diff --git a/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs b/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
index 2b8cf513..39c5181d 100644
--- a/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
+++ b/src/Keycloak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
@@ -17,6 +17,11 @@ public sealed class KeycloakAuthorizationServerOptions : KeycloakInstallationOpt
///
public string SourceAuthenticationScheme { get; set; } = "Bearer";
+ ///
+ /// Controls if is added to the
+ ///
+ public static bool DisableHeaderPropagation { get; set; }
+
///
/// Gets or sets a value indicating whether to use the protected resource policy provider.
///
diff --git a/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs b/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
index 683c34c2..91f67a61 100644
--- a/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
+++ b/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
@@ -23,7 +23,7 @@ public ProtectedResourcePolicyProvider(IOptions options)
return registeredPolicy;
}
- // TODO: policy should be cached and managed properly, not production ready
+ // Policy should be cached and managed properly, probably not production ready
// https://0xnf.github.io/posts/oauthserver/15/#dynamically-handling-policies
var builder = new AuthorizationPolicyBuilder();
var tokens = policyName.Split('#');
diff --git a/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs b/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
index d8fdbe0f..ddbe3870 100644
--- a/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
@@ -145,7 +145,14 @@ public static IHttpClientBuilder AddAuthorizationServer(
services.AddSingleton();
}
- return services.AddAuthorizationServerClient(configureClient).AddHeaderPropagation();
+ var builder = services.AddAuthorizationServerClient(configureClient);
+
+ if (!KeycloakAuthorizationServerOptions.DisableHeaderPropagation)
+ {
+ builder.AddHeaderPropagation();
+ }
+
+ return builder;
}
///