Keep token_header in the proxied request (#4)

medwing · Mar 11, 2021 · cb51511 · cb51511
1 parent 548d225
commit cb51511
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -9,19 +9,22 @@ Plugin is protecting Kong API service/route with introspection of Oauth2.0 JWT a
 
 ## Configuration
 
-| Form Parameter | default | description |
-| --- 						| --- | --- |
-| `config.introspection_endpoint`   | | **Required**. External introspection endpoint compatible with RFC7662 |
-| `config.client_id`                | | **Required**. Client ID |
-| `config.client_secret`            | | **Required**. Client secret |
-| `config.token_header`             | Authorization | Name of api-request header containing access token |
-| `config.token_query`              | token | Name of query parameter containing access token, only if `token_header` value was missing |
-| `config.require_success`          | true | Require a successful introspection before proxying the request, if false `token_header` existance will not be required |
-| `config.token_cache_time`         | 0 | Cache TTL for every token introspection result(0 - no cache) |
-| `config.introspection_map`        | | External introspection response `body` and `headers` mapped to request headers, also `static` for fixed strings |
+| Form Parameter                  | default       | description                                                                                                            |
+| ------------------------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------- |
+| `config.introspection_endpoint` |               | **Required**. External introspection endpoint compatible with RFC7662                                                  |
+| `config.client_id`              |               | **Required**. Client ID                                                                                                |
+| `config.client_secret`          |               | **Required**. Client secret                                                                                            |
+| `config.token_header`           | Authorization | Name of api-request header containing access token                                                                     |
+| `config.keep_token_header`      | false         | Keep the token_header in the proxied request                                                                           |
+| `config.token_query`            | token         | Name of query parameter containing access token, only if `token_header` value was missing                              |
+| `config.require_success`        | true          | Require a successful introspection before proxying the request, if false `token_header` existance will not be required |
+| `config.token_cache_time`       | 0             | Cache TTL for every token introspection result(0 - no cache)                                                           |
+| `config.introspection_map`      |               | External introspection response `body` and `headers` mapped to request headers, also `static` for fixed strings        |
 
 ## How to install
 
 **1.1.0** `luarocks install https://raw.githubusercontent.com/medwing/kong-token-introspection/v1.1.0/access-token-introspection-1.1.0-0.rockspec`
 
 **1.1.1** `luarocks install https://raw.githubusercontent.com/medwing/kong-token-introspection/v1.1.1/access-token-introspection-1.1.1-0.rockspec`
+
+**1.2.0** `luarocks install https://raw.githubusercontent.com/medwing/kong-token-introspection/v1.2.0/access-token-introspection-1.2.0-0.rockspec`
diff --git a/access-token-introspection-1.1.1-0.rockspec → access-token-introspection-1.2.0-0.rockspec b/access-token-introspection-1.1.1-0.rockspec → access-token-introspection-1.2.0-0.rockspec
@@ -1,9 +1,9 @@
 package = "access-token-introspection"
-version = "1.1.1-0"
+version = "1.2.0-0"
 
 source = {
   url = "git://github.com/medwing/kong-token-introspection",
-  tag = "v1.1.1"
+  tag = "v1.2.0"
 }
 
 description = {

diff --git a/kong/plugins/access-token-introspection/access.lua b/kong/plugins/access-token-introspection/access.lua
@@ -97,7 +97,9 @@ function _M.run(conf)
     end
 
     -- clear token header from req
-    ngx.req.clear_header(_M.conf.token_header)
+    if not _M.conf.keep_token_header then
+        ngx.req.clear_header(_M.conf.token_header)
+    end
 end
 
 return _M
diff --git a/kong/plugins/access-token-introspection/schema.lua b/kong/plugins/access-token-introspection/schema.lua
@@ -54,6 +54,13 @@ return {
                             default = "Authorization"
                         }
                     },
+                    {
+                        keep_token_header = {
+                            type = "boolean",
+                            required = false,
+                            default = false
+                        }
+                    },
                     {
                         token_query = {
                             type = "string",