Traefik middleware plugin which forwards JWT claims as request headers
The plugin needs to be configured in the Traefik static configuration before it can be used.
The following snippet can be used as an example for the values.yaml
file:
pilot:
enabled: true
token: xxxxx-xxxx-xxxx
experimental:
plugins:
enabled: true
additionalArguments:
- --experimental.plugins.traefik-jwt-headers-plugin.modulename=github.com/lion7/traefik-jwt-headers-plugin
- --experimental.plugins.traefik-jwt-headers-plugin.version=v0.0.3
traefik \
--experimental.pilot.token=xxxx-xxxx-xxx \
--experimental.plugins.traefik-jwt-headers-plugin.moduleName=github.com/lion7/traefik-jwt-headers-plugin \
--experimental.plugins.traefik-jwt-headers-plugin.version=v0.0.3
You can decide to limit the forwarded claims/headers to a given list with the claims
option.
Each claim can be set to:
keep
to keep the valuedrop
to drop the value
The defaultMode
for claims
is drop
.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: my-traefik-jwt-headers-plugin
spec:
plugin:
traefik-jwt-headers-plugin:
defaultMode: drop
claims:
sub: keep
mysecret: drop
user.name: keep
organization.name: keep
[http]
[http.middlewares]
[http.middlewares.my-traefik-jwt-headers-plugin]
[http.middlewares.my-traefik-jwt-headers-plugin.plugin]
[http.middlewares.my-traefik-jwt-headers-plugin.plugin.traefik-jwt-headers-plugin]
defaultMode = "drop"
[http.middlewares.my-traefik-jwt-headers-plugin.plugin.traefik-jwt-headers-plugin.claims]
sub = "keep"
mysecret = "drop"
user.name = "keep"
organization.name = "keep"
http:
middlewares:
my-traefik-jwt-headers-plugin:
plugin:
traefik-jwt-headers-plugin:
defaultMode: drop
claims:
sub: keep
mysecret: drop
user.name: keep
organization.name: keep
This software is released under the Apache 2.0 License