@@ -360,6 +360,10 @@ response code, the access is denied.
360360 [`text/template`](https://golang.org/pkg/text/template/) package and applied to an
361361 [`AuthenticationSession`](https://github.com/ory/oathkeeper/blob/master/pipeline/authn/authenticator.go#L40) object. See
362362 [Session](../pipeline.md#session) for more details.
363+ - ` headers` (map of strings, optional) - The HTTP headers sent to the remote authorizer. The values will be parsed by the Go
364+ [`text/template`](https://golang.org/pkg/text/template/) package and applied to an
365+ [`AuthenticationSession`](https://github.com/ory/oathkeeper/blob/master/pipeline/authn/authenticator.go#L40) object. See
366+ [Session](../pipeline.md#session) for more details.
363367- ` forward_response_headers_to_upstream` (slice of strings, optional) - The HTTP headers that will be allowed from remote
364368 authorizer responses. If returned, headers on this list will be forward to upstream services.
365369- ` retry` (object, optional) - Configures timeout and delay settings for the request against the token endpoint
@@ -379,6 +383,8 @@ authorizers:
379383
380384 config:
381385 remote: http://my-remote-authorizer/authorize
386+ headers:
387+ Y-Api-Key: '{{ .MatchContext.Header.Get "X-Api-Key" }}'
382388 payload: |
383389 {
384390 "subject": "{{ print .Subject }}",
@@ -395,6 +401,8 @@ authorizers:
395401 - handler: remote_json
396402 config:
397403 remote: http://my-remote-authorizer/authorize
404+ headers:
405+ Y-Api-Key: '{{ .MatchContext.Header.Get "X-Api-Key" }}'
398406 payload: |
399407 {
400408 "subject": "{{ print .Subject }}",
@@ -422,6 +430,9 @@ authorizers:
422430 "authorizer": {
423431 "handler": "remote_json",
424432 "config": {
433+ "headers": {
434+ "Y-Api-Key": "{{ .MatchContext.Header.Get \" X-Api-Key\" }}"
435+ },
425436 "remote": "http://my-remote-authorizer/authorize",
426437 "payload": "{\" subject\" : \" {{ print .Subject }}\" , \" resource\" : \" {{ printIndex .MatchContext.RegexpCaptureGroups 0 }}\" }"
427438 },
0 commit comments