Replies: 3 comments 2 replies
-
Hey @yan-vine! 👋 I'm here to help you with any bugs, questions, or contributions you have. Let's tackle this challenge together! To address your challenges with implementing Google OAuth authentication and token auto-renewal using APISIX for your React SPA, you can follow these steps using the OpenID Connect plugin:
Here's a code snippet from the Lua script that demonstrates these functionalities: if userinfo and conf.set_userinfo_header then
core.request.set_header(ctx, "X-Userinfo",
ngx_encode_base64(core.json.encode(userinfo)))
end
response, err, _, session = openidc.authenticate(conf, nil, unauth_action, conf.session)
if err then
if session then
session:close()
end
if err == "unauthorized request" then
if conf.unauth_action == "pass" then
return nil
end
return 401
end
core.log.error("OIDC authentication failed: ", err)
return 500
end
if response then
add_access_token_header(ctx, conf, response.access_token) This setup will handle Google OAuth authentication, manage token renewal, and redirect back to your React SPA with user information after successful authentication [1][2]. To continue talking to Dosu, mention @dosu. Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other |
Beta Was this translation helpful? Give feedback.
-
This is exact issue reported #12025 |
Beta Was this translation helpful? Give feedback.
-
You also need to handle OIDC on the client-side (your SPA) using the appropriate library for example |
Beta Was this translation helpful? Give feedback.
-
New to APISIX, thanks for reading and contributing, appreciate any help
I'm implementing a React SPA that needs Google OAuth authentication with APISIX as the API gateway. My current setup:
I'm facing two specific challenges:
What's the recommended approach for this flow? I've tried configuring the OpenID Connect plugin with bearer_only: false, but I'm unclear on how to properly set up the redirect back to the React app and handle the user data transfer.
Has anyone implemented this pattern successfully? Any example configurations or best practices?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions