How to Rewrite HTTP_AUTHORIZATION header with claims from token?

Question

How to Rewrite HTTP_AUTHORIZATION header with claims from token?

d1ken opened this issue 4 years ago · 1 comments

Hi.

I have legacy app (not editable) served by apache, this app require Basic authorization header.
I am developing service for integration with this app, service uses OAuth2 authorization.
I can put in token claims like app_user and app_password or just app_basic_auth_header claim (not sure apache can calculate base64).
How can I rewrite HTTP_AUTHORIZATION header with value from claim?

Found on stackoverflow this:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

So does this will work?
AuthType oauth2
OAuth2TokenVerify jwks_uri https://pingfed:9031/ext/one jwks_uri.ssl_verify=false
OAuth2TargetPass headers=on
RewriteEngine On
RewriteCond %{HTTP:OAUTH2_CLAIM_app_basic_auth_header} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

Answer 1 · 2021-01-29T10:40:06.000Z

you can use mod_headers and add a RequestHeader directive with a value pulled from the environment variables OAUTH2_CLAIM_* that have been populated with claims