ahilmathew
commented
1 year ago I think I found the answer. I've been correct in using -
headers:
jwt: X-Vouch-Token
querystring: access_token
accesstoken: X-Vouch-IdP-AccessToken
idtoken: X-Vouch-IdP-IdTokenAnd then in ingress-nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $auth_resp_x_vouch_idp_accesstoken $upstream_http_x_vouch_idp_accesstoken;
proxy_set_header Authorization "Bearer $auth_resp_x_vouch_idp_accesstoken";X-Vouch-IdP-AccessToken does give you the access token from the IdP.
The reason the token didn't work for the location api is because I was using the wrong authorization server when I configured oidc for vouch-proxy. So the jwt that was being verified would not work as it was not issued by the same authorization server.
bnfinet
Hey, I'm very new to vouch proxy. Having an issue that I'll try to explain below.
I am running an AKS cluster which hosts 2 apps behind
ingress-nginxcontroller. One is a client and other app hosts thelocationapi. All requests to this API should have aAuthorization: Bearer <token>which is then validated by thelocationapp with Okta.User visits the client app through a browser -> user gets redirected to Okta which forwards the auth request to an IdP -> User gets authenticated and is redirected back to the client app. This all works fine.
My question is how do I get hold of the
access_tokenissued by the IdP and pass it on to thelocationapp as anAuthorizationheader. I just recently found out that VP issues it's own tokens after the end user authenticates with an IdP.So is it even possible to access the original
access_token? Am I using VP for the right use case? (https://github.com/vouch/vouch-proxy/issues/484#issuecomment-1179280657)