-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC plugin doesn't work with Rate Limiting plugin #2
Comments
Most authentication plugins assume that Kong is the authorization server, which is not the case in this plugin. However, if it's as simple to get compatibility with other plugins as setting that field, it would be a simple thing to do. We would also need to ensure that this plugin gets executed before other plugins potentially using the information. See Kong/kong#267 Would you like to do some testing on if it works better with the field enabled? |
Kong plugins have a priority mechanism. By default it's set to 0 (get executed as last), which is in case of this plugin also. Looking at other authentication plugins they have priority set to 1000. It's no biggie to change this also. I already tried to modify this plugin to add injecting this I will push this to my forked repository next week. |
Bearer JWT verify, auth/acl chaining, group/credential handling fixes
Hello,
The currently plugin implementation doesn't work with the Rate Limiting plugin. If I configure the Rate Limiting to limit via user credential and use this plugin to determine the user, then it falls back to limiting via IP.
After my investigation I found out, that's it because the field
ngx.ctx.authenticated_credential
isn't set. Other authentication plugins set this field, so looks this is a missing implementation.Br,
Damian
The text was updated successfully, but these errors were encountered: