIORITY = 1000


function OidcHandler:new()
OidcHandler.super.new(self, "oidc")
end
local OidcHandler = {
VERSION = "1.0.0",
PRIORITY = 1000,
}

function OidcHandler:access(config)
OidcHandler.super.access(self)
local oidcConfig = utils.get_options(config, ngx)

if filter.shouldProcessRequest(oidcConfig) then
Expand Down Expand Up @@ -51,22 +47,26 @@ function handle(oidcConfig)
end

function make_oidc(oidcConfig)
ngx.log(ngx.DEBUG, "OidcHandler calling authenticate, requested path: " .. ngx.var.request_uri)
ngx.log(ngx.DEBUG, "Oidc make_oidc, requested path: " .. ngx.var.request_uri)
local res, err = require("resty.openidc").authenticate(oidcConfig)
if err then
ngx.log(ngx.ERR, "Make oidc failed authenticate(oidcConfig) ")
if oidcConfig.recovery_page_path then
ngx.log(ngx.DEBUG, "Entering recovery page: " .. oidcConfig.recovery_page_path)
ngx.redirect(oidcConfig.recovery_page_path)
end
ngx.log(ngx.ERR, "(500, err, ngx.HTTP_INTERNAL_SERVER_ERROR")
utils.exit(500, err, ngx.HTTP_INTERNAL_SERVER_ERROR)
end
return res
end

function introspect(oidcConfig)
ngx.log(ngx.DEBUG, "Oidc introspect, requested path: " .. ngx.var.request_uri)
if utils.has_bearer_access_token() or oidcConfig.bearer_only == "yes" then
local res, err = require("resty.openidc").introspect(oidcConfig)
if err then
ngx.log(ngx.ERR, "OIDC introspect failed to oidc introspect")
if oidcConfig.bearer_only == "yes" then
ngx.header["WWW-Authenticate"] = 'Bearer realm="' .. oidcConfig.realm .. '",error="' .. err .. '"'
utils.exit(ngx.HTTP_UNAUTHORIZED, err, ngx.HTTP_UNAUTHORIZED)
Expand Down
52 changes: 31 additions & 21 deletions kong/plugins/oidc/schema.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,33 @@
local typedefs = require "kong.db.schema.typedefs"

return {
no_consumer = true,
name = "oidc-endpoint",
fields = {
client_id = { type = "string", required = true },
client_secret = { type = "string", required = true },
discovery = { type = "string", required = true, default = "https://.well-known/openid-configuration" },
introspection_endpoint = { type = "string", required = false },
timeout = { type = "number", required = false },
introspection_endpoint_auth_method = { type = "string", required = false },
bearer_only = { type = "string", required = true, default = "no" },
realm = { type = "string", required = true, default = "kong" },
redirect_uri_path = { type = "string" },
scope = { type = "string", required = true, default = "openid" },
response_type = { type = "string", required = true, default = "code" },
ssl_verify = { type = "string", required = true, default = "no" },
token_endpoint_auth_method = { type = "string", required = true, default = "client_secret_post" },
session_secret = { type = "string", required = false },
recovery_page_path = { type = "string" },
logout_path = { type = "string", required = false, default = '/logout' },
redirect_after_logout_uri = { type = "string", required = false, default = '/' },
filters = { type = "string" }
}
}
{ consumer = typedefs.no_consumer },
{ config = {
type = "record",
fields = {

{ client_id = { type = "string", required = true }, },
{ client_secret = { type = "string", required = true }, },
{ discovery = { type = "string", required = true, default = "https://.well-known/openid-configuration" }, },
{ introspection_endpoint = { type = "string", required = false }, },
{ timeout = { type = "number", required = false }, },
{ introspection_endpoint_auth_method = { type = "string", required = false }, },
{ bearer_only = { type = "string", required = true, default = "no" }, },
{ realm = { type = "string", required = true, default = "kong" }, },
{ redirect_uri_path = { type = "string" }, },
{ scope = { type = "string", required = true, default = "openid" }, },
{ response_type = { type = "string", required = true, default = "code" }, },
{ ssl_verify = { type = "string", required = true, default = "no" }, },
{ token_endpoint_auth_method = { type = "string", required = true, default = "client_secret_post" }, },
{ session_secret = { type = "string", required = false }, },
{ recovery_page_path = { type = "string" }, },
{ logout_path = { type = "string", required = false, default = '/logout' }, },
{ redirect_after_logout_uri = { type = "string", required = false, default = '/' }, },
{ filters = { type = "string" } , }
},
},
},
},
}