-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X-Endpoint-API-UserInfo
does not include claims
#544
Comments
From the pages you linked to, there is a little bit of text at the bottom:
The format ESPv2 uses is documented here: https://cloud.google.com/endpoints/docs/grpc/migrate-to-esp-v2#handle-jwt |
The text you quoted above
Is for ESP (https://github.com/cloudendpoints/esp). The new structure with ESPv2 is what you care about :) |
Just to be precious on that doc.
We pass through what it is. |
@nareddyt yes, I included both references but, you're correct, I'm only using ESPv2 and can only comment on it. I included the other reference because the @TAOXUY I didn't see that comment... that is indeed what I'm observing. So, why the preamble "The JSON object has the form: ...". It doesn't. It's simply "the Base64Url encoded payload of the original JWT, without modification". Isn't that what the document should (only) say? i.e. Handle JWTs in the backend serviceWhen using JWTs to perform authentication, both proxies send the authentication result in the In ESP, the If available in the JWT, ESP adds the values of the In ESPv2, the If your backend service expects the See Using a custom method to authenticate users and Authentication between services for more on using JWTs with authentication. |
I see. The context is distractive and confusing. I will update the doc. |
This isn't an issue for me but is an inconsistency.
Google's documentation here and here specifies that the metadata key
X-Endpoint-API-Userinfo
key added by ESP includesclaims
:"If available in the JWT, ESP adds the values of the id, issuer, email, and audiences properties to the encoded JSON object. It also adds the claims property that includes the original payload of the JWT. The JSON object has the form: (see below)"
ESPv2 does not appear to include
claims
and it does not reflect the documented structure which maps e.g.sub
-->id
,iss
-->issuer
.I receive the following (pretty-printed) which is an accurately (!) decoded version of the Firebase JWT plus e.g.
firebase
provided by the service config:In summary:
claims
The text was updated successfully, but these errors were encountered: