feat: add User ID to a header when calling whoami (#530)

Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
ory · Jul 1, 2020 · 183b4d0 · 183b4d0
1 parent df87064
commit 183b4d0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/session/handler.go b/session/handler.go
@@ -56,7 +56,8 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {
 // Check who the current HTTP session belongs to
 //
 // Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated.
-// Returns a session object or 401 if the credentials are invalid or no credentials were sent.
+// Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent.
+// Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response.
 //
 // This endpoint is useful for reverse proxies and API Gateways.
 //
@@ -81,6 +82,9 @@ func (h *Handler) whoami(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	// s.Devices = nil
 	s.Identity = s.Identity.CopyWithoutCredentials()
 
+	// Set userId as the X-Kratos-Authenticated-Identity-Id header.
+	w.Header().Set("X-Kratos-Authenticated-Identity-Id", s.Identity.ID.String())
+
 	h.r.Writer().Write(w, r, s)
 }
 

diff --git a/session/handler_test.go b/session/handler_test.go
@@ -72,6 +72,7 @@ func TestSessionWhoAmI(t *testing.T) {
 				res, err = client.Do(req)
 				require.NoError(t, err)
 				assert.EqualValues(t, http.StatusOK, res.StatusCode)
+				assert.NotEmpty(t, res.Header.Get("X-Kratos-Authenticated-Identity-Id"))
 			})
 		}
 	})