multi-auth
#
DescriptionThe multi-auth
Plugin is used to add multiple authentication methods to a Route or a Service. It supports plugins of type 'auth'. You can combine different authentication methods using multi-auth
plugin.
This plugin provides a flexible authentication mechanism by iterating through the list of authentication plugins specified in the auth_plugins
attribute. It allows multiple consumers to share the same route while using different authentication methods. For example, one consumer can authenticate using basic authentication, while another consumer can authenticate using JWT.
#
AttributesFor Route:
Name | Type | Required | Default | Description |
---|---|---|---|---|
auth_plugins | array | True | - | Add supporting auth plugins configuration. expects at least 2 plugins |
#
Enable PluginTo enable the Plugin, you have to create two or more Consumer objects with different authentication configurations:
First create a Consumer using basic authentication:
curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "foo1",
"plugins": {
"basic-auth": {
"username": "foo1",
"password": "bar1"
}
}
}'
Then create a Consumer using key authentication:
curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "foo2",
"plugins": {
"key-auth": {
"key": "auth-one"
}
}
}'
You can also use the APISIX Dashboard to complete the operation through a web UI.
Once you have created Consumer objects, you can then configure a Route or a Service to authenticate requests:
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/hello",
"plugins": {
"multi-auth":{
"auth_plugins":[
{
"basic-auth":{ }
},
{
"key-auth":{
"query":"apikey",
"hide_credentials":true,
"header":"apikey"
}
}
]
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
#
Example usageAfter you have configured the Plugin as mentioned above, you can make a request to the Route as shown below:
request with basic-auth
curl -i -ufoo1:bar1 http://127.0.0.1:9080/hello
request with key-auth
curl http://127.0.0.2:9080/hello -H 'apikey: auth-one' -i
HTTP/1.1 200 OK
...
hello, world
If the request is not authorized, an error will be thrown:
HTTP/1.1 401 Unauthorized
...
{"message":"Authorization Failed"}
#
Delete PluginTo remove the multi-auth
Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/hello",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'