Apisix-dashboard: discuss: improve the UE of config Authentication plugins

Created on 30 Sep 2020  路  18Comments  路  Source: apache/apisix-dashboard

Please answer these questions before submitting your issue.

  • Why do you submit this issue?
  • [x] Question or discussion
  • [ ] Bug
  • [ ] Requirements
  • [ ] Feature or performance improvement
  • [ ] Other

Why

The Authentication plugins, e.g: basic-auth openid-connect and other auth plugins supported by Apisix should work with consumer together. Only when one auth plugin is enabled and configed correctly can a consumer be created or modified, and can access a route which is also enabled the same auth plugin. At the same time, a route or a service can enabled the auth plugin without any configs(even if configured here, the auth plugin configuration of consumer will matched by default).

RIght now, the auth plugins can be configed both in consumer and route, but the auth config in route doesn't really work, and it will Induce user that only the configed consumer can access the route. So it would be better to improve the UE of config auth plugins.

Proposal

  1. the authentication plugins should be enabled with configuration in consumer module.
    2020-09-30 10-44-11灞忓箷鎴浘

  2. the authentication plugins should be only shown with a switch to enabled/disabled in route or service module.
    2020-09-30 10-44-11灞忓箷鎴浘

  3. right now if a route enabled two auth plugins, it should be matched with this two auth token, In fact, it is not possible for users to access the same route using two or more different authentication methods. so it would be better to only enabled one auth plugin in route.

discuss enhancement wait for update

Most helpful comment

We can create a new API to return all the information of the plug-in, such as schema, type, priority, etc.

For example the new API: /apisix/admin/plugins/meta_attributes, we need to discuss it on the mailing list first.

@liuxiran would like to handle this job?

sure, I have already sent a mail to dev, just waiting for others' comments and suggestions :)

All 18 comments

@juzhiyuan @LiteSun @bzp2010

Got your point, you mean for Auth plugins, we should only config it in Consumer instead of Route, and we COULD choose to enable or disable it in Route instead of cobfig, right?

I agree to this proposal, how about others suggestions?

cc @membphis @nic-chen @moonming ?

agree with this proposal too.

https://github.com/apache/apisix/issues/2308 , if we support this feature, the dashboard will easier.

agree +1

Got your point, you mean for Auth plugins, we should only config it in Consumer instead of Route, and we COULD choose to enable or disable it in Route instead of cobfig, right?

I agree to this proposal, how about others suggestions?

cc @membphis @nic-chen @moonming ?

yes you got my point @juzhiyuan 馃, and furthermore, if the authentication plugin can be turned into the consumer鈥檚 default support plugin, just like proxy-rewrite in route, that would be better, but the cost of plugin modification may be higher

yep, let's implement your proposal first :D

I just put this feature in M1.7.

I checked this issue once more, and it seems that the backend should support this feature too 馃 @liuxiran @membphis right?

I checked this issue once more, and it seems that the backend should support this feature too @liuxiran @membphis right?

thanks for @juzhiyuan 's reminder, I also rethinked this issue, and IMHO, it is better to get support from BE:

  • get whether the plugin needs to be config together with category of all plugins instead of only get plugin names from GET /apisix/admin/plugins

whether the plugin needs to be config could also not be a specific flag, FE can also judge from whether the [plugin].schema.properties is empty, in this case , api should return the schema at the same time.

This would also apply to other plugins that do not require configuration :)

This solution works for me, but it seems that there still has also a lot of work to do, could you please take a look at this issue? cc @membphis @tokers.

We can create a new API to return all the information of the plug-in, such as schema, type, priority, etc.

For example the new API: /apisix/admin/plugins/meta_attributes, we need to discuss it on the mailing list first.

@liuxiran would like to handle this job?

We can create a new API to return all the information of the plug-in, such as schema, type, priority, etc.

For example the new API: /apisix/admin/plugins/meta_attributes, we need to discuss it on the mailing list first.

@liuxiran would like to handle this job?

sure, I have already sent a mail to dev, just waiting for others' comments and suggestions :)

Hi folks, final conclusion here?

@liuxiran I think we can close this issue and create a new one with the final conclusion from the emailing list.

@liuxiran I think we can close this issue and create a new one with the final conclusion from the emailing list.

got it , and as we talked yesterday., this issue would be move to M2.3, right? @membphis

yes, confirm this @liuxiran

any update?

after the new api GET /plugins?all=ture finished, I will open a new issue to trace the process. close it now.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

aiyiyi121 picture aiyiyi121  路  4Comments

juzhiyuan picture juzhiyuan  路  3Comments

Firstsawyou picture Firstsawyou  路  5Comments

juzhiyuan picture juzhiyuan  路  4Comments

stu01509 picture stu01509  路  3Comments