motiisr
commented
3 years ago +1 seems this is fixed in https://github.com/nokia/kong-oidc/pull/75 but it didn't release in 1.1.0.
Open devgodman opened 3 years ago
motiisr
commented
3 years ago +1 seems this is fixed in https://github.com/nokia/kong-oidc/pull/75 but it didn't release in 1.1.0.
ghunteranderson
commented
3 years ago Unfortunately, I think @motiisr is right. The feature for X-Access-Token was merged to master but was never released. Looking at the repo activity, I'm not optimistic it will be released. The last commit to master was Jun 12th 2019 and I'm not seeing contributor responses on PRs or issues.
Darguelles
commented
3 years ago @devgodman you can import the code plugin directly on your Kong instance, then use or customize all features. If you need an example, I've created this repo using this plugin to protect my backend services.
Fabryprog
commented
1 year ago Guys, I had same issue and I resolved creating a new oidc plugin local version.
Specifically, I copied the files inside https://github.com/nokia/kong-oidc/tree/master/kong/plugins/oidc into a temporary folder (/opt/plugin-oidc-src/) and launch following commands:
luarocks make /opt/plugin-oidc-src/kong-oidc-1.2.0-0.rockspec
luarocks pack --verbose kong-oidc 1.2.0
luarocks install kong-oidc-1.2.0-0.all.rock
I find from the readme that X-Access-Token is returned from Kong to the request to upstream. However, I can only find X-UserInfo now. Is it safe to only use this info for the resource server to verify the request? Besides, why X-Access-Token is not returned? Thanks.