jenskeiner opened a new pull request #2903: URL: https://github.com/apache/apisix/pull/2903
### What this PR does / why we need it: See #2880. The current implementation may lead to very large headers, thus bloating the request size to downstream substantially. This can be an issue by itself but is also not desired if the different tokens (access, ID, user info) largely contain the same information. Also, instead of using the `X-Access-Token` header it may be more appropriate to use the `Authorization` header for the access token, so that downstream plugins or services can extract it correctly; see e.g. `authz-keycloak` plugin. Finally, the plugin was so far only expecting an incoming access token in the `Authorization` header, but not the `X-Access-Token` header, which seemed somewhat inconsistent. I've added options that can be configured for the `openid-connect` plugin that allow to control which headers get added and which header specifically shall be used for the access token. The defaults reproduce the current behavior. The plugin will also look in the `X-Access-Token` header, in addition to the `Authorization` header, for an access token in an incoming request. ### Pre-submission checklist: * [x] Did you explain what problem does this PR solve? Or what new features have been added? * [ ] Have you added corresponding test cases? Haven't added any new cases for now. The headers set by the plugin were not tested, as far as I can tell. It may be a good idea to think about some new tests around here. That would likely require a bit of legwork to set up a dummy OIDC Identity Provider with all needed endpoints to go through all possible code paths though. * [ ] Have you modified the corresponding document? I understand that the plugin documentation should be updated, but I want to get some feedback on the code changes first. Happy to adjust the documentation if the code changes get signed off. * [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first** ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
