Certainly can go into detail. Took a community plugin for oidc and made it work with ping federate and integrated it work with your awesome mlcache. Code looks like so to get a larger picture:
local path_prefix = ""
if ngx.ctx.router_matches ~= nil then
path_prefix = ngx.ctx.router_matches.uri
if pl_stringx.endswith(path_prefix, "/") then
path_prefix = path_prefix:sub(1, path_prefix:len() - 1)
end
end
local callback_url = ngx.var.scheme .. "://" .. ngx.var.host .. path_prefix .. "/oauth2/callback"
-- check if we are calling the callback endpoint
if ngx.re.match(ngx.var.request_uri, string.format(OAUTH_CALLBACK, path_prefix)) then
handle_callback(conf, callback_url)
Some of the nice cache logic we added
local function getUserInfo(access_token, callback_url, conf)
local httpc = http:new()
local res, err = httpc:request_uri(conf.user_url, {
method = "GET",
ssl_verify = false,
headers = {
["Authorization"] = "Bearer " .. access_token,
}
})
-- redirect to auth if user result is invalid not 200
if res.status ~= 200 then
return redirect_to_auth(conf, callback_url)
end
local userJson = cjson.decode(res.body)
return userJson
end
local function getKongKey(eoauth_token, access_token, callback_url, conf)
-- This will add a 60 second expiring TTL on this cached value
-- https://github.com/thibaultcha/lua-resty-mlcache/blob/master/README.md
local userInfo, err = singletons.cache:get(eoauth_token, { ttl = 60 }, getUserInfo, access_token, callback_url, conf)
if err then
ngx.log(ngx.ERR, "Could not retrieve UserInfo: ", err)
return
end
....................
--Check boolean and then if EOAUTH has existing key -> userInfo value
if conf.userInfoCacheEnabled then
local userInfo = getKongKey(encrypted_token, access_token, callback_url, conf)
if userInfo then
for i, key in ipairs(conf.user_keys) do
ngx.header["X-Oauth-".. key] = userInfo[key]
ngx.req.set_header("X-Oauth-".. key, userInfo[key])
end
ngx.header["X-Oauth-Token"] = access_token
if type(ngx.header["Set-Cookie"]) == "table" then
ngx.header["Set-Cookie"] = { "EOAuthUserInfo=0; Path=/;Max-Age=" .. conf.user_info_periodic_check .. ";HttpOnly", unpack(ngx.header["Set-Cookie"]) }
else
ngx.header["Set-Cookie"] = { "EOAuthUserInfo=0; Path=/;Max-Age=" .. conf.user_info_periodic_check .. ";HttpOnly", ngx.header["Set-Cookie"] }
end
return
end
end
-- END OF NEW CACHE LOGIC --
Hmmm so if ngx.ctx.router_matches.uri can be a regex rather than the literal context uri string did you have an alternative reference you would recommend? Its working great but then again my uri was “/oidc/test” thus far in testing .
-Jeremy