Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi team,
Here are two policies for the new APIcast policy system that helps to handle some of the OpenID Connect use cases.
Needs
Some customer would like to use the information provided in the OpenID Connect token to base their decisions or to enrich the HTTP request.
Some use cases could be :
Implementation
There are two policies, one for decoding the OIDC token, one for exploding its values as HTTP headers.
The one that decodes the OIDC token and store the payload as a context value is the most questionable since it would have been better done directly by APIcast during the token validation.
I also added a sample apicast configuration files with the required OIDC configuration fields since it took me quite some time to figure out the proper format.
Remaining work
I ran out of time to make everything nice and clean so there are some missing parts that needs to be completed:
Of course this pull request is not intended to be merged as-is in the product. It would be more a discussion on the subject.
Many thanks for your help !
Nicolas