Issue with Custom auth_request Directive: Missing Body in POST Request to verify Endpoint
Closed this issue · 1 comments
I am currently working on a feature where it is crucial to analyze the body of incoming requests in auth_request. To achieve this, I have implemented a custom auth_request directive, named api-auth, designed to send a custom authentication request, along with the body, to my /api/verify endpoint.
However, I am encountering an issue where the body from the actual POST request is not being sent as intended. It appears that the /api/verify endpoint is receiving the custom auth request, but without the accompanying body from the original post request.
I am seeking assistance to resolve this issue, ensuring that the body of the incoming request is accurately passed and received by the /api/verify endpoint through the custom auth_request directive.
Any insights or suggestions would be greatly appreciated. Please find sinippets of code below from nginx.conf and js file.
// nginx
location ~ "/api/version/.*" {
**auth_request** /api-auth;
proxy_pass http://**some-gateway-ms**;
}
location = /api-auth {
internal;
js_content verifyRequest;
}
// js
function verifyRequest(r){
var opts = {
method: 'POST',
body: r.requestBody, // not passed
headers: {
'X-Original-Body': r.requestBody, // not defined so not passed
'X-Original-URI': r.variables.requestUri,
}
};
// Request Internal location "SEND REQUEST"
r.subrequest("/api/verify",
opts,
.
.
```
Hi @darknightdev,
auth_request
does not pass the request body, but you can use the internalRedirect location to do the inspection, before doing proxy_pass
. See this for more details.
Feel free to reopen the issue if you have additional questions.