config: support map of jwt claim headers (#1906)

* config: support map of jwt claim headers * fix array handling, add test * update docs * use separate hook, add tests
2025-05-10 07:37:33 +02:00 · 2021-02-17 13:43:18 -07:00 · 2021-02-17 13:43:18 -07:00 · 1a1cc30c67
commit 1a1cc30c67
parent d04416a5fd
14 changed files with 482 additions and 269 deletions
--- a/docs/reference/readme.md
+++ b/docs/reference/readme.md
@ -832,6 +832,15 @@ Any claim in the pomerium session JWT can be placed into a corresponding header

 `X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested.

+This option also supports a nested object to customize the header name. For example:
+
+```yaml
+jwt_claims_headers:
+  X-Email: email
+```
+
+Will add an `X-Email` header with a value of the `email` claim.
+
 Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.


--- a/docs/reference/settings.yaml
+++ b/docs/reference/settings.yaml
@ -938,6 +938,15 @@ settings:

          `X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested.

+          This option also supports a nested object to customize the header name. For example:
+
+          ```yaml
+          jwt_claims_headers:
+            X-Email: email
+          ```
+
+          Will add an `X-Email` header with a value of the `email` claim.
+
          Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.
        shortdoc: |
          The JWT Claim Headers setting allows you to pass specific user session data down to downstream applications as HTTP request headers.