pass access token

Jing-ze · Dec 25, 2024 · 99545cf · 99545cf
1 parent cbf3715
commit 99545cf
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/oauthproxy.go b/oauthproxy.go
@@ -69,6 +69,7 @@ type OAuthProxy struct {
 	appDirector       redirect.AppDirector
 
 	passAuthorization bool
+	passAccessToken   bool
 	encodeState       bool
 
 	client wrapper.HttpClient
@@ -137,6 +138,7 @@ func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error) {
 		appDirector:       appDirector,
 		encodeState:       opts.EncodeState,
 		passAuthorization: opts.PassAuthorization,
+		passAccessToken:   opts.PassAccessToken,
 
 		client: serviceClient,
 	}
@@ -441,6 +443,10 @@ func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
 			proxywasm.AddHttpRequestHeader("Authorization", fmt.Sprintf("%s %s", providers.TokenTypeBearer, session.IDToken))
 			util.Logger.Debug("Authorization header add id token")
 		}
+		if p.passAccessToken {
+			proxywasm.AddHttpRequestHeader("X-Forwarded-Access-Token", session.AccessToken)
+			util.Logger.Debug("X-Forwarded-Access-Token header add access token")
+		}
 		if cookies, ok := rw.Header()[SetCookieHeader]; ok && len(cookies) > 0 {
 			newCookieValue := strings.Join(cookies, ",")
 			if p.ctx != nil {

diff --git a/pkg/apis/options/options.go b/pkg/apis/options/options.go
@@ -32,6 +32,7 @@ type Options struct {
 	SkipAuthPreflight bool `mapstructure:"skip_auth_preflight"`
 	EncodeState       bool `mapstructure:"encode_state"`
 	PassAuthorization bool `mapstructure:"pass_authorization_header"`
+	PassAccessToken   bool `mapstructure:"pass_access_token"`
 
 	VerifierInterval   time.Duration `mapstructure:"verifier_interval"`
 	UpdateKeysInterval time.Duration `mapstructure:"update_keys_interval"`
@@ -57,6 +58,7 @@ func NewOptions() *Options {
 		Session:            sessionOptionsDefaults(),
 		SkipAuthPreflight:  false,
 		PassAuthorization:  true,
+		PassAccessToken:    false,
 		VerifierInterval:   2 * time.Second, // 5 seconds
 		UpdateKeysInterval: 24 * time.Hour,  // 24 hours
 		MatchRules:         matchRulesDefaults(),