reppners
commented
1 year ago Well actually it is.. seems to be an issue with the application logic. Sorry for bothering 😅
Closed reppners closed 1 year ago
reppners
commented
1 year ago Well actually it is.. seems to be an issue with the application logic. Sorry for bothering 😅
Hi there! Thanks for maintaining this plugin, it helps a lot!
When the option
bearer_jwt_auth_enableis used the verified access token is not passed upstream. Is this by design?Our use case is using a token with multiple API gateways potentially being chained where the token typically is passed as Authorization header. When using the
bearer_jwt_auth_enableoption the token does not reach the upstream server.See https://github.com/revomatico/kong-oidc/blob/d0d7a2bfc3eddd0fef721a342066562465938264/kong/plugins/oidc/handler.lua#L36-L43
And the other location when the oidc cycle is being done where the access token is set https://github.com/revomatico/kong-oidc/blob/d0d7a2bfc3eddd0fef721a342066562465938264/kong/plugins/oidc/handler.lua#L78
Thanks!