Skip to content

Commit

Permalink
docs: polishing authz-keycloak's docs (#6630)
Browse files Browse the repository at this point in the history 
Co-authored-by: Yu.Bozhong <imbozhong@gmail.com>
  • Loading branch information
@Hwting @zaunist
Hwting and zaunist committed Mar 22, 2022
1 parent 2a7495c commit a1482dd
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 5 deletions.
17 changes: 15 additions & 2 deletions docs/en/latest/plugins/authz-keycloak.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,15 +146,15 @@ curl --location --request POST 'http://127.0.0.1:9080/api/token' \

## How To Enable

Create a `route` and enable the `authz-keycloak` plugin on the route:
Create a `route` and enable the `authz-keycloak` plugin on the route,`${realm}` is the realm name in `keyloak`:

```shell
curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/get",
"plugins": {
"authz-keycloak": {
"token_endpoint": "http://127.0.0.1:8090/auth/realms/{client_id}/protocol/openid-connect/token",
"token_endpoint": "http://127.0.0.1:8090/auth/realms/${realm}/protocol/openid-connect/token",
"permissions": ["resource name#scope name"],
"audience": "Client ID"
}
Expand All @@ -170,6 +170,19 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13

## Test Plugin

Get `{JWT Token}`

```shell
curl \
-d "client_id=<YOUR_CLIENT_ID>" \
-d "username=<YOUR_USERNAMED>" \
-d "password=<YOUR_PASSWORD>" \
-d "grant_type=password" \
"http://<YOUR_KEYCLOAK_HOST>/auth/realms/${realm}/protocol/openid-connect/token"
```

Request with token

```shell
curl http://127.0.0.1:9080/get -H 'Authorization: Bearer {JWT Token}'
```
Expand Down
19 changes: 16 additions & 3 deletions docs/zh/latest/plugins/authz-keycloak.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ title: authz-keycloak

| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
| ----------------------- | ------------- | ------ | ----------- | --------------------------- | ----------------------------------------------------------------------------------------------- |
| token_endpoint | string | 必须 | | [1, 4096] | 接受 OAuth2 兼容 token 的接口,需要支持 `urn:ietf:params:oauth:grant-type:uma-ticket` 授权类型 |
| token_endpoint | string | 必须 | | | 接受 OAuth2 兼容 token 的接口,需要支持 `urn:ietf:params:oauth:grant-type:uma-ticket` 授权类型 |
| grant_type | string | 可选 | "urn:ietf:params:oauth:grant-type:uma-ticket" | ["urn:ietf:params:oauth:grant-type:uma-ticket"] | |
| audience | string | 可选 | | | 客户端应用访问相应的资源服务器时所需提供的身份信息。当 permissions 参数有值时这个参数是必填的。 |
| permissions | array[string] | 可选 | | | 描述客户端应用所需访问的资源和权限范围的字符串。格式必须为:`RESOURCE_ID#SCOPE_ID` |
Expand Down Expand Up @@ -57,15 +57,15 @@ title: authz-keycloak

## 如何启用

创建一个 `route` 对象,并在该 `route` 对象上启用 `authz-keycloak` 插件:
创建一个 `route` 对象,并在该 `route` 对象上启用 `authz-keycloak` 插件, `${realm}``Keycloak` 中的 `realm` 名称

```shell
curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/get",
"plugins": {
"authz-keycloak": {
"token_endpoint": "http://127.0.0.1:8090/auth/realms/{client_id}/protocol/openid-connect/token",
"token_endpoint": "http://127.0.0.1:8090/auth/realms/${realm}/protocol/openid-connect/token",
"permissions": ["resource name#scope name"],
"audience": "Client ID"
}
Expand All @@ -81,6 +81,19 @@ curl http://127.0.0.1:9080/apisix/admin/routes/5 -H 'X-API-KEY: edd1c9f034335f13

## 测试插件

获取 `{JWT Token}`

```shell
curl \
-d "client_id=<YOUR_CLIENT_ID>" \
-d "username=<YOUR_USERNAMED>" \
-d "password=<YOUR_PASSWORD>" \
-d "grant_type=password" \
"http://<YOUR_KEYCLOAK_HOST>/auth/realms/${realm}/protocol/openid-connect/token"
```

验证

```shell
curl http://127.0.0.1:9080/get -H 'Authorization: Bearer {JWT Token}'
```
Expand Down

0 comments on commit a1482dd

Please sign in to comment.