Closed Starefossen closed 3 years ago
@cristichiru will you be accepting this pull request if I resolve the merge conflicts?
@jmdacruz I have proposed this change for the revomatico fork since that seams to be the one that is most maintained.
@Starefossen of course!
@Starefossen You could check https://github.com/revomatico/kong-oidc/pull/2 if it covers your JWT validation and header injection use case. Quite a timing coincidence!
for me that did the trick. both JWKS based validation from discovery endpoint as well as header mapping works.
Using a config like this.
_format_version: "1.1"
services:
- name: mock-service
url: http://mockbin.org/request
path: /
tags:
- example
routes:
- name: mock-route
methods:
- GET
paths: ["/mock"]
plugins:
- name: oidc
config:
client_id: "dummy"
client_secret: "dummy"
discovery: "redacted"
unauth_action: deny
# bearer_only: "yes"
bearer_jwt_auth_enable: "yes"
bearer_jwt_auth_allowed_auds: ["redacted"]
enabled: true
protocols:
- grpc
- grpcs
- http
- https
So, can we close this?
Adds support for JWKS-based token validation (#150) and also extracting token attributes as HTTP headers (besides the X-Userinfo header)