The context : kubernet isio gateway (HTTPS/JWT) nodejs service.

Service call : USER_TOKEN=$(< user.jwt); curl -H "Host: service.server.io" -H "Authorization: Bearer $USER_TOKEN" https://service.server.io:443/feature --cacert service-server.crt --resolve service.server.io:443:10.109.30.39

Everything works well, but I would like to retrieve my user ID stored in the JWT payload { user_uid: xxxxx, group: xxx }.

Ideally, I would like the "user_id" to be injected into the request header so that I can retrieve it from the node.

Header:

"host":"service.server.io"

"user-agent":"curl/7.68.0","accept":"/"

"x-forwarded-for":"172.17.0.1"

"x-forwarded-proto":"https"

"x-request-id":"6783b5c0-6d20-4702-98d7-b04732de90cc"

"x-envoy-attempt-count":"1"

"x-envoy-internal":"true"

"x-forwarded-client-cert":"By=spiffe://cluster.local/ns/server/sa/service;Hash=118639f45b8873d8a38fb947736dbcfb974d12ae54ad46a8ba391ef9130f289e;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account"

"x-b3-traceid":"8119e0fa2fc19699f301e1c7035e099d"

"x-b3-spanid":"2910ce2ce185e82b"

"x-b3-parentspanid":"f301e1c7035e099d"

"x-b3-sampled":"0"

Thank you for your help,

WCDR

CodePudding user response：

Thanks Istio doc ^_^

outputPayloadToHeader string This field specifies the header name to output a successfully verified JWT payload to the backend. The forwarded data is base64_encoded(jwt_payload_in_JSON). If it is not specified, the payload will not be emitted.

Edit yaml file: kind: "RequestAuthentication"

Under jws at the same level add: outputPayloadToHeader: x-jwt

Apply changes...

Now a new header input is available "x-jwt" it is a base64 input that contains the payload.