Extracting user information when OIDC plugin is used
You can extract the user attributes from JWTs when OpenID Connect (OIDC) plugin is installed in Kong gateway. To do this, capture the header value assigned to upstream_introspection_header
parameter in the OIDC plugin configuration. Assign this value to thelocation
key in thejwt
object of the API JSON file. ASE will extract the user information from the JWT.
If upstream_introspection_header
is not configured in the OIDC plugin, then complete the following configuration and assign x_introspection
to thelocation
key in thejwt
object of the API JSON file.
http patch :8001/plugins/$PLUGIN_ID config:=@patch.json cat patch.json { "upstream_introspection_header": "x_introspection" }
The following is a snippet of JWT object from a sample API JSON file.
"jwt": { "location": "h:x_introspection", "username": "username", "clientid": "client_id" }
For more information on configuring the API JSON file, see Defining an API using API JSON configuration file in sideband mode.