dgradecak commented on issue #8353:
URL: https://github.com/apache/apisix/issues/8353#issuecomment-1320510732

   I made it work for me but, I have a big doubt it is the right way. I created 
a new plugin that is executed after oidc and it extracts the userinfo header 
and uses the preffered_name claim
   
   ```
   plugins:
        openid-connect:
            ...
        rewrite-openid-connect-userinfo:
               remote_user_header: "X-My-Remote-User"
   ```
   
   ```
   local core    = require("apisix.core")
   local ngx     = ngx
   
   local plugin_name = "rewrite-openid-connect-userinfo"
   
   local schema = {
       type = "object",
       properties = {        
           remote_user_header = {
               description = "external auth header",
               type = "string",
               default = "X-Remote-User",
           },
                oidc_userinfo_header = {
               description = "external auth header",
               type = "string",
               default = "X-Userinfo",
           },
                userinfo_claim = {
               description = "oidc username to be mapped to remote_user_header",
               type = "string",
               default = "preferred_username",
           }
       }
   }
   
   local _M = {
       version = 0.1,
       priority = 1000,
       name = plugin_name,
       schema = schema,
   }
   
   function _M.check_schema(conf)    
   
       local ok, err = core.schema.check(schema, conf)
       if not ok then
           return false, err
       end
   
       return true
   end
   
   function _M.rewrite(plugin_conf, ctx)
       local conf = core.table.clone(plugin_conf)
        local user = 
core.json.decode(ngx.decode_base64(core.request.header(ctx, 
conf.oidc_userinfo_header)))[conf.userinfo_claim]
        core.request.set_header(ctx, conf.remote_user_header, user)      
   end
   
   return _M
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to