Currently all protected endpoint request in my application forwarded to token introspection endpoint which we handled internally. During the forward by using Kong oauth2-introspection plugin and working fine. I need to pass an additional header from the incoming request to the token introspection API. Please clarify me the approach how to achieve this.
Example:
Current Implementation:
https://abc.com/xyz
Request Header:
Authorization, Channel
Token Introspection API receives:
(no other headers)
https://abc.com/token-introspection?token=authtoken
Expected Implementation:
https://abc.com/xyz
Request Header:
Authorization, Channel=Web
Token Introspection:
Expected :
Header: Channel=WEB
https://abc.com/token-introspection?token=authtoken
Explored below Kong plugin to forward the header to introspection URL and all are not working.
- oauth2-introspection plugin
- request-transformer-advanced plugin
- request-transformer plugin
- oidc introspection plugin
- prefunctionection plugin