mnutt
commented
8 years ago It's actually currently possible for the backend service to access the user's session cookie, which gets passed through. If the backend is using node it's just a matter of using the cookie-session module. The cookie is signed with a secret by doorman, but just viewing the contents doesn't necessarily need the secret.
This is obviously sub-optimal. Ideally we could pass a header to the backend, like you suggest. (I'd be happy to look at a PR for this) We'd just need each module to define what 'username' means.
pataquets
If username is (or can be) made available to the backend server, for example via an added HTTP header, backend apps would benefit a lot. I didn't found anything in the docs.