Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract configurable JWT claims to be added to custom headers #2145

Open
thjaeckle opened this issue Mar 11, 2025 · 0 comments
Open

Extract configurable JWT claims to be added to custom headers #2145

thjaeckle opened this issue Mar 11, 2025 · 0 comments

Comments

@thjaeckle
Copy link
Member

Right now, claims from a JWT can be mapped to "auth subject" which Ditto can make use of in its Policies to authorise HTTP calls based on e.g. a sub or based on groups in a JWT.

There are situations where it would come handy to extract another claim like e.g. email and provide this as custom (configurable) header to Ditto.

This would be part of the openid-connect-issuers configuration:

ditto.gateway.authentication {
    oauth {
      openid-connect-issuers = {
        myprovider = {
          issuer = "localhost:9000"
          auth-subjects = [
            "{{ jwt:sub }}",
            "{{ jwt:groups }}"
          ]
          inject-into-headers = {
            the-users-email = "{{ jwt:email }}"
          }
        }
      }
    }
}

This would be helpful to e.g. identify the user without the need of mapping the identifying factor to "auth-subjects" (which is only needed for authorisation, not for identification).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thjaeckle