nginxinc
OIDC: option to pass access token as authorization header to upstream
I would like to configure OIDC in NGINX and pass the access token as authorization header to a backend application At the moment it is only possible to pass jwt claims
Hi @suedschwede thanks for reporting!
Be sure to check out the docs while you wait for a human to take a look at this :slightly_smiling_face:
Cheers!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @suedschwede
we use https://github.com/nginxinc/nginx-openid-connect under the hood. I would suggest opening an issue there.
I have the same issue. This is a blocker for using Nginx Ingress controller.
My case is slightly different. I need to pass the ID token to upstream. This is already supported in nginx-openid-connect.
I tried to add $session_jwt to a header through policies, but are denied as there is a whitelist at pkg/apis/validation/virtualserver.go:1094 (on the v2.2.2 tag).
Username is also hard coded in the template (nginx-plus.virtualserver.tmpl:363).
I´m able to add a workaround if I patch the code, but I would rather not.
In the longer run, I assume we also need to pass access token to upstream. Exposing tokens to upstream is a functionality most other similar software has, and this is a blocker for using Nginx Plus now.
