Send configured claims as headers to backends #72
Conversation
|
This really looks useful - could you provide a build of it, maybe in your fork? |
|
Sure, here it is: ghcr.io/bennesp/traefik-forward-auth:v3.1.0-pr72. It is built by Github Actions |
|
Thx! |
|
Is there something holding this back (apart from devs' time of course)? So far as I can tell this would be the only way for me to receive claims about authenticated users from the identity providers--I am releasing information from the providers but can only get the username (e-mail) to my application. |
I don’t think this is totally true. I recall a configuration variable (I think it was called Then, of course, your backend needs to decode the JWT, but after that (even without verifying it, if you trust the network) you will be able to access any claim defined in the JWT. This of course doesn't prevent this PR to be reviewed and merged 😅 |
|
Would love to see this one merged... |
|
I considered this fork as unmaintained since I didn't see any new commits from 2022, but then in August I saw @mhrabovcin working on merging some PRs. Maybe he can give a shot to this PR too? 🙏 |
This PR add the possibility to configure generic claims to be passed to backends as headers.
It is related to this comment #64 (comment) which is by far the most upvoted comment in this repository
Just as an example: if you set
EXTRA_CLAIMS = "x-forwarded-locale:locale, x-forwarded-picture:picture"then your backends will receive two new headers:X-Forwarded-Locale, containing the value inside thelocaleclaim, andX-Forwarded-Picture, containing the value inside the claimpictureNote: remember also to add
authResponseHeadersorauthResponseHeadersRegexto your middleware appropriately of course