multi-auth
#
DescriptionThe multi-auth
Plugin is used to add multiple authentication methods to a Route or a Service. It supports plugins of type 'auth'. You can combine different authentication methods using multi-auth
plugin.
This plugin provides a flexible authentication mechanism by iterating through the list of authentication plugins specified in the auth_plugins
attribute. It allows multiple consumers to share the same route while using different authentication methods. For example, one consumer can authenticate using basic authentication, while another consumer can authenticate using JWT.
#
AttributesFor Route:
Name | Type | Required | Default | Description |
---|---|---|---|---|
auth_plugins | array | True | - | Add supporting auth plugins configuration. expects at least 2 plugins |
#
Enable PluginTo enable the Plugin, you have to create two or more Consumer objects with different authentication configurations:
First create a Consumer using basic authentication:
curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "foo1",
"plugins": {
"basic-auth": {
"username": "foo1",
"password": "bar1"
}
}
}'
Then create a Consumer using key authentication:
curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "foo2",
"plugins": {
"key-auth": {
"key": "auth-one"
}
}
}'
Once you have created Consumer objects, you can then configure a Route or a Service to authenticate requests:
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/hello",
"plugins": {
"multi-auth":{
"auth_plugins":[
{
"basic-auth":{ }
},
{
"key-auth":{
"query":"apikey",
"hide_credentials":true,
"header":"apikey"
}
}
]
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
#
Example usageAfter you have configured the Plugin as mentioned above, you can make a request to the Route as shown below:
Send a request with basic-auth
credentials:
curl -i -ufoo1:bar1 http://127.0.0.1:9080/hello
Send a request with key-auth
credentials:
curl http://127.0.0.1:9080/hello -H 'apikey: auth-one' -i
HTTP/1.1 200 OK
...
hello, world
If the request is not authorized, an 401 Unauthorized
error will be thrown:
{"message":"Authorization Failed"}
#
Delete PluginTo remove the multi-auth
Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/hello",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'