Comments (1)
I don't get you!
We expect Ocelot to forward the claims obtained from IdentityServer4's introspection endpoint to the backend services, enabling efficient authentication and authorization within our microservice architecture.
To forward the claims means to forward auth token. Just define anonymous route to forward your token down to the service. Authorization will occur on the side of the downstream service.
Currently, Ocelot does not forward the claims retrieved from the introspection endpoint to the backend services. This leads to inefficiencies, as each microservice must independently query IdentityServer4 for claims, resulting in unnecessary round trips.
resulting in unnecessary round trips.
Hmm... What's the problem with that?
You only have to create the token once before sending a request to gateway! Attach it to request, make request to upstream and anonymous route will forward it to the service which require authorization.
To optimize our authentication and authorization process, we aim to enhance Ocelot's functionality.
Great! Sure thing you can do that!
Specifically, we seek a feature that automatically passes the obtained claims from the introspection endpoint to the backend services, reducing reliance on IdentityServer and minimizing round trips.
But I've explained you above how. Make token once, and reuse it for all Ocelot's routes. But they should be anonymous! So, authorization will take place on microservice's side.
There will be no "round trips"! 😉
Configure Ocelot as the API Gateway in a microservice architecture.
Integrate IdentityServer4 for authentication and authorization.
Ensure each microservice sends requests to IdentityServer4's introspection endpoint to retrieve claims.
Observe that Ocelot does not forward the obtained claims to the backend services.
Awesome Steps to Reproduce! 🤣
If you want to check claims on Ocelot's side and want to have some claims transformations then you have to develop custom Authentication middleware and attach it to the pipeline using Middleware Injection
Probably your user's scenario requires to override AuthorizationMiddleware too.
Hope it helps!
Version: Ocelot 18.0
Platform: .NET 6
Subsystem: Authentication and Authorization
Why do you use outdated version?
Please upgrade to version 23.1+!
from ocelot.
Related Issues (20)
- 在使用异步流返回时,并不是实时刷新逐条返回结果,而是一次返回结果 HOT 10
- How to Authorize with nested JWT claim generated from Keycloak
- Access to the path '/app/ocelot.json' is denied HOT 1
- Ocelot is missing NuGet package README file HOT 3
- Kubernetes provider should identify different ports HOT 14
- FTP is raising Exception of Timeout but working in FileZilla and WinSCP HOT 3
- UnableToFindDownstreamRouteError, Failed to match Route configuration for upstream path: /, verb: GET HOT 8
- Rate Limiting issues in Ocelot HOT 6
- Ocelot Downstream Request Timeout HOT 5
- How to find servicename on PreAuthorizationMiddleware HOT 1
- Proposal to add ExtraProps to the configuration HOT 3
- Regression at DownstreamUrlCreatorMiddleware HOT 6
- how to document rate limit in swagger HOT 1
- Release 23.2: UpstreamPathTemplate doesn't contain the same placeholders in DownstreamPathTemplate HOT 12
- Long duration of CircleCI builds HOT 1
- Map response of rate limit quota into exception
- On the fly `ocelot.json` configuration merging HOT 1
- Body cannot be forwarded twice on Aggregator HOT 17
- 当下游服务返回"text/plain"类型时导致"response.Body"中变得异常得长,这正常吗?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocelot.