Add AccessToken in response headers #30
Comments
|
Hmm, to be honest, if you're going to the extent of working against the Google APIs then at that point, I think that this use case may actually be best served by created a forward authentication endpoint in your own application? I'll leave this open for a while to see if there's any further support/justification but my current thinking is that this wouldn't be something we should support. |
|
To one of our application it would be a requirement to pass the access token down to the service, oauth2_proxy is capable of both providing the access token and refreshing the token. Unfortunately oauth2_proxy it is not integrating so elegantly with Traefik, traefik-forward-auth would be a much nicer solution if those two would be addressed. |
|
Okie dokie, this shouldn't cause any issues so I'm game for working on this, I'll target 2.1 |
|
I think this may be a similar request, but sorry if it's not. But how hard would it be to only authenticate certain paths based on different scopes? Or add the users scope(s) to a header or something along those lines? |
|
Note: if this option is enabled, the access token would need to be encrypted prior to storage in the cookie |
|
I haven't found a elegant way to ensure backwards compatibility on this yet, so I'm going to push into 2.3 |
|
Notes added in #100 - hoping to merge that |
I need to do a collateral call to google APIs from my backend to get additional information about the user (full name, profile picture, team, ...). For that, I need to have the access token. Unfortunately, now I only have access to the user's email.
A solution could be to return the access token in the header key
X-Forwarded-AccessTokenbut I think we will have to manage when the access token expires and refresh it with the refresh_token provided by Google. I am not sure the current implementation allows us to easily do that.What do you think about this?
The text was updated successfully, but these errors were encountered: