Skip to content

Commit

Permalink
add feature to jwt plugin:allow set headers from claim
Browse files Browse the repository at this point in the history
  • Loading branch information
mtparet committed Jul 12, 2024
1 parent b65e2fb commit b3c5edc
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
14 changes: 14 additions & 0 deletions kong/plugins/jwt/handler.lua
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ local pairs = pairs
local tostring = tostring
local re_gmatch = ngx.re.gmatch

local consts = {
JWT_CLAIM_HEADER_PREFIX = "X-Jwt-Claim"
}

local JwtHandler = {
VERSION = kong_meta.version,
Expand Down Expand Up @@ -150,6 +153,15 @@ local function unauthorized(message, www_auth_content, errors)
return { status = 401, message = message, headers = { ["WWW-Authenticate"] = www_auth_content }, errors = errors }
end

-- set header keys from claims
local function set_headers(conf, claims)
local set_header = kong.service.request.set_header
for _, v in ipairs(conf.headers_to_set) do
if claims[v] then
set_header(consts.JWT_CLAIM_HEADER_PREFIX.."-"..v, claims[v])
end
end
end

local function do_authentication(conf)
local token, err = retrieve_tokens(conf)
Expand Down Expand Up @@ -254,6 +266,8 @@ local function do_authentication(conf)

set_consumer(consumer, jwt_secret, token)

set_headers(conf, claims)

return true
end

Expand Down
5 changes: 5 additions & 0 deletions kong/plugins/jwt/schema.lua
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ return {
type = "string",
one_of = { "exp", "nbf" },
}, }, },
{ headers_to_set = {
type = "set",
elements = {
type = "string"
}, }, },
{ anonymous = { description = "An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.", type = "string" }, },
{ run_on_preflight = { description = "A boolean value that indicates whether the plugin should run (and try to authenticate) on OPTIONS preflight requests. If set to false, then OPTIONS requests will always be allowed.", type = "boolean", required = true, default = true }, },
{ maximum_expiration = {
Expand Down

0 comments on commit b3c5edc

Please sign in to comment.