Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] JWT - Send payload as headers to upstream server #1985

Closed
ghost opened this issue Jan 15, 2017 · 8 comments
Closed

[feature] JWT - Send payload as headers to upstream server #1985

ghost opened this issue Jan 15, 2017 · 8 comments
Labels
task/feature Requests for new features in Kong

Comments

@ghost
Copy link

ghost commented Jan 15, 2017
edited by ghost
Loading

Summary

I use JWT plugin.
I craft all my JWT tokens using 1 single Consumer named 'auth-server'
The end-user email is encoded in the JWT payload.

{
  "sub": "1234567890",
  "email": "myuser@mysite.com",
  "iss": "ec9493fb1af244d5a80c9ce8fefa2c1f"
}

I want my upstream server to receive the end-user email as Header.

example:

X-JWT-Payload-Email: myuser@mysite.com
or
X-Email: myuser@mysite.com
or
...

Use case

  • Easier to test the upstream server application
  • No need to handle/install anything JWT-related (decode/verification) in the upstream server
@Tieske
Copy link
Member

Tieske commented Jan 15, 2017

imo this should be done in a dual-plugin approach:

  1. plugin to extract and store data in a request specific table
  2. plugin to modify/insert request elements based on the request specific table

see also; #550 (comment). Much of the application logic can be shared this way.

@wshirey
Copy link

wshirey commented Jan 17, 2017
edited
Loading

@pouledodue I have done a proof of concept here:
https://github.com/wshirey/kong-plugin-jwt-claims-headers

You also need to account for requests that already have those headers set. You may could remove them with a request transformer before the jwt-claims-header executes.

This comes with no support :)

@ghost
Copy link
Author

ghost commented Jan 19, 2017

@wshirey I will try it tomorrow

@jovanmaric
Copy link

This feature would be very nice indeed. However, passing the payload, as mentioned, in a "X-JWT-Payload" header would be enough. This gives the opportunity to parse the JSON on API / Microservice level, in contrast to hardcoding headers based on what the payload contains.

@thibaultcha thibaultcha added task/feature Requests for new features in Kong area/plugins labels Apr 28, 2017
@gottfrois
Copy link

agree with @jovanmaric, a base64 encoded payload in a custom http header might be enough? no need to populate one http header for every key in the payload

@ghost
Copy link
Author

ghost commented May 16, 2017

yes would be enough

@lodow
Copy link

lodow commented Jul 17, 2017

Any update on that? Do you plan to integrate this feature in kong?
The work of @wshirey seem great but you can't directly use it with kong's docker image.

@ghost ghost closed this as completed Sep 22, 2018
@vnwonah
Copy link

vnwonah commented Apr 6, 2020

If anyone gets here, I've written a plugin that does exactly this https://github.com/vnwonah/kong-token-to-header-extractor

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task/feature Requests for new features in Kong
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@hishamhm @gottfrois @Tieske @thibaultcha @wshirey @lodow @jovanmaric @vnwonah