help request: how to debug weird user info returned/altered in the OpenID connect plugin?

[ronnybremer]

Description

I am using OpenID Connect to protect most of the resources. All is working fine except one intriguing thing.

Upon authenticating APISIX is queuing the IDPs user info endpoint and I have configured the response rewrite plugin to return that as a header:

      response-rewrite:
        headers:
          X-Userinfo: $http_x_userinfo

Works, a base64 encoded user info arrives at the client. However, something has changed inside. The original response from the user info endpoint was (according to their support):

{"sub": "a UID", "name": "Testuser One", "roles": []}

but after base64 decoding the data from the header on the client I see this:

{"sub": "a UID", "name": "Testuser One", "roles": {}}

Note the empty array roles has changed to an object.

In order to debug this I would need to follow the entire chain of moving parts, starting with the OpenID connect plugin. Is there any way to print out to the log the data received from the user info endpoint?

Environment

• APISIX version (run apisix version): 3.16.0
• Operating system (run uname -a): official docker image
• OpenResty / Nginx version (run openresty -V or nginx -V): 1.27.1.2
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
• APISIX Dashboard version, if relevant:
• Plugin runner version, for issues related to plugin runners:
• LuaRocks version, for installation issues (run luarocks --version):