In auth plugins, support passing information about consumer to backing service #228
Assignees
Labels
idea/new plugin
[legacy] those issues belong to Kong Nation, since GitHub issues are reserved for bug reports.
Milestone
Comments
|
+1 |
|
+1 - This will save us significant overhead on making additional calls from our API service to translate the consumer id back into the custom id. |
|
Closed with 450f555. It will be available from the next version. The new headers are |
subnetmarco
added
the
idea/new plugin
|
Great! Thanks, @thefosk! |
|
Awesome thanks @thefosk |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, when using the
basicauthandkeyauthplugins, aX-Consumer-IDheader is added to the request, allowing the backing service to know who authenticated to Kong. However, unless the service has been told about the consumers through some other channel, it won't know who that consumer is.One option would be for the service to call back to Kong and do a lookup via the Admin API's
GET /consumers/{id}endpoint. However, the Admin API (at least in its current state) has no security, and isn't really something that you'd want various services calling back to.A simpler solution would seem to be to add headers to the request to pass along the consumer's
username/custom_id(perhapsX-Consumer-UsernameandX-Consumer-CustomID?) This would allow the backing service to base further authorization decisions on this information without calling back to Kong. If desired, this could be an optional feature turned on via the plugin configuration.The text was updated successfully, but these errors were encountered: