Adding support for JWKS-based token validation and token attribute mapping (#151)

revomatico / kong-oidc

OIDC plugin for Kong

Apache License 2.0

110 stars 75 forks source link

Adding support for JWKS-based token validation and token attribute mapping (#151) #1

Closed Starefossen closed 3 years ago

Starefossen commented 3 years ago

Adds support for JWKS-based token validation (#150) and also extracting token attributes as HTTP headers (besides the X-Userinfo header)

Starefossen commented 3 years ago

@cristichiru will you be accepting this pull request if I resolve the merge conflicts?

Starefossen commented 3 years ago

@jmdacruz I have proposed this change for the revomatico fork since that seams to be the one that is most maintained.

cristichiru commented 3 years ago

@Starefossen of course!

hanlaur commented 3 years ago

@Starefossen You could check https://github.com/revomatico/kong-oidc/pull/2 if it covers your JWT validation and header injection use case. Quite a timing coincidence!

nachtfisch commented 3 years ago

for me that did the trick. both JWKS based validation from discovery endpoint as well as header mapping works.

Using a config like this.

_format_version: "1.1"

services:
 - name: mock-service
   url: http://mockbin.org/request
   path: /
   tags:
   - example
   routes:
    - name: mock-route
      methods:
      - GET      
      paths: ["/mock"] 
plugins:
- name: oidc
  config:
    client_id: "dummy"
    client_secret: "dummy"
    discovery: "redacted"
    unauth_action: deny
    # bearer_only: "yes"
    bearer_jwt_auth_enable: "yes"
    bearer_jwt_auth_allowed_auds: ["redacted"]
  enabled: true
  protocols:
  - grpc
  - grpcs
  - http
  - https

cristichiru commented 3 years ago

So, can we close this?