Apache APISIX integration with Keycloak
I have a few microservices that validate and identify the user using Keycloak as below
I now want to place the Apache APISIX API Gateway before the microservices.
Apache APISIX has a plugin for Keycloak. Can the plugin do the following such that the validation is removed from all the microservices?
- Validate the
access_tokenfrom the user - If valid, forward the request to the microservice
Note
This article gives details on how to integrate the Keycloak plugin such that the user will have to authenticate using Keycloak (using a single Keycloak client_id and client_secret). In my case, however, each user will have a different client_id and client_secret.
Can the plugin do the following such that the validation is removed from all the microservices?
Yes, it can. The Apache APISIX can validate the access_token, also can add the user_info, id_token to the upstream.
For more details, you can refer to the plugin docs of Apache APISIX. https://apisix.apache.org/docs/apisix/plugins/openid-connect.
In my case, however, each user will have a different client_id and client_secret.
Now, Apache APISIX doesn't support setting more than one client id of openid-connect in a route.Maybe you can create more routes, each route for each client? And use Host to distinguish them.
- how to write a function to send http request with a nullable body in go
- Dynamic kafka topic name in nestjs microservice
- How to design an efficient Pub/Sub pull subscriber for both maximum throughput and fault-tolerance?
- Service oriented architecture vs Microservices
- Common application property file for multiple microservice
- Event sourcing, CQRS with Axon Server / Framework - Event Sourcing the entire application a good idea?
- Microservices, CQRS: Eventual consistency vs Strong consistency(Read after Write consistency)
- Dashboard in Event driven design
- Ribbon load balancer client not disabling in Spring boot 2.4.3 & Cloud 2020.0.1. Using Consul for load balancing instead
- How to fix "blank page" in Spring Boot UI-microservices running on same tomcat instance
- API calls in Microservices Architecture
- How to reliably implement fan out write pattern?
- Microservice relationship/dependency strategy
- Microservices architecture - wrapper service?
- Microservices HttpStatus Codes
- Project build error: 'dependencies.dependency.version' for org.springframework.cloud:spring-cloud-starter-eureka-server:jar is missing
- Why does calling my microservice in Java Spring Boot returns 403 Forbidden?
- Spring Boot Microservice Application Cors Origin Error
- How to create span tree in distributed tracing system using Golang
- Am I understand Auth + Application server approach correct?
- What is the difference between a circuit breaker and a bulkhead pattern?
- Sharing data between isolated microservices
- ASP.NET Core 8.0 Web API : endpoint accepting only dynamic values as parameters
- Microservices API gateway vs. Microservices Chassis
- How to manage session across multiple APIs
- Traffic splitting based on weight : Nginx Ingress controller AKS
- Authorize Curl requests to microservices
- Is there a way to Get username & id of current user in Remote Bff Api Endpoint
- Communication between two microservices by Docker hostname
- Outbox pattern - should event dispatcher share db with the event generating service?