passing up headers from auth_request
Solution 1:
Ok, I was able to do that with the help of the headers_more module.
The full configuration is:
location = /jwtverify {
internal;
proxy_pass http://auth-module:8080/auth/verify;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location /profile {
auth_request /jwtverify;
# this gets called right after auth_request returns.
# it reads http "authorization" header from upstream (= auth_request)
# and sets it to the variable $auth_header
# https://stackoverflow.com/a/31485557/1759845
auth_request_set $auth_header $upstream_http_authorization;
# this gets called right before sending response to client.
# it adds the previously set variable (= "authorization"
# header from auth_request) to the response
more_set_headers "Authorization: $auth_header";
proxy_pass http://private-profile:80;
}
Solution 2:
This is how I was able to solve this without a custom module:
location /auth {
internal;
proxy_pass http://localhost:3000/auth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Remote-Addr $remote_addr;
proxy_set_header X-Original-Host $host;
}
location /protected {
auth_request /auth;
auth_request_set $authentication_id $sent_http_x_authentication_id;
proxy_pass http://localhost:3000/protected;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Remote-Addr $remote_addr;
proxy_set_header X-Original-Host $host;
proxy_set_header X-Authentication-Id: $authentication_id;
}
- Have your /auth endpoint include a response header. Mine sets
X-Authentication-Id - Use auth_request_set to set a variable based on the response header
- Use the variable to set the header as part of the /protected request