refactor: Removing unnecessary properties (apache#6574)

Removing unnecessary properties and test codes. And also improve document for Token generation feature. feat: apache#6574
Azilen · Mar 11, 2022 · 99ff9f4 · 99ff9f4
1 parent 22c8d8e
commit 99ff9f4
Show file tree

Hide file tree

Showing 3 changed files with 245 additions and 15 deletions.
diff --git a/apisix/plugins/authz-keycloak.lua b/apisix/plugins/authz-keycloak.lua
@@ -67,9 +67,7 @@ local schema = {
         access_token_expires_leeway = {type = "integer", minimum = 0, default = 0},
         refresh_token_expires_in = {type = "integer", minimum = 1, default = 3600},
         refresh_token_expires_leeway = {type = "integer", minimum = 0, default = 0},
-        token_userinfo_endpoint = {type = "string", minLength = 1, maxLength = 4096},
         token_generation_endpoint = {type = "string", minLength = 1, maxLength = 4096},
-        include_user_info = {type = "boolean", default = false}
     },
     allOf = {
         -- Require discovery or token endpoint.
@@ -323,15 +321,15 @@ end
 
 -- Return access_token expires_in value (in seconds).
 local function authz_keycloak_access_token_expires_in(conf, expires_in)
-    return (expires_in or conf.access_token_expires_in or 300)
-           - 1 - (conf.access_token_expires_leeway or 0)
+    return (expires_in or conf.access_token_expires_in)
+           - 1 - conf.access_token_expires_leeway
 end
 
 
 -- Return refresh_token expires_in value (in seconds).
 local function authz_keycloak_refresh_token_expires_in(conf, expires_in)
-    return (expires_in or conf.refresh_token_expires_in or 3600)
-           - 1 - (conf.refresh_token_expires_leeway or 0)
+    return (expires_in or conf.refresh_token_expires_in)
+           - 1 - conf.refresh_token_expires_leeway
 end
 
 

diff --git a/docs/en/latest/plugins/authz-keycloak.md b/docs/en/latest/plugins/authz-keycloak.md
@@ -123,22 +123,22 @@ of the same name. The scope is then added to every permission to check.
 If `lazy_load_paths` is `false`, the plugin adds the mapped scope to any of the static permissions configured
 in the `permissions` attribute, even if they contain one or more scopes already.
 
-### Customized authentication and token generation by plugin configuration
+### Token generation endpoint
 
-Till now whenever new request came, keycloak plugin was first checking JWT token. 
-But from now if user don't have token then, we can generate new token with `token_endpoint` based on incomming Request URI path matching in `token_generation_endpoint`.
-This will use to generate new JWT token. And for other route config, if will check token and redirect to the resource which are allocated to user. For this token generation, by default grant_type will be `password`.
+If user wants to generate a token based on user name and password with the support of grant type `password`.
 
-## Customized authentication example 
+The user have to configure URI path (E.g. `/api/Token`) in `token_generation_endpoint` which will match with incomming Request URI path and it will generate a new token with using `token_endpoint`.
+
+And for other route config, if will check token and redirect to the resource which are allocated to users.
+
+The user must have to pass Content-Type header as `application/x-www-form-urlencoded` and `username & password` in body part of request.
+
+## Token generation example 
 
 ```cURL Code
 curl --location --request POST 'http://127.0.0.1:9080/api/Token' \
 --header 'Accept: application/json, text/plain, */*' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
---header 'Origin: http://127.0.0.1:8080' \
---header 'Referer: 127.0.0.1:8080' \
---header 'client_secret: Client Secret' \
---header 'client_id: Client ID' \
 --data-urlencode 'username=User Name' \
 --data-urlencode 'password=Password'
 ```