spamokm opened a new issue, #7560: URL: https://github.com/apache/apisix/issues/7560
### Description As a user I wan to be able to use the openid-connect plugin with a jwt token stored in a cookie instead of the authorization header. The actual implementation of the openId-connect plugin allows 3 was of operation. The first one is what I need: "The Plugin can be configured to just validate an access token that is expected to be present in a request header. In such cases, requests without a token or with an invalid token are rejected. This requires the bearer_only attribute to be set to true and either introspection_endpoint or public_key attribute to be configured. This mode of operation can be used for service-to-service communication where the requester can reasonably be expected to obtain and manage a valid token by itself." A part of, my token is not in the authorization section of the header, but in the cookie section. So my feature request is to allow the usage of a token stored in a cookie. The perfect implementation would be to specify a parameter for the cookieName. If this parameter is provided the check will use the data of the cookie example: parameter is bearer_cookie_only: string (the name of the cookie), if set the token will be fetched from the cookie and handed over either to the introspection endpoint or will be validated against the public key.(based on configuration) By the way The JWT-Auth plugin provides a similar functionality, as the token can be provided as authHeader, QueryParameter, or Cookie see help request: https://github.com/apache/apisix/issues/7551 Thank you Oliver -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
