feat: authz-casdoor should support fetching access token using username and password
#11207
Comments
|
I find it difficult to understand your problem. Right now, it seems that you are trying to use a feature from Casdoor but it doesn't work. Are there any error logs? |
|
Hello and thanks for your answer The Resource Owner Password Credentials (ROPC) grant flow lets the client use the resource owner's user name and password to get an access token. I have an API behind APISIX. APISIX check the authentication via Casdoor. When a user wants to get a token for the API, it goes to Casdoor, request a token by providing a client_id, username and password. I would like to hide the client_id and that the user only provides his username / password. Exactly like what the keycloak plugin does : https://apisix.apache.org/docs/apisix/3.1/plugins/authz-keycloak/#generating-a-token-using-password-grant Is it something I need to code myself or is it something that apisix is able to natively handle ? Thanks |
|
I have minimal experience in working with the casdoor/keycloak/oidc plugins but I can confirm that
No APISIX doesn't yet support this. |
shreemaan-abhishek
changed the title
authz-casdoor should support fetching access token using username and password
Description
Hello, I am doing a POC with Apisix and Casdoor. I wanted to use the flow "Resource owner password credentials grant" to let my user use only their username and password to authenticate to an application. Everything is done programmaticaly. Nevertheless, I don't see an option or a method to do that. It's natively supported by the keycloak plugin ("UMA") but not for openid-connect.
I believe the request rewrite could do the job but I am not sure about security. Thanks for your help !
Environment
apisix version): 3.9uname -a): Redhat (Docker Image apache/apisix:3.9.0-redhat)openresty -Vornginx -V): See abovecurl http://127.0.0.1:9090/v1/server_info): Not using etcd but standalone modeThe text was updated successfully, but these errors were encountered: