gloo
gloo copied to clipboard
solo-io
Support Nested Claims in JWTs claimToHeader setting
Is your feature request related to a problem? Please describe.
Translating JWT claims to request headers only works for simple string claims, like role: foobar. It doesn't work for nested claims like
roles:
tenant1: foobear
tenant2: admin
Describe the solution you'd like There's some ways this could work, maybe by injecting the JSON as header value, like
roles: { "tenant1": "foobear", "tenant2": "admin"}
Describe alternatives you've considered
Setting keepToken: true and having the upstream service deal with parsing the token claims.
Additional context This is similar, but not exactly the same as #2744 (RBAC with nested claims).
note from @yuval-k , after cursory reading of filter code: underlying envoy filter uses a proto struct, the filter itself should already support nested claims. the claimToHeader functionality of the filter does not support nested claims, however
The jwt filter supports the nested claims natively, and claimToHeader has been updated to support parsing nested claims at the top level.
Translating nested JWT claims now will translate the nested claim as follows:
{
test: {
company: "foo",
field2: "bar"
},
tenant2: admin
}
You can do:
claimsToHeaders:
- claim: test
header: x-company
Currently only supports direct claims in the header, not nested claim path parsing i.e.
claimsToHeaders:
- claim: test.company
header: x-company
This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
We have another prospect who is looking for this functionality. Currently, they have a workaround but it's fairly complex to do with the transformation filter that could become error prone.
