Hi Guys, I was advised on the discussions group to post my query here to see if somebody has already similar in mind.
I have my consumers already defined in Keycloak. Consumers get the token using Client Credentials flow i.e. using ClientId and ClientSecret. Using ‘openid-connect’ plugin I am able successfully authenticate/authorize the consumers. However, I would like to implement rate limiting based on consumer name, because due to some reason I cannot do it based on consumer ip address. Therefore, I need a way to identify the consumer from the token. I know that APISIX does not support this now. But I think with a small change in the ‘openid-connect’ plugin, it should be possible to do, because the response from ‘introspection_endpoint’ already contains the attributes (e.g. username, clientId etc.) needed to identify the consumer. I think ‘ladp_auth’ plugin already does this. What do you think? Is it possible to do? Are there any challenges in it? If yes, I would like to try my hands on this. Therefore, would need getting started tips/hints for building, compiling and other related processes. Best Regards, Joga Hyundai AutoEver Europe GmbH Kaiserleistr. 8A, 63067 Offenbach a.M., Deutschland Geschäftsführer/CEO: Jong-Il Yun Registergericht/registration court: Amtsgericht Offenbach Registernummer/registration number: HRB 42684 USt-IdNr./tax ID-no.: DE252841722
