When Nginx proxies the request to an upstream, the Authorization header gets modified.
Basically, if the request holds Authorization: Bearer ey... the server cuts the Bearer part, which is kinda odd if the upstream expects the Bearer. Imho, the request shouldn't be modified by the auth plugin.
Description
When Nginx proxies the request to an upstream, the Authorization header gets modified.
Basically, if the request holds
Authorization: Bearer ey...
the server cuts theBearer
part, which is kinda odd if the upstream expects the Bearer. Imho, the request shouldn't be modified by the auth plugin.Test case
Here's a Docker compose file to test it:
nginx_main.conf
nginx.conf
:Then if you run:
curl localhost:8080 -H 'Authorization: Bearer eyJhbGc...'
the response is:
Possible solution:
I've created a possible fix on my branch. It was editing the pointer value which is a string, which means it modifies the header value directly.
Let me know what you think.