- Enable transform-request plugin
- Enable authn plugin with
oauth2oroauth2-introspectauthentication method
Configure authn plugin to inject access token claims into authentication context:
...
"requestPlugins": [
{
"name": "authn",
"conf": {
"methods": ["oauth2"],
"entities": ["jwt"]
}
},
...
]
...
and then put sub claim into X-USER-ID request header:
...
"requestPlugins": [
...
{
"name": "transform-request",
"conf": {
"headers": {
"set": {
"X-USER-ID": "$authn.sub"
}
}
}
}
]
...
Full configuration:
{
"rules": [
{
"default": {
"targetHost": "example.com",
"targetPort": 80
},
"endpoints": [
{
"method": "GET",
"pathPattern": "/user",
"requestPlugins": [
{
"name": "authn",
"conf": {
"methods": ["oauth2"],
"entities": ["jwt"]
}
},
{
"name": "transform-request",
"conf": {
"headers": {
"set": {
"X-USER-ID": "$authn.sub"
}
}
}
}
]
}
]
}
]
}NOTE
Instead ofoauth2authentication method you can useoauth2-introspectand read the subject from token introspection response body.