Update oauth2-plugin.md (#884)
Fix the issue of the lack of guidance in using oauth2.
diff --git a/docs/plugin-center/security/oauth2-plugin.md b/docs/plugin-center/security/oauth2-plugin.md
index 1603119..39525e1 100644
--- a/docs/plugin-center/security/oauth2-plugin.md
+++ b/docs/plugin-center/security/oauth2-plugin.md
@@ -6,55 +6,49 @@
## Description
-* The `OAuth2` plugin is implemented using `Webflux OAuth2`, used to support `OAuth` protocol.
+The `OAuth2` plugin in Apache Shenyu is implemented using the OAuth2 standard. It allows for secure and authorized access to protected resources on a web server by using a token-based authentication method.
+
+## How Does It Works?
+
+In Apache Shenyu, the OAuth2 plugin acts as the client application, while the authorization server and resource server are typically provided by external services like GitHub, Google, or Facebook. When a user attempts to access a protected resource on the Apache Shenyu server, the OAuth2 plugin redirects the user to the authorization server to request permission to access the resource. The user then logs in to the authorization server and grants permission for the client application (OAuth2 plugin) to access the requested resource on their behalf. The authorization server then sends a token to the client application, which it can use to access the resource server and retrieve the protected resource.
## Plugin Setting
-Please refer to the `deployment` document, choose a way to start `shenyu-admin`. For example, [Local Deployment](../../deployment/deployment-local).
+Setting up the OAuth2 Plugin in Apache Shenyu
-* In `shenyu-admin` BasicConfig --> plugin -> `oauth2` set to enable. If you don't want to use this function, please disable this plugin in the `shenyu-admin`.
+To configure the OAuth2 plugin in Apache Shenyu, you will need to follow these steps:
- <img src="/img/shenyu/plugin/oauth2/oauth2_open_en.jpg" width="80%" height="80%" />
+* Step 1: Install the OAuth2 Plugin
-* Add configuration mode in plugin editing.
+ First, you need to ensure that the OAuth2 plugin is installed and enabled in Apache Shenyu. If it is not already installed, you can download it from the Shenyu GitHub repository and follow the installation instructions.
-## Plugin Use
+* Step 2: Register an OAuth2 Application with the Authorization Server
-- Add support for `oauth2` to the pom file of the gateway
+ Before you can use the OAuth2 plugin in Apache Shenyu, you need to register an OAuth2 application with the authorization server you plan to use (e.g., GitHub, Google, etc.). The registration process typically involves providing basic information about your application, such as the application name, website URL, and redirect URI.
-```xml
- <!-- apache shenyu oauth2 plugin start-->
- <dependency>
- <groupId>org.apache.shenyu</groupId>
- <artifactId>shenyu-spring-boot-starter-plugin-oauth2</artifactId>
- <version>${project.version}</version>
- </dependency>
- <!-- apache shenyu oauth2 plugin end-->
+ Once you have registered your OAuth2 application with the authorization server, you will receive a client ID and client secret, which you will need to use in the next step.
-```
+* Step 3: Configure the OAuth2 Plugin
-- Configuration `oauth2` at `shenyu-bootstrap`
+ To configure the OAuth2 plugin in Apache Shenyu, you will need to modify the shenyu-server.yaml configuration file. Here's an example of what the configuration might look like:
-```yml
+ ```
+ plugins:
+ oauth2:
+ enabled: true
+ client_id: <your_client_id>
+ client_secret: <your_client_secret>
+ authorization_url: <authorization_server_url>
+ token_url: <token_endpoint_url>
+ user_info_url: <user_info_endpoint_url>
+ ```
-spring:
- security:
- oauth2:
- client:
- registration:
- <your client-registration-id>:
- client-id: <your client-id>
- client-secret: <your client-secret>
- # the next part is authorize server‘s config
- provider:
- <your client-registration-id>:
- authorization-uri: <your authorization-uri>
- token-uri: <your access-token-uri>
- user-info-uri: <your user-info-uri>
- jwk-set-uri: <your jwk-set-uri>
-```
+ * `enabled`: Set this to `true` to enable the OAuth2 plugin in Shenyu.
+ * `client_id` and `client_secret`: These are the client credentials you received when you registered your OAuth2 application with the authorization server.
+ * `authorization_url`: This is the URL of the authorization server's authorization endpoint.
+ * `token_url`: This is the URL of the authorization server's token endpoint.
+ * `user_info_url`: This is the URL of the authorization server's user info endpoint, which is used to retrieve information about the authenticated user.
+
+* Step 4: Test the OAuth2 Plugin
-
-- Configure the relevant configuration of `spring.security.oauth2` in the configuration file of the gateway. For detailed configuration instructions, please refer to [Spring Webflux OAuth2](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#webflux-oauth2)
-- Configure the selector and rule as the request address that you need `OAuth2` authorization, and release all requests by default. For more instructions on selector and rule configuration, please refer to: [Selector And Rule Config](../../user-guide/admin-usage/selector-and-rule).
-
+ To test the OAuth2 plugin in Apache Shenyu, you can try to access a protected resource on the Shenyu server that requires authentication. When you attempt to access the resource, the OAuth2 plugin should redirect you to the authorization server's login page. After you log in and grant permission to the client application (OAuth2 plugin), the plugin should be able to retrieve an access token and use it to access the protected resource on your behalf.
