search

travisghansen / external-auth-server

easy auth for reverse proxies
MIT License
330 stars 44 forks source link

Support the same X-Userinfo header in the jwt plugin as in the oidc plugin #99

Closed Electrofenster closed 3 years ago

Electrofenster commented 3 years ago

I think it could be very good if the jwt plugin supports the same headers as the oidc plugin. When I make a request to my api with the authenticated accessToken in my header, the X-Userinfo-header is not set from the external-auth-server so my microservices can't handle the request to get the current user who makes the request.

A little workaround is to decode the X-Access-Token and then get the values from the decoded token to work with.

travisghansen commented 3 years ago

Userinfo is a very explicit oidc concept so putting this in with the generic jwt plugin doesn't make much sense. However, are you wanting to decode the token and then inject values from inside the token as headers?

Electrofenster commented 3 years ago

No. Whe you access an service with eas oidc and jwt plugin enabled you'll get this headers:

X-Access-Token: ...
X-Forwarded-For: 192.168.32.1, 192.168.32.1
X-Forwarded-Host: api.local
X-Forwarded-Method: GET
X-Forwarded-Proto: https
X-Forwarded-Uri: /whoami
X-Id-Token: ...
X-Powered-By: Express
X-Userinfo: {...}

but when you access the same url with the accessToken from above as authorizazion header you'll get this:

Authorization: Bearer ...
X-Forwarded-For: 192.168.32.1
X-Powered-By: Express

so the important header userinfo is not present to verify the logged in user with the userinfo-header ;)

travisghansen commented 3 years ago

Released in v0.10.0.