how do i pass the identity id to the upstream serv...
# ory-copilot
g
how do i pass the identity id to the upstream service with cookie_session via headers @chilly-king-10285
c
A message from kapa.ai
To pass the identity id to the upstream service with
cookie_session
via headers, you can use the
forward_http_headers
configuration option in your access rule. This option allows you to specify which headers will be forwarded to the upstream service. Here is an example of how you can set it up in your access rule:
Copy code
yaml # Some Access Rule: access-rule-1.yaml   id: access-rule-1   # match: ...   # upstream: ...   authenticators:    - handler: cookie_session    config:    check_session_url: <https://session-store-host>    only:    - sessionid    forward_http_headers:    - Connect    - Authorization    - Cookie    - X-Forwarded-For
In this example, the
Connect
,
Authorization
,
Cookie
, and
X-Forwarded-For
headers will be forwarded to the upstream service. If you want to forward the identity id, you would need to include it in the list of
forward_http_headers
. Please note that the actual header name containing the identity id might vary depending on your setup. You would need to ensure that the identity id is included in the request headers and that you have correctly specified the header name in the
forward_http_headers
configuration. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn#cookie_session-configuration).
g
how do i get the identity id from the cookie @chilly-king-10285
c
A message from kapa.ai
To get the identity id from the cookie, you would typically make a request to the
<http://127.0.0.1/sessions/whoami>
endpoint with the cookie included in the request. The response from this endpoint will include the session information, which contains the identity id. Here is an example of how you can do this using `curl`:
Copy code
bash curl -s -H "Cookie: ory_kratos_session=<your-session-cookie>" \ <https://playground.projects.oryapis.com/sessions/whoami> | jq
In the response, you will get a JSON object that includes the
identity
field. The
id
field under
identity
is the identity id.
Copy code
json {   "id": "ede90ce6-2420-435a-a745-3d8ab1a9636c",   "active": true,   "expires_at": "2020-09-04T21:32:47.5642404Z",   "authenticated_at": "2020-09-03T21:32:47.5881038Z",   "issued_at": "2020-09-03T21:32:47.5642688Z",   "identity": {     "id": "d96e86d9-bc33-4aa5-b865-4ade8a3974b3",     ...   } }
Please replace
<your-session-cookie>
with your actual session cookie. For more information, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-login#server-side-browser-clients).
g
no, in the mutators @chilly-king-10285
c
A message from kapa.ai
In Ory Oathkeeper, you can use the
header
mutator to add custom headers to the HTTP request before forwarding it to the upstream server. The
header
mutator allows you to add any data available in the session context to the HTTP headers. Here is an example of how you can use the
header
mutator to add the identity id to the HTTP headers:
Copy code
json {   "id": "some-id",   "upstream": {     "url": "<http://my-backend-service>"   },   "match": {     "url": "<http://my-app/api/<.*>>",     "methods": ["GET"]   },   "authenticators": [     {       "handler": "cookie_session"     }   ],   "authorizer": {     "handler": "allow"   },   "mutators": [     {       "handler": "header",       "config": {         "headers": {           "X-User": "{{ print .Subject }}",           "X-Some-Arbitrary-Data": "{{ print .Extra.some.arbitrary.data }}"         }       }     }   ] }
In this example, the
X-User
header will contain the identity id (
.Subject
), and the
X-Some-Arbitrary-Data
header will contain some arbitrary data from the session context. Please note that the actual session context structure might vary depending on your setup. You would need to ensure that the identity id is included in the session context and that you have correctly specified the template in the
headers
configuration. For more information, you can refer to the [Ory Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/mutator#header-access-rule-example).