kong-jwt2header icon indicating copy to clipboard operation
kong-jwt2header copied to clipboard

Published 20 hours ago verified publisher icon yesinteractive

Not all claims get converted

Open ozonni opened this issue 4 years ago • 4 comments

I only get those headers set but jwt token has more, e.g. client_id or our custom claim account_code

I think it has something to do with _ symbol

X-Kong-JWT-Claim-iss: https://identity.domain.com
X-Kong-JWT-Claim-idp: local
X-Kong-JWT-Claim-sub: xxx
X-Kong-JWT-Claim-sid: xxx
X-Kong-JWT-Claim-name: [email protected]

ozonni avatar Jan 22 '21 10:01 ozonni

Will take a look to see if that is the issue. Thanks for submitting the issue!

nikirago avatar Jan 22 '21 19:01 nikirago

I might be completely wrong, but it seems as if only claims with string values are extracted. If you cast the claim to a string before storing it in the token, it should work. Good luck!

user-e-6 avatar Feb 04 '21 03:02 user-e-6

I am facing the same issue and I think @aleks-j is correct, claims with boolean, number or array/objects are not converted and are missing.

jonathandeclan avatar Oct 20 '21 08:10 jonathandeclan

I think the bug is in the headers only accept strings and the source code only allows string values.

    for claim, value in pairs(claims) do
      if type(claim) == "string" and type(value) == "string" then
        kong.service.request.set_header("X-Kong-JWT-Claim-" .. claim, value)
      end
    end

Maybe instead of validating if the claim is a string, is better to transform the clam value to string

    for claim, value in pairs(claims) do
      kong.service.request.set_header("X-Kong-JWT-Claim-" .. tostring(claim), tostring(value))
    end

MiguelSavignano avatar Mar 17 '22 02:03 MiguelSavignano