dgradecak commented on issue #8353:
URL: https://github.com/apache/apisix/issues/8353#issuecomment-1320510732
I made it work for me but, I have a big doubt it is the right way. I created
a new plugin that is executed after oidc and it extracts the userinfo header
and uses the preffered_name claim
```
plugins:
openid-connect:
...
rewrite-openid-connect-userinfo:
remote_user_header: "X-My-Remote-User"
```
```
local core = require("apisix.core")
local ngx = ngx
local plugin_name = "rewrite-openid-connect-userinfo"
local schema = {
type = "object",
properties = {
remote_user_header = {
description = "external auth header",
type = "string",
default = "X-Remote-User",
},
oidc_userinfo_header = {
description = "external auth header",
type = "string",
default = "X-Userinfo",
},
userinfo_claim = {
description = "oidc username to be mapped to remote_user_header",
type = "string",
default = "preferred_username",
}
}
}
local _M = {
version = 0.1,
priority = 1000,
name = plugin_name,
schema = schema,
}
function _M.check_schema(conf)
local ok, err = core.schema.check(schema, conf)
if not ok then
return false, err
end
return true
end
function _M.rewrite(plugin_conf, ctx)
local conf = core.table.clone(plugin_conf)
local user =
core.json.decode(ngx.decode_base64(core.request.header(ctx,
conf.oidc_userinfo_header)))[conf.userinfo_claim]
core.request.set_header(ctx, conf.remote_user_header, user)
end
return _M
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
