Issue with Custom auth_request Directive: Missing Body in POST Request to verify Endpoint

Question

Issue with Custom auth_request Directive: Missing Body in POST Request to verify Endpoint

Closed this issue a year ago · 1 comments

I am currently working on a feature where it is crucial to analyze the body of incoming requests in auth_request. To achieve this, I have implemented a custom auth_request directive, named api-auth, designed to send a custom authentication request, along with the body, to my /api/verify endpoint.

However, I am encountering an issue where the body from the actual POST request is not being sent as intended. It appears that the /api/verify endpoint is receiving the custom auth request, but without the accompanying body from the original post request.

I am seeking assistance to resolve this issue, ensuring that the body of the incoming request is accurately passed and received by the /api/verify endpoint through the custom auth_request directive.

Any insights or suggestions would be greatly appreciated. Please find sinippets of code below from nginx.conf and js file.

// nginx
     location ~ "/api/version/.*" {
        **auth_request** /api-auth;
       proxy_pass http://**some-gateway-ms**;
    }

      location = /api-auth {
          internal;
          js_content verifyRequest; 
     }

// js  
 function verifyRequest(r){
  var opts = {
      method: 'POST',
      body: r.requestBody, // not passed
      headers: {
          'X-Original-Body': r.requestBody,  // not defined so not passed
          'X-Original-URI': r.variables.requestUri,
      }
  };
  // Request Internal location "SEND REQUEST"
  r.subrequest("/api/verify",
  opts,
  .
  .
  ```

Answer 1 · 2023-10-04T22:31:03.000Z

Hi @darknightdev,

auth_request does not pass the request body, but you can use the internalRedirect location to do the inspection, before doing proxy_pass. See this for more details.

Feel free to reopen the issue if you have additional questions.