Get JWT from other HTTP headers
DerZade opened this issue · 1 comments
DerZade commented
As far as I can see from the code, you can only load the JWT from either the Authorization
header or from a cookie. Would be nice if you could also configure this module to load it from another header like the Proxy-Authorization
header for example.
JoshMcCullough commented
Yes, I completely agree. We'd need to support the header value being just the JWT or bearer <JWT>
, and allow you to specify the header name in the directive, e.g. auth_jwt_validation_type HEADER=my-header
.