bearer_jwt_auth_enable: Access token not passed upstream

Hi there! Thanks for maintaining this plugin, it helps a lot!

When the option bearer_jwt_auth_enable is used the verified access token is not passed upstream. Is this by design?

Our use case is using a token with multiple API gateways potentially being chained where the token typically is passed as Authorization header. When using the bearer_jwt_auth_enable option the token does not reach the upstream server.

See

kong-oidc/kong/plugins/oidc/handler.lua

Lines 36 to 43 in d0d7a2b

    
           if response then 
        
             utils.setCredentials(response) 
        
             utils.injectGroups(response, oidcConfig.groups_claim) 
        
             utils.injectHeaders(oidcConfig.header_names, oidcConfig.header_claims, { response }) 
        
             if not oidcConfig.disable_userinfo_header then 
        
               utils.injectUser(response, oidcConfig.userinfo_header_name) 
        
             end 
        
             return

And the other location when the oidc cycle is being done where the access token is set

kong-oidc/kong/plugins/oidc/handler.lua

Line 78 in d0d7a2b

    
           utils.injectAccessToken(response.access_token, oidcConfig.access_token_header_name, oidcConfig.access_token_as_bearer)

Thanks!

Well actually it is.. seems to be an issue with the application logic. Sorry for bothering 😅

	if response then
	utils.setCredentials(response)
	utils.injectGroups(response, oidcConfig.groups_claim)
	utils.injectHeaders(oidcConfig.header_names, oidcConfig.header_claims, { response })
	if not oidcConfig.disable_userinfo_header then
	utils.injectUser(response, oidcConfig.userinfo_header_name)
	end
	return