从服务中的 JWT 负载中检索信息
Retrieving information from the payload of a JWT in a service
上下文:kubernet + isio + 网关(HTTPS/JWT)+ nodejs 服务。
服务电话:
USER_TOKEN=$(< user.jwt); curl -H "Host: service.server.io" -H "Authorization: Bearer $USER_TOKEN" https://service.server.io:443/feature --cacert service-server.crt --resolve service.server.io:443:10.109.30.39
一切正常,但我想检索存储在 JWT 负载中的用户 ID { user_uid: xxxxx, group: xxx }。
理想情况下,我希望将“user_id”注入到请求中header,以便我可以从节点中检索它。
Header:
“主持人”:“service.server.io”
"user-agent":"curl/7.68.0","接受":"/"
"x-forwarded-for":"172.17.0.1"
"x-forwarded-proto":"https"
"x-request-id":"6783b5c0-6d20-4702-98d7-b04732de90cc"
"x-envoy-attempt-count":"1"
"x-envoy-internal":"真"
"x-forwarded-client-cert":"By=spiffe://cluster.local/ns/server/sa/service;Hash=118639f45b8873d8a38fb947736dbcfb974d12ae54ad46a8ba391ef9130f289e;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account “
"x-b3-traceid":"8119e0fa2fc19699f301e1c7035e099d"
"x-b3-spanid":"2910ce2ce185e82b"
"x-b3-parentspanid":"f301e1c7035e099d"
"x-b3-sampled":"0"
感谢您的帮助,
WCDR
感谢 Istio 文档 ^_^
outputPayloadToHeader string This field specifies the header name to output a successfully verified JWT payload to the backend. The forwarded data is base64_encoded(jwt_payload_in_JSON). If it is not specified, the payload will not be emitted.
编辑 yaml 文件:
种类:“RequestAuthentication”
同级jws下添加:outputPayloadToHeader:x-jwt
应用更改...
现在可以使用新的 header 输入“x-jwt”它是一个包含有效负载的 base64 输入。
上下文:kubernet + isio + 网关(HTTPS/JWT)+ nodejs 服务。
服务电话:
USER_TOKEN=$(< user.jwt); curl -H "Host: service.server.io" -H "Authorization: Bearer $USER_TOKEN" https://service.server.io:443/feature --cacert service-server.crt --resolve service.server.io:443:10.109.30.39
一切正常,但我想检索存储在 JWT 负载中的用户 ID { user_uid: xxxxx, group: xxx }。
理想情况下,我希望将“user_id”注入到请求中header,以便我可以从节点中检索它。
Header:
“主持人”:“service.server.io”
"user-agent":"curl/7.68.0","接受":"/"
"x-forwarded-for":"172.17.0.1"
"x-forwarded-proto":"https"
"x-request-id":"6783b5c0-6d20-4702-98d7-b04732de90cc"
"x-envoy-attempt-count":"1"
"x-envoy-internal":"真"
"x-forwarded-client-cert":"By=spiffe://cluster.local/ns/server/sa/service;Hash=118639f45b8873d8a38fb947736dbcfb974d12ae54ad46a8ba391ef9130f289e;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account “
"x-b3-traceid":"8119e0fa2fc19699f301e1c7035e099d"
"x-b3-spanid":"2910ce2ce185e82b"
"x-b3-parentspanid":"f301e1c7035e099d"
"x-b3-sampled":"0"
感谢您的帮助,
WCDR
感谢 Istio 文档 ^_^
outputPayloadToHeader string This field specifies the header name to output a successfully verified JWT payload to the backend. The forwarded data is base64_encoded(jwt_payload_in_JSON). If it is not specified, the payload will not be emitted.
编辑 yaml 文件: 种类:“RequestAuthentication”
同级jws下添加:outputPayloadToHeader:x-jwt
应用更改...
现在可以使用新的 header 输入“x-jwt”它是一个包含有效负载的 base64 输入。