Skip to content

feat: forward authenticated user identity to upstream via headers#135

Merged
hrntknr merged 2 commits intomainfrom
header-metadata
Apr 3, 2026
Merged

feat: forward authenticated user identity to upstream via headers#135
hrntknr merged 2 commits intomainfrom
header-metadata

Conversation

@hrntknr
Copy link
Copy Markdown
Member

@hrntknr hrntknr commented Apr 3, 2026

Summary

  • Add --header-mapping flag (HEADER_MAPPING env var) to inject authenticated user identity into upstream request headers by mapping userinfo fields via JSON pointers (e.g., /email:X-Forwarded-Email)
  • Fix JWT subject claim from hardcoded "user" to the actual authenticated user's identity
  • Embed full userinfo as JWT custom claims; extract and inject headers in the proxy layer

Type of Change

  • feat: A new feature

Related Issues

Closes #130

hrntknr added 2 commits April 3, 2026 21:37
@hrntknr
feat: forward authenticated user identity to upstream via headers
b4013df 
Add --header-mapping flag to inject OIDC/Google/GitHub userinfo
attributes into upstream request headers. Userinfo is embedded
as JWT custom claims and extracted in the proxy using JSON pointers.

Also fixes JWT subject claim from hardcoded "user" to the actual
authenticated user's identity.

Closes #130
@hrntknr
merge: resolve conflicts with origin/main
ba00028 
Integrate GrantAudience, trailing-slash normalization, healthz endpoint,
and state-generation changes from main while preserving header-mapping
feature additions.
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 3, 2026

Codecov Report

❌ Patch coverage is 76.31579% with 27 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
pkg/auth/github.go 47.36% 9 Missing and 1 partial ⚠️
pkg/idp/idp.go 56.25% 4 Missing and 3 partials ⚠️
pkg/auth/oidc.go 71.42% 3 Missing and 1 partial ⚠️
main.go 90.47% 1 Missing and 1 partial ⚠️
pkg/proxy/proxy.go 89.47% 2 Missing ⚠️
pkg/auth/auth.go 83.33% 1 Missing ⚠️
pkg/auth/google.go 92.85% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@hrntknr hrntknr merged commit e847ed5 into main Apr 3, 2026
8 checks passed
@sigbit-release-bot sigbit-release-bot Bot mentioned this pull request Apr 3, 2026
Merged
@healqq healqq mentioned this pull request Apr 3, 2026
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: forward authenticated user identity to upstream via headers

1 participant

@hrntknr