Feat/custom oauth2 header #2928
Conversation
|
Currently Kong uses the "Authorization" header to check for oauth2 tokens, the changes in this request enables kong to verify tokens in the custom headers configured when enabling the Oauth2 plugin on an api. eg: If the config.auth_header_name is not set then the default header checked is "Authorization" |
| @@ -31,6 +31,7 @@ return { | |||
| accept_http_if_already_terminated = { required = false, type = "boolean", default = false }, | |||
| anonymous = {type = "string", default = "", func = check_user}, | |||
| global_credentials = {type = "boolean", default = false}, | |||
| auth_header_name = {required = false, type = "string", default = "authorization"}, | |||
There was a problem hiding this comment.
this will require a migration. Existing records in the datastore will not have this field, nor the default. (The default is not applied when loading from the datastore, but only when adding the plugin config)
This also means that this PR cannot go into master but has to go into next (migrations go in the next major release, which is the next branch)
As an example, look at the migrations in this PR: #2883
(you need to rebase on next to get those files)
kong/plugins/oauth2/access.lua
Outdated
| @@ -218,9 +218,9 @@ local function authorize(conf) | |||
| }) | |||
| end | |||
|
|
|||
| local function retrieve_client_credentials(parameters) | |||
| local function retrieve_client_credentials(parameters,conf) | |||
There was a problem hiding this comment.
nit pick: add a space after the comma
kong/plugins/oauth2/access.lua
Outdated
| @@ -271,7 +271,7 @@ local function issue_token(conf) | |||
| response_params = {[ERROR] = "unsupported_grant_type", error_description = "Invalid " .. GRANT_TYPE} | |||
| end | |||
|
|
|||
| local client_id, client_secret, from_authorization_header = retrieve_client_credentials(parameters) | |||
| local client_id, client_secret, from_authorization_header = retrieve_client_credentials(parameters,conf) | |||
There was a problem hiding this comment.
nit pick: add a space after the comma
| auth_header_name = "custom_header_name", | ||
| }, | ||
| }) | ||
| local api11 = assert(helpers.dao.apis:insert { |
There was a problem hiding this comment.
api11 is added twice. Please rename to api12.
…ong with migration scripts
supraja93
force-pushed
the
feat/custom-oauth2-header
branch
from
1a0184d
to
fbcf205
Compare
|
@Tieske incorporated the suggested changes, please let me know your thoughts on them |
| } | ||
| }, | ||
| { | ||
| name = "2017-10-19-set_auth_header_name_default", |
There was a problem hiding this comment.
This needs to lexically sort, so please add the time in hhmmss format to the key (see examples above)
There was a problem hiding this comment.
nvm, just saw the older ones did this neither.
Tieske
added
pr/status/please review
pr/ready
to go along with PR Kong/kong#2928
Adds to the `oauth2` plugin a new parameter `auth_header_name` to define the header name to use. By default its value is `"authorization"`. From #2928 Signed-off-by: Hisham Muhammad <hisham@gobolinux.org>
|
Merged manually, adjusting the commit message. Thank you @supraja93! |
|
👍 |
Adds to the `oauth2` plugin a new parameter `auth_header_name` to define the header name to use. By default its value is `"authorization"`. From #2928 Signed-off-by: Hisham Muhammad <hisham@gobolinux.org>
Adds to the `oauth2` plugin a new parameter `auth_header_name` to define the header name to use. By default its value is `"authorization"`. From #2928 Signed-off-by: Hisham Muhammad <hisham@gobolinux.org>
Summary
Extended the oauth2 plugin to have a new parameter "auth_header_name" which by default is "authorization" but can be overwritten to any custom header name when enabling oauth2 for an api
Full changelog
Test cases