Missing x-userinfo header when using keycloack and kong-oidc

am trying to use kong oicd with keycloak 19.0.3 to secure my app and that my Dockerfile

FROM kong/kong:2.7.0


USER root
RUN apk update && apk add git unzip luarocks
RUN luarocks install kong-oidc

RUN git clone --branch v1.2.3-2 https://github.com/revomatico/kong-oidc.git
WORKDIR /kong-oidc
RUN luarocks make

RUN luarocks pack kong-oidc ${OIDC_PLUGIN_VERSION} \
     && luarocks install kong-oidc-${OIDC_PLUGIN_VERSION}.all.rock

RUN git clone --branch 20200505-access-token-processing https://github.com/BGaunitz/kong-plugin-jwt-keycloak.git
WORKDIR /kong-plugin-jwt-keycloak
RUN luarocks make

RUN luarocks pack kong-plugin-jwt-keycloak ${JWT_PLUGIN_VERSION} \
     && luarocks install kong-plugin-jwt-keycloak-${JWT_PLUGIN_VERSION}.all.rock

USER kong

i did configure by passing the client id and client secret and the discovery endpoint

when i visit the configured route in kong i get redirected to keycloak to authenticate and after success auth, i get redirected back to my app but when i check the headers i find no x-userUnfo and i find only session cookie am i missing something?

am using nginx as an app to test in my case and i need to make in the future request from my app to some API which also will be protected by kong oidc and i need to have a piece of the identity of the current loggedin user to do permission stuff

I’m not very familiar with kong-oidc, but it seems to be a reverse proxy with oidc authentication.

That being the case, I’m pretty sure you won’t see any custom header leaving your browser, just the cookie which was set by kong after a successful login with keycloak.

Kong will get this cookie, use it to determine if the browser is still authenticated and inject necessary headers to the backend.

Maybe you’ll benefit from using a request dumper like GitHub - daime/http-dump: Dumps HTTP requests to inspect what kong is requesting to the backend server.

Thanks for replying I already did figure how kong oicd work, I didn’t know that x-userinfo and x-access -token get injected by kong before the request reach the upstream server