Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Support]: How to get the full "authentication" header with using NGINX in auth_request mode ? #3210

New issue
Copy link
New issue
Copy link
Open
Open
[Support]: How to get the full "authentication" header with using NGINX in auth_request mode ?#3210
Copy link
Labels
configurationhelp wanted
@agordon

Description

@agordon
agordon
opened on Sep 27, 2025
Issue body actions

OAuth2-Proxy Version

7.12.0

Provider

google

Current Behaviour of your Problem

Hello,

I have oauth2-proxy configured with nginx in "auth_request" mode.
The setup is working well, that is: Authentication with Googles works, then back to NGINX, then using "auth_request" to /oauth2/auth , which returns HTTP 202, then finally to my upstream application.
nginx is configured with:

                auth_request_set $user $upstream_http_x_auth_request_user;
                auth_request_set $email $upstream_http_x_auth_request_email;
                proxy_set_header X-User $user;
                proxy_set_header X-Email $email;

And the upstream application receives the Http-X-User and Http-X-Email with correct values.

So far - so good.

Now I have one more need/request: How can I pass the Authentication: Bearer [JWT] value to the upstream application? It seems to be a combination of oauth2-proxy configuration values and nginx configuration values that I can't figure out.

Please note that I'm not interested in the access-token - I need the JWT values from the authentication field.

What is the correct combination of oauth2-proxy's options and nginx's auth_request_set that can pass the authentication to the server ?

Thanks!

Configuration details or additional information

oauth2-proxy has set_xauthrequest = true . I tried different combinations of set_authorization_header / pass_authorization_header , pass_basic_auth , set_basic_auth but couldn't get the Authorization header to pass.

nginx has:

...
...
 location /oauth2/ {
                proxy_pass http://oauth2_proxy_auth_test_2 ;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Auth-Request-Redirect $request_uri;
        }
location = /oauth2/auth {
                internal;
                proxy_pass http://oauth2_proxy_auth_test_2;
                proxy_set_header Host             $host;
                proxy_set_header X-Real-IP        $remote_addr;
                proxy_set_header X-Forwarded-Uri  $request_uri;
                proxy_pass_request_body off;
                proxy_set_header Content-Length "";
         }

   location / {
                auth_request /oauth2/auth;
                error_page 401 =403 /oauth2/start?rd=$request_uri;

                auth_request_set $user $upstream_http_x_auth_request_user;
                auth_request_set $email $upstream_http_x_auth_request_email;
                proxy_set_header X-User $user;
                proxy_set_header X-Email $email;
     
                proxy_pass http://127.0.0.1:8000 ;  # my upstream server
        }
...
...

Steps To Reproduce

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    configurationhelp wanted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.