修改配置文件,将OIDC的OP端点配置接口配置到一个文件中
This commit is contained in:
parent
919e5812f9
commit
5d91f77f85
|
|
@ -56,32 +56,10 @@ http {
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin *;
|
||||||
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
|
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||||
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
|
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
|
||||||
|
|
||||||
if ($request_method = 'OPTIONS') {
|
if ($request_method = 'OPTIONS') {
|
||||||
return 204;
|
return 204;
|
||||||
}
|
}
|
||||||
|
|
||||||
#OP端点配置
|
|
||||||
location /yum/v1/.well-known/openid-configuration {
|
|
||||||
content_by_lua_block {
|
|
||||||
local cjson = require "cjson"
|
|
||||||
local config = {
|
|
||||||
issuer = "http://localhost:9080",
|
|
||||||
authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
|
|
||||||
token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
|
|
||||||
userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
|
|
||||||
--jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选)
|
|
||||||
grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token
|
|
||||||
response_types_supported = { "code" },
|
|
||||||
subject_types_supported = { "public" },
|
|
||||||
id_token_signing_alg_values_supported = { "HS256" },
|
|
||||||
refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token
|
|
||||||
}
|
|
||||||
ngx.header["Content-Type"] = "application/json"
|
|
||||||
ngx.say(cjson.encode(config))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#数据列表配置
|
#数据列表配置
|
||||||
include 'system/system.conf';
|
include 'system/system.conf';
|
||||||
|
|
||||||
|
|
@ -95,20 +73,6 @@ http {
|
||||||
location /test {
|
location /test {
|
||||||
content_by_lua_file '${APP_PATH}/src/test/test.lua';
|
content_by_lua_file '${APP_PATH}/src/test/test.lua';
|
||||||
}
|
}
|
||||||
location = /testSM {
|
|
||||||
content_by_lua_block {
|
|
||||||
cjson = require "cjson.safe"
|
|
||||||
ngx.say(cjson.encode({a = 1, b = 2}))
|
|
||||||
local dict_a = ngx.shared.dict_a;
|
|
||||||
ngx.say("abc=",dict_a:get("abc"))
|
|
||||||
|
|
||||||
-- 访问全局变量
|
|
||||||
ngx.say("Global variable: ", global_var)
|
|
||||||
|
|
||||||
-- 访问共享字典
|
|
||||||
ngx.say("Shared dict value: ", dict_a:get("key"))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#server {
|
#server {
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,11 @@ location /yum/v1/system/users {
|
||||||
######################################################
|
######################################################
|
||||||
### oauth2.0 + openIDC 接口文件处理 ###
|
### oauth2.0 + openIDC 接口文件处理 ###
|
||||||
######################################################
|
######################################################
|
||||||
|
#OP认证端点相关
|
||||||
|
location /yum/v1/.well-known/openid-configuration {
|
||||||
|
content_by_lua_file '${APP_PATH}/src/api/oidc/config.lua';
|
||||||
|
}
|
||||||
|
|
||||||
#用户认证登陆相关
|
#用户认证登陆相关
|
||||||
location /yum/v1/oauth/v2 {
|
location /yum/v1/oauth/v2 {
|
||||||
content_by_lua_file '${APP_PATH}/src/api/oauth/oauth.lua';
|
content_by_lua_file '${APP_PATH}/src/api/oauth/oauth.lua';
|
||||||
|
|
|
||||||
|
|
@ -11,8 +11,14 @@ local oauthService = require("service.oauth.oauth")
|
||||||
--定义相关路由,前端接口url地址
|
--定义相关路由,前端接口url地址
|
||||||
local routes = {
|
local routes = {
|
||||||
--------------------------------------------
|
--------------------------------------------
|
||||||
------------ OAuth2.0认证相关路由配置 ---------
|
------------ OIDC OAuth2.0认证相关路由配置 ---
|
||||||
--------------------------------------------
|
--------------------------------------------
|
||||||
|
--OP端点配置
|
||||||
|
{
|
||||||
|
paths = { "/yum/v1/.well-known/openid-configuration" },
|
||||||
|
methods = { "GET", "POST" },
|
||||||
|
handler = oauthService.openidConfig,
|
||||||
|
},
|
||||||
--获取授权码
|
--获取授权码
|
||||||
{
|
{
|
||||||
paths = { "/yum/v1/oauth/v2/authorize" },
|
paths = { "/yum/v1/oauth/v2/authorize" },
|
||||||
|
|
|
||||||
21
src/api/oidc/config.lua
Normal file
21
src/api/oidc/config.lua
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
--- Generated by EmmyLua(https://github.com/EmmyLua)
|
||||||
|
--- Created by admin.
|
||||||
|
--- DateTime: 2025/11/19 11:48
|
||||||
|
--- openID Connect 认证端点配置文件
|
||||||
|
|
||||||
|
local cjson = require "cjson.safe"
|
||||||
|
local config = {
|
||||||
|
issuer = "http://localhost:9080",
|
||||||
|
authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
|
||||||
|
token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
|
||||||
|
userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
|
||||||
|
--jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选)
|
||||||
|
grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token
|
||||||
|
response_types_supported = { "code" },
|
||||||
|
subject_types_supported = { "public" },
|
||||||
|
id_token_signing_alg_values_supported = { "HS256" },
|
||||||
|
refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token
|
||||||
|
}
|
||||||
|
ngx.header["Content-Type"] = "application/json"
|
||||||
|
ngx.say(cjson.encode(config))
|
||||||
Loading…
Reference in New Issue
Block a user