Add unencrypted, base64-decoded claims from a JWT payload as request headers to the upstream service.
luarocks install https://github.com/wego/kong-jwt-claim-headers/releases/download/v1.0.0/kong-jwt-claim-headers-1.0-1.src.rockWhen enabled, this plugin will add new headers to requests based on the claims
in the JWT provided in the request. The mappings from claim keys to request headers are defined in claim_headers.lua.
For example, if the JWT payload object is
{
"uid" : "123456",
"sub" : "[email protected]",
"aud" : "affiliate",
"aid" : "323232",
"pid" : "987654"
}and the mappings in claim_headers.lua are
return {
["uid"] = "X-Consumer-Token-User-Id",
["sub"] = "X-Consumer-Token-User-Email",
["aud"] = "X-Consumer-Token-Scopes"
}then the following headers would be added.
X-Consumer-Token-User-Id : "123456"
X-Consumer-Token-User-Email : "[email protected]"
X-Consumer-Token-Scopes : "affiliate"
Similar to the built-in JWT Kong plugin, you can associate the jwt-claim-headers plugin with an API with the following request:
curl -X POST http://localhost:8001/apis/29414666-6b91-430a-9ff0-50d691b03a45/plugins \
--data "name=jwt-claim-headers" \
--data "config.uri_param_names=jwt"| form parameter | required | description |
|---|---|---|
name |
required | The name of the plugin to use, in this case: jwt-claim-headers |
uri_param_names |
optional | A list of querystring parameters that Kong will inspect to retrieve JWTs. Defaults to jwt. |
Create the Lua rock in current directory:
luarocks pack kong-plugin-jwt-claim-headers-1.0-1.rockspecRelease the Lua rock via GitHub.
Inspired by kong-plugin-jwt-claims-headers, thanks wshirey!