Support Nested Claims in JWTs claimToHeader setting

[srenatus]

Is your feature request related to a problem? Please describe. Translating JWT claims to request headers only works for simple string claims, like role: foobar. It doesn't work for nested claims like

roles:
  tenant1: foobear
  tenant2: admin

Describe the solution you'd like There's some ways this could work, maybe by injecting the JSON as header value, like

roles: { "tenant1": "foobear", "tenant2": "admin"}

Describe alternatives you've considered Setting keepToken: true and having the upstream service deal with parsing the token claims.

Additional context This is similar, but not exactly the same as #2744 (RBAC with nested claims).

[kdorosh]

note from @yuval-k , after cursory reading of filter code: underlying envoy filter uses a proto struct, the filter itself should already support nested claims. the claimToHeader functionality of the filter does not support nested claims, however

[npolshakova]

The jwt filter supports the nested claims natively, and claimToHeader has been updated to support parsing nested claims at the top level.

Translating nested JWT claims now will translate the nested claim as follows:

{
  test: {
    company: "foo",
    field2: "bar" 
  },
 tenant2: admin
}

You can do:

claimsToHeaders:
  - claim: test
    header: x-company

Currently only supports direct claims in the header, not nested claim path parsing i.e.

            claimsToHeaders:
            - claim: test.company
              header: x-company

[github-actions[bot]]

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.

[willowmck]

We have another prospect who is looking for this functionality. Currently, they have a workaround but it's fairly complex to do with the transformation filter that could become error prone.