TechQA.

Apache APISIX integration with Keycloak

2.4k views Asked by At

I have a few microservices that validate and identify the user using Keycloak as below

enter image description here

I now want to place the Apache APISIX API Gateway before the microservices.

Apache APISIX has a plugin for Keycloak. Can the plugin do the following such that the validation is removed from all the microservices?

  • Validate the access_token from the user
  • If valid, forward the request to the microservice

enter image description here

Note

This article gives details on how to integrate the Keycloak plugin such that the user will have to authenticate using Keycloak (using a single Keycloak client_id and client_secret). In my case, however, each user will have a different client_id and client_secret.

microservices keycloak api-gateway apache-apisix
Original Q&A
1

There are 1 answers

1
Peter Zhu On BEST ANSWER

Can the plugin do the following such that the validation is removed from all the microservices?

Yes, it can. The Apache APISIX can validate the access_token, also can add the user_info, id_token to the upstream. For more details, you can refer to the plugin docs of Apache APISIX. https://apisix.apache.org/docs/apisix/plugins/openid-connect.

In my case, however, each user will have a different client_id and client_secret.

Now, Apache APISIX doesn't support setting more than one client id of openid-connect in a route.Maybe you can create more routes, each route for each client? And use Host to distinguish them.

Related Questions in MICROSERVICES

Related Questions in KEYCLOAK

Related Questions in API-GATEWAY

Related Questions in APACHE-APISIX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions