Hi Peter/Zhiyuan, Here is my current requirement and proposed change: My API Gateway is behind a L4 load balancer, therefore I cannot identify the consumer based on source IP Address. We already use the OpenID token for the authentication, but I cannot use it to identify a consumer in APISIX for rate limiting to work.
I am new to APISIX, therefore writing my plan to change openid-connect plugin to fulfill my above requirement. Please let me know if this will work. 1. Add type and set to 'auth'. This will allow openid-connect to be used in consumers. 2. Add below properties to schema: - identify_consumer - boolean. To enable/disable consumer identification. - consumer_name_field - string. Name of field in the introspection response to be used to get the consumer name. Value would usually be 'client_id' or 'username'. 3. Change the rewrite method to get the consumer name from introspection response and find it in the list of consumers by comparing the name. Attach the consumer to ctx. Also set variables in the ctx, which then can be used in other plugins. Ideally, there should be a way to do the above without the need to add consumers in the APISIX. But I think that is not possible at the moment. Maybe you can confirm my understanding. Regards, Joga On Tue, 30 Nov 2021 at 03:01, Peter Zhu <sta...@apache.org> wrote: > Yes, Zhiyuan > > I just give some suggestions in my mind at the Disscussion[1]. > > [1] > https://github.com/apache/apisix/discussions/5547#discussioncomment-1719455 >
