FORWARD_TOKEN_HEADER_NAME and EMAIL_HEADER_NAMES not working

[ValentinKolb]

Hello,

I use this middleware for Keycloak (generic OpenId Connect) and would like to get the JWT from Keycloak forwarded.

Is this possible? I need this token in my frontend to authenticate other API accesses later on.

I have the following config:

traefik:
    image: "traefik:v2.6"
    ...

forwardauth:
    image: mesosphere/traefik-forward-auth
    ...
    environment:
      SECRET: <secret>
      PROVIDER_URI: <url>
      CLIENT_ID: <id>
      CLIENT_SECRET: <client-secret>
      LOG_LEVEL: debug
      FORWARD_TOKEN_HEADER_NAME: "X-Forwarded-JWT" # <- !
    labels:
      traefik.enable: true
      traefik.http.services.forwardauth.loadbalancer.server.port: 4181
      traefik.http.routers.forwardauth.entrypoints: web
      traefik.http.routers.forwardauth.rule: Path(`/_oauth`)
      traefik.http.routers.forwardauth.middlewares: traefik-forward-auth
      traefik.http.middlewares.traefik-forward-auth.forwardauth.address: http://forwardauth:4181
      traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders: X-Forwarded-User, X-Forwarded-JWT
      traefik.http.middlewares.traefik-forward-auth.forwardauth.trustForwardHeader: true

  whoami:
    image: "traefik/whoami"
    ...
    labels:
      ...
      traefik.http.routers.whoami.middlewares: traefik-forward-auth

Authentication works, when I access my whoami I am redirected to Keycloak. Unfortunately, the bearer token is not forwarded in the X-Forwarded-JWT header. The X-Forwarded-User Header works as expected but i can' change the name of the header with the EMAIL_HEADER_NAMES env var.

Thanks for the answer in advance :)

[thmo]

Try using the mesosphere/traefik-forward-auth:3.1.0 image.

The :latest image currently points to :2.0.2.

[tgerakitis]

using 3.1.0 fixed the issue for me