Is it possible to remove headers to upstream endpoint?

msilvestre · July 17, 2020, 3:01pm

I don’t want to send the token to the upstream endpoint. Is there any way to do it?

I’ve set the --enable-authorization-header=false but it is sending the token. What does this config do?

louketo/louketo-proxy/blob/master/docs/user-guide.md#upstream-headers

# Louketo Proxy

Louketo is a proxy which integrates with OpenID Connect (OIDC) Providers, it supports both access tokens in a browser cookie or bearer tokens.

This documentation details how to build and configure Louketo followed by details of how to use each of its features.

For further information, see the included help file which includes a
full list of commands and switches. View the file by entering the
following at the command line (modify the location to match where you
install Louketo Proxy):

``` bash
    $ bin/louketo-proxy help
```
## Requirements
    
  - Go 1.13 or higher
  - Make

## Configuration options

This file has been truncated. show original

I can see the following:

“On protected resources, the upstream endpoint will receive a number of headers added by the proxy, along with custom claims, like this:
X-Auth-Email
X-Auth-ExpiresIn
X-Auth-Groups
X-Auth-Roles
X-Auth-Subject
X-Auth-Token
X-Auth-Userid
X-Auth-Username”

Does the gatekeeper always add this headers? Can I have any control on it?
Thanks

Topic		Replies	Views
Migrate from louketo-proxy to oauth2-proxy Securing applications oidc	1	938	February 4, 2021
Adding headers to request/response of token endpoint	0	429	March 17, 2023
JWT in the response with roles Getting advice authentication , oidc	0	217	October 10, 2023
Keycloak, Gatekeeper and multi tenency Configuring the server	0	539	November 17, 2020
Keycloak Gatekeeper - wishlist Securing applications gatekeeper	5	1828	December 2, 2019

Is it possible to remove headers to upstream endpoint?

Related Topics