Skip to content

Commit a294ce5

Browse files
shreemaan-abhishekshreemaan-abhishek
committed
feat(openidc): support redis for session storage
Signed-off-by: Abhishek Choudhary <[email protected]>
1 parent 3ba27f6 commit a294ce5

File tree

4 files changed

+456
-0
lines changed

4 files changed

+456
-0
lines changed

apisix/plugins/openid-connect.lua

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,58 @@ local schema = {
8484
description = "it holds the cookie lifetime in seconds in the future",
8585
}
8686
}
87+
},
88+
storage = {
89+
type = "string",
90+
enum = {"cookie", "redis"},
91+
default = "cookie",
92+
},
93+
redis = {
94+
type = "object",
95+
properties = {
96+
host = {
97+
type = "string", minLength = 2, default = "127.0.0.1"
98+
},
99+
port = {
100+
type = "integer", minimum = 1, default = 6379,
101+
},
102+
socket = {
103+
type = "string"
104+
},
105+
username = {
106+
type = "string", minLength = 1,
107+
},
108+
password = {
109+
type = "string", minLength = 0,
110+
},
111+
database = {
112+
type = "integer", minimum = 0, default = 0,
113+
},
114+
prefix = {
115+
type = "string", default = "sessions"
116+
},
117+
ssl = {
118+
type = "boolean", default = false,
119+
},
120+
ssl_verify = {
121+
type = "boolean", default = false,
122+
},
123+
server_name = {
124+
type = "string",
125+
},
126+
connect_timeout = {
127+
type = "integer", minimum = 1, default = 1000,
128+
},
129+
send_timeout = {
130+
type = "integer", minimum = 1, default = 1000,
131+
},
132+
read_timeout = {
133+
type = "integer", minimum = 1, default = 1000,
134+
},
135+
keepalive_timeout = {
136+
type = "integer", minimum = 1000, default = 10000
137+
},
138+
}
87139
}
88140
},
89141
required = {"secret"},

docs/en/latest/plugins/openid-connect.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,17 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC)
6767
| session.secret | string | True | | 16 or more characters | Key used for session encryption and HMAC operation when `bearer_only` is `false`. |
6868
| session.cookie | object | False | | | Cookie configurations. |
6969
| session.cookie.lifetime | integer | False | 3600 | | Cookie lifetime in seconds. |
70+
| session.storage | string | False | cookie | ["cookie", "redis"] | Session storage method. |
71+
| session.redis | object | False | | | Redis configuration when `storage` is `redis`. |
72+
| session.redis.host | string | False | 127.0.0.1 | | Redis host. |
73+
| session.redis.port | integer | False | 6379 | | Redis port. |
74+
| session.redis.password | string | False | | | Redis password. |
75+
| session.redis.username | string | False | | | Redis username. |
76+
| session.redis.database | integer | False | 0 | | Redis database index. |
77+
| session.redis.prefix | string | False | sessions | | Redis key prefix. |
78+
| session.redis.ssl | boolean | False | false | | Enable SSL for Redis connection. |
79+
| session.redis.server_name | string | False | | | Redis server name for SNI. |
80+
| session.redis.auth | string | False | | | Alias for `session.redis.password`. |
7081
| session_contents | object | False | | | Session content configurations. If unconfigured, all data will be stored in the session. |
7182
| session_contents.access_token | boolean | False | | | If true, store the access token in the session. |
7283
| session_contents.id_token | boolean | False | | | If true, store the ID token in the session. |

docs/zh/latest/plugins/openid-connect.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,17 @@ description: openid-connect 插件支持与 OpenID Connect (OIDC) 身份提供
6767
| session.secret | string || | 16 个字符以上 |`bearer_only``false` 时,用于 session 加密和 HMAC 运算的密钥。|
6868
| session.cookie | object || | | Cookie 配置。 |
6969
| session.cookie.lifetime | integer || 3600 | | Cookie 生存时间(秒)。|
70+
| session.storage | string || cookie | ["cookie", "redis"] | 会话存储方式。 |
71+
| session.redis | object || | |`storage``redis` 时的 Redis 配置。 |
72+
| session.redis.host | string || 127.0.0.1 | | Redis 主机地址。 |
73+
| session.redis.port | integer || 6379 | | Redis 端口。 |
74+
| session.redis.password | string || | | Redis 密码。 |
75+
| session.redis.username | string || | | Redis 用户名。 |
76+
| session.redis.database | integer || 0 | | Redis 数据库索引。 |
77+
| session.redis.prefix | string || sessions | | Redis 键前缀。 |
78+
| session.redis.ssl | boolean || false | | 启用 Redis SSL 连接。 |
79+
| session.redis.server_name | string || | | Redis SNI 服务器名称。 |
80+
| session.redis.auth | string || | | `session.redis.password` 的别名。 |
7081
| unauth_action | string || auth | ["auth","deny","pass"] | 未经身份验证的请求的操作。设置为 `auth` 时,重定向到 OpenID 提供程序的身份验证端点。设置为 `pass` 时,允许请求而无需身份验证。设置为 `deny` 时,返回 401 未经身份验证的响应,而不是启动授权代码授予流程。|
7182
| session_contents | object || | | 会话内容配置。如果未配置,将把所有数据存储在会话中。 |
7283
| session_contents.access_token | boolean || | | 若为 true,则将访问令牌存储在会话中。 |

0 commit comments

Comments
 (0)