gray-library-49237
06/18/2024, 4:50 AMchilly-king-10285
06/18/2024, 4:50 AMchilly-king-10285
06/18/2024, 4:50 AMcookie_session
via headers, you can use the forward_http_headers
configuration option in your access rule. This option allows you to specify which headers will be forwarded to the upstream service. Here is an example of how you can set it up in your access rule: yaml # Some Access Rule: access-rule-1.yaml id: access-rule-1 # match: ... # upstream: ... authenticators: - handler: cookie_session config: check_session_url: <https://session-store-host> only: - sessionid forward_http_headers: - Connect - Authorization - Cookie - X-Forwarded-For
In this example, the Connect
, Authorization
, Cookie
, and X-Forwarded-For
headers will be forwarded to the upstream service. If you want to forward the identity id, you would need to include it in the list of forward_http_headers
. Please note that the actual header name containing the identity id might vary depending on your setup. You would need to ensure that the identity id is included in the request headers and that you have correctly specified the header name in the forward_http_headers
configuration. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session-configuration).gray-library-49237
06/18/2024, 4:54 AMchilly-king-10285
06/18/2024, 4:54 AMchilly-king-10285
06/18/2024, 4:54 AM<http://127.0.0.1/sessions/whoami>
endpoint with the cookie included in the request. The response from this endpoint will include the session information, which contains the identity id. Here is an example of how you can do this using `curl`: bash curl -s -H "Cookie: ory_kratos_session=<your-session-cookie>" \ <https://playground.projects.oryapis.com/sessions/whoami> | jq
In the response, you will get a JSON object that includes the identity
field. The id
field under identity
is the identity id. json { "id": "ede90ce6-2420-435a-a745-3d8ab1a9636c", "active": true, "expires_at": "2020-09-04T21:32:47.5642404Z", "authenticated_at": "2020-09-03T21:32:47.5881038Z", "issued_at": "2020-09-03T21:32:47.5642688Z", "identity": { "id": "d96e86d9-bc33-4aa5-b865-4ade8a3974b3", ... } }
Please replace <your-session-cookie>
with your actual session cookie. For more information, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-login#server-side-browser-clients).gray-library-49237
06/18/2024, 4:54 AMchilly-king-10285
06/18/2024, 4:54 AMchilly-king-10285
06/18/2024, 4:55 AMheader
mutator to add custom headers to the HTTP request before forwarding it to the upstream server. The header
mutator allows you to add any data available in the session context to the HTTP headers. Here is an example of how you can use the header
mutator to add the identity id to the HTTP headers: json { "id": "some-id", "upstream": { "url": "<http://my-backend-service>" }, "match": { "url": "<http://my-app/api/<.*>>", "methods": ["GET"] }, "authenticators": [ { "handler": "cookie_session" } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "header", "config": { "headers": { "X-User": "{{ print .Subject }}", "X-Some-Arbitrary-Data": "{{ print .Extra.some.arbitrary.data }}" } } } ] }
In this example, the X-User
header will contain the identity id (.Subject
), and the X-Some-Arbitrary-Data
header will contain some arbitrary data from the session context. Please note that the actual session context structure might vary depending on your setup. You would need to ensure that the identity id is included in the session context and that you have correctly specified the template in the headers
configuration. For more information, you can refer to the [Ory Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#header-access-rule-example).