Extracting user information when an OIDC plugin is installed

Extract user attributes from JavaScript Object Notation (JSON) web tokens (JWT) when an OpenID Connect (OIDC) plugin is installed in the Kong Gateway.

About this task

To extract user attributes:

Steps

Capture the header value assigned to the upstream_introspection_header parameter in the OIDC plugin configuration.
Assign the header value to the location key in the jwt object of the API JSON file.

Result:

API Security Enforcer (ASE) will extract the user information from the JWT.
If upstream_introspection_header is not configured in the OIDC plugin, then complete the following configuration and assign x_introspection to the location key in the jwt object of the API JSON file:
```
http patch  :8001/plugins/$PLUGIN_ID config:=@patch.json
cat patch.json
{
  "upstream_introspection_header":  "x_introspection"
}
```
Example:

The following is a snippet of JWT object from a sample API JSON file:
```
"jwt": {
 "location": "h:x_introspection",
"username": "username",
"clientid": "client_id"
}
```

Next steps

For more information on configuring the API JSON file, see Defining an API using API JSON configuration file in sideband mode.

PingIntelligence

Extracting user information when an OIDC plugin is installed

About this task

Steps

Result:

Example:

Next steps