How can enable passing idToken to the underlying apiService?

cybercoder · July 19, 2024, 12:23pm

My kubeAPI is using OIDC and I’ve enabled both username, and group claims.
I have created a Kubernetes APIService under Kube API aggregation. I need to decode the idToken and use its data. but Kube API only sends limited headers to the API Service:

  'x-forwarded-for': 'x.x.x.x,y.y.y.y',
  'x-forwarded-host': '10.42.0.183:3000',
  'x-forwarded-proto': 'https',
  'x-forwarded-scheme': 'https',
  'x-forwarded-uri': '/apis/myapi/v1alpha1/namespaces/1707237939748/tickets',
  'x-real-ip': 'z.z.z.z',
  'x-remote-group': 'owner, system:authenticated',
  'x-remote-user': 'demo@example.org'

Is it possible to tell kubeAPI to send the original idToken to the APIService?

Topic		Replies	Views
Why use ID Tokens instead of Access Tokens for Authorization? General Discussions	2	948	February 27, 2024
Kubectl not able to use refresh-token microk8s development , security , network	0	4840	May 16, 2022
KubeAPI Dynamic OIDC, multi tenant IAM General Discussions oidc	0	357	July 28, 2023
Initializing k8s with OIDC General Discussions oidc	1	2425	May 29, 2020
How to access app in k8s cluster by aggregator apiservice with Authorization header General Discussions	0	325	November 6, 2023

How can enable passing idToken to the underlying apiService?

Related topics