Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello

Can we forward extra headers to the `oauth2_introspection` authenticator
from downstream request to Introspection Server?


ServiceA -&gt;API call-&gt; ServiceB
API call is intercepted by EnvoyFilter and forwards request to Oathkeeper’s decision engine
Now oathkeeper checks with `oauth2_introspection`  authenticator which in-turn makes call to an AuthService

Now the auth-service validates token responds back with some extra data, which in the `mutators` level get’s added, as `X-User-token` header and forwarded to ServiceB

But we have an internal ServiceC(trusted service), it already sends the `X-User-token` but we need it to reach the AuthService along with the Token

So how can we forward extra data to the Oauth2_introspection server ?

The workaround I’ve thought of is to pass the extra-data in query-param, which reaches the upstream service ServiceB

But this needs to change the logic on ServiceB
I don’t like this personally