Closed jasondiazg closed 1 month ago
Sure! Makes sense, if that's configurable in the other end. Could the config fields perhaps be named jwtHeaderName
and authorizationCookieName
?
Sure! Makes sense, if that's configurable in the other end. Could the config fields perhaps be named
jwtHeaderName
andauthorizationCookieName
?
Hi @freben! Of course, let me change it.
I already made the change and fix the tests, kindly take a look @freben @camilaibs #25516
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Fixed!
🔖 Feature description
The Cloudflare auth provider should allow use custom
cf-access-jwt-assertion
header and theCF_Authorization
cookie key.🎤 Context
I have my backstage deployment protected by Cloudflare, however, my Cloudflare performs some custom internal workflows and as a result the
cf-access-jwt-assertion
header and theCF_Authorization
cookie key are not present in the request that Backstage receive. The Cloudflare auth provider has the two values hardcoded, the header is harcoded as constant and the cookie key directly in the function, both values should be configurables in theauth.providers.cfaccess
section in theapp-config.yaml
file.✌️ Possible Implementation
The Cloudflare auth provider should allow these two optional configurations
auth.providers.cfaccess.cfheader
andauth.providers.cfaccess.cfcookiekey
in theapp-config.yaml
, if the values are not provided, then it should use the default ones (cf-access-jwt-assertionand
CF_Authorization`).👀 Have you spent some time to check if this feature request has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
Yes I am willing to submit a PR!