Pass openid-connect data to grpc-transcode

[vatomicgreg]

[vatomicgreg]

I'm using grpc-transcode to convert HTTP calls to GRPC calls.
I'm protecting these HTTP calls with openid-connect.

If the openid-connect token is validated, then the HTTP call can go through to the GRPC service.My question is how I can pass on some of the authenticated information? For example the JWT used for authorization.The reasons for using the oidc-connect plugin are authentication but also identification so that the upstream service knows who is authenticated and can extract info from the JWT.I guess I can have the client replicate the JWT token in both the header (for the openid-connect plugin to use for authentication) and in the body json (for the grpc-transcode plugin to pass onto the service that can extract the data in the JWT).

This requires sending the same data in both the header and body. Not so elegant...I guess the better question might be to ask if I even need to bother with the oidc-connect plugin if I can just pass the JWT to the GRPC service and rely on it to confirm the JWT is valid. I was assuming the oidc-plugin doing the validation was somehow a better was to go as it actually calls the authentication service whereas the grpc service would probably just decode the JWT and proceed if it was valid.

[vatomicgreg]

To somewhat answer my own question, I see that the JWT actually makes it to the GRPC service. So now my only question becomes if I am duplicating efforts having Apisix oidc-connect plugin decode and validate the token AND the grpc service do the same after in order to extract the data in the token (and I guess validate it again).

[tokers]

Is the X-User-Info header the thing you want?

[tokers]

See set_userinfo_header field in the OpenID Connection plugin.