kong 认证插件:key-auth

一、介绍

key-auth 是kong 客户端和服务端认证的插件,当客户端请求网关时需要在http 头部带上认证(apikey ),kong会检查apikey有效性,并且会把key-auth认证的信息发送到服务端。

二、key-auth 参数如下

字段 默认值 描述
name 插件名字,key-auth认证就是 key-auth
service_id 服务ID
route_id 路由ID
api_id api id
enabled true 是否可用
config.key_names apikey 验证参数名称
config.key_in_body false If enabled, the plugin will read the request body (if said request has one and its MIME type is supported) and try to find the key in it. Supported MIME types are application/www-form-urlencoded, application/json, and multipart/form-data.
config.hide_credentials false An optional boolean value telling the plugin to show or hide the credential from the upstream service. If true, the plugin will strip the credential from the request (i.e. the header or querystring containing the key) before proxying it.
config.anonymous An optional string (consumer uuid) value to use as an “anonymous” consumer if authentication fails. If empty (default), the request will fail with an authentication failure 4xx. Please note that this value must refer to the Consumer id attribute which is internal to Kong, and not its custom_id.
config.run_on_preflight true A boolean value that indicates whether the plugin should run (and try to authenticate) on OPTIONS preflight requests, if set to false then OPTIONS requests will always be allowed.

三、使用

1,给service加key-auth

命令:

curl -X POST http://kong:8001/services/{service名字或iD}/plugins \
    -d "name=key-auth" \
    -d "config.key_names=apiKey"

2,添加客户

curl -X POST http://kong:8001/consumers/ \
    --data "username=<USERNAME>" \
    --data "custom_id=<CUSTOM_ID>"

3,创建访问key

curl -X POST http://kong:8001/consumers/{consumer ID或名子}/key-auth -d ''

或 放到header里(推荐)

curl http://kong:8000/{proxy path} \
    -H 'apikey: <some_key>'

4,访问

curl http://kong:8000/{proxy path}?apikey=<some_key>

5,删除key

curl -X DELETE http://kong:8001/consumers/{consumer}/key-auth/{id}

6,查看key-auth

curl -X GET http://kong:8001/key-auths

7,查看客户key

curl -X GET http://kong:8001/key-auths/{key or id}/consumer

参考

https://docs.konghq.com/hub/kong-inc/key-auth/


ph.w
ph.w 1年前

已被 0 人挖起

回应
登录 后发表评论
  • 消灭零回应