Comments (1)
I don't get you!
We expect Ocelot to forward the claims obtained from IdentityServer4's introspection endpoint to the backend services, enabling efficient authentication and authorization within our microservice architecture.
To forward the claims means to forward auth token. Just define anonymous route to forward your token down to the service. Authorization will occur on the side of the downstream service.
Currently, Ocelot does not forward the claims retrieved from the introspection endpoint to the backend services. This leads to inefficiencies, as each microservice must independently query IdentityServer4 for claims, resulting in unnecessary round trips.
resulting in unnecessary round trips.
Hmm... What's the problem with that?
You only have to create the token once before sending a request to gateway! Attach it to request, make request to upstream and anonymous route will forward it to the service which require authorization.
To optimize our authentication and authorization process, we aim to enhance Ocelot's functionality.
Great! Sure thing you can do that!
Specifically, we seek a feature that automatically passes the obtained claims from the introspection endpoint to the backend services, reducing reliance on IdentityServer and minimizing round trips.
But I've explained you above how. Make token once, and reuse it for all Ocelot's routes. But they should be anonymous! So, authorization will take place on microservice's side.
There will be no "round trips"! 😉
Configure Ocelot as the API Gateway in a microservice architecture.
Integrate IdentityServer4 for authentication and authorization.
Ensure each microservice sends requests to IdentityServer4's introspection endpoint to retrieve claims.
Observe that Ocelot does not forward the obtained claims to the backend services.
Awesome Steps to Reproduce! 🤣
If you want to check claims on Ocelot's side and want to have some claims transformations then you have to develop custom Authentication middleware and attach it to the pipeline using Middleware Injection
Probably your user's scenario requires to override AuthorizationMiddleware too.
Hope it helps!
Version: Ocelot 18.0
Platform: .NET 6
Subsystem: Authentication and Authorization
Why do you use outdated version?
Please upgrade to version 23.1+!
from ocelot.
Related Issues (20)
- Regression at DownstreamUrlCreatorMiddleware HOT 6
- how to document rate limit in swagger HOT 1
- Release 23.2: UpstreamPathTemplate doesn't contain the same placeholders in DownstreamPathTemplate HOT 12
- Long duration of CircleCI builds HOT 1
- Map response of rate limit quota into exception
- On the fly `ocelot.json` configuration merging HOT 1
- Body cannot be forwarded twice on Aggregator HOT 17
- 当下游服务返回"text/plain"类型时导致"response.Body"中变得异常得长,这正常吗?
- Resolving 'IsAuthenticated' False Issue with Ocelot API Gateway and OKTA Authentication
- `FileCacheOptions` not working after the header was introduced in FileCache settings in version 23.0.0 HOT 4
- Receiving 401 depending on the order of my API Route, when calling API's through Ocelot API Gateway
- Getting load balancer error with latest version HOT 6
- Incorrect routing when the query parameter is in the configuration
- Unusual spike in response with 499 status code HOT 24
- Downstream route is not allowed to end on a forward slash HOT 3
- 404 exception caused by QoS configuration item conflict HOT 10
- In C#, when using Ocelot, the ContentLength is 0 when forwarding data to downstream services. HOT 1
- Polly V7 syntax is no longer supported
- `FailureRatio` and `SamplingDuration` parameters of Polly V8 circuit-breaker
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocelot.