abutaha
Log JWT token in headers returned from AWS Cognito
Hello,
I've been using this signing proxy in our workflow successfully, which looks something like this: AWS ALB --> SAML authentication via AWS Cognito --> aws-es-proxy --> AWS ElasticSearch / Kibana
I wish to log exactly who has made the request.
Therefore, I've turned on verbose logging, but want to access the headers of the request, especially X-Amzn-Oidc-Data [1], as this is a JWT token that includes information from the person that issued the request, i.e. name, email, etc. in the JWT payload.
From [1],
The JWT payload is a JSON object that contains the user claims received from the IdP user info endpoint.
{
"sub": "1234567890",
"name": "name",
"email": "[email protected]",
...
}
Is this possible to do in this proxy, given you already read the headers here? https://github.com/abutaha/aws-es-proxy/blob/master/aws-es-proxy.go#L284
[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#user-claims-encoding
Thanks :)
I've merged a PR in our fork which enables this, but it's a custom solution for our problem and set up (ALB with Cognito integration). It works well.
Any ideas on how I can make the PR generic so it can be merged in this repo?
https://github.com/abutaha/aws-es-proxy/compare/master...OakNorthAI:master