Open devgodman opened 3 years ago
+1 seems this is fixed in https://github.com/nokia/kong-oidc/pull/75 but it didn't release in 1.1.0.
Unfortunately, I think @motiisr is right. The feature for X-Access-Token
was merged to master but was never released. Looking at the repo activity, I'm not optimistic it will be released. The last commit to master was Jun 12th 2019 and I'm not seeing contributor responses on PRs or issues.
@devgodman you can import the code plugin directly on your Kong instance, then use or customize all features. If you need an example, I've created this repo using this plugin to protect my backend services.
Guys, I had same issue and I resolved creating a new oidc plugin local version.
Specifically, I copied the files inside https://github.com/nokia/kong-oidc/tree/master/kong/plugins/oidc into a temporary folder (/opt/plugin-oidc-src/) and launch following commands:
luarocks make /opt/plugin-oidc-src/kong-oidc-1.2.0-0.rockspec
luarocks pack --verbose kong-oidc 1.2.0
luarocks install kong-oidc-1.2.0-0.all.rock
I find from the readme that X-Access-Token is returned from Kong to the request to upstream. However, I can only find X-UserInfo now. Is it safe to only use this info for the resource server to verify the request? Besides, why X-Access-Token is not returned? Thanks.