Auth subrequest header
chMatvey opened this issue · 5 comments
I tried to configure auth sub request like this documentation
Client send request with authorization header to protected resource via nginx.
But when nginx send subrequest to check access, authorization header in subrequest is missed.
i tried to use this parameters in auth location:
proxy_set_header authorization $http_authorization;
But it didn't get result.
location / {
set $main_auth $http_authorization;
auth_request /auth;
proxy_pass ...
}
location /auth {
proxy_set_header authorization $main_auth;
proxy_pass ...
}
Get 401 error - token is missed
-
you do not have to pass auth header manually.
-
let's look into nginx debug log to see the header is passed
curl http://localhost:8000/aaa -v -H Authorization:ZZZ
* Trying 127.0.0.1:8000...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET /aaa HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.68.0
> Accept: */*
> Authorization:ZZZ
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.21.7
< Date: Tue, 17 May 2022 22:05:25 GMT
< Content-Type: text/plain
< Content-Length: 7
< Connection: keep-alive
<
* Connection #0 to host localhost left intact
BACKEND
@xeioex Sent you full config
https://github.com/SoftwareCountry/Perseus/blob/nginx-auth/nginx/default.conf
@xeioex
Thank you for answers.
I resolved this issue.
Problem was with CORS request. OPTIONS request didn't contain Authorization header. And auth service returned error.
Solution:
location /user/api/is_token_valid_internal {
if ($request_method = 'OPTIONS') {
return 200;
}
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_pass http://user;
}