support external jwt claims to be passed downstream

[ojafri]

enhances extauth plugin to support extracting claims from externally issued authorization bearer jwt payload and add them as a customizable request header extauth-claims-header to be passed downstream.

This is useful for passing scopes and other relevant information to downstream when authorization/access token is stripped keep-authorization-header: false

It also supports customizing which of the private/sensitive claims from payload are to be omitted via extauth-exclude-claims config property

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[ojafri]

I signed it!

[ojafri]

I signed it!

…

On Mon, Jun 10, 2019, 13:41 googlebot ***@***.***> wrote: Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 *Please visit https://cla.developers.google.com/ <https://cla.developers.google.com/> to sign.* Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it. ------------------------------ What to do if you already signed the CLA Individual signers - It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data <https://cla.developers.google.com/clas> and verify that your email is set on your git commits <https://help.github.com/articles/setting-your-email-in-git/>. Corporate signers - Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version <https://opensource.google.com/docs/cla/#troubleshoot>). - The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data <https://cla.developers.google.com/clas> and verify that your email is set on your git commits <https://help.github.com/articles/setting-your-email-in-git/>. - The email used to register you as an authorized contributor must also be attached to your GitHub account <https://github.com/settings/emails>. ℹ️ *Googlers: Go here <https://goto.google.com/prinfo/https%3A%2F%2Fgithub.com%2Fapigee%2Fmicrogateway-plugins%2Fpull%2F113> for more info*. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#113?email_source=notifications&email_token=ADTRZEHTQBE74IA2GBVCM5LPZ2G5ZA5CNFSM4HWVSMY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXKS2PY#issuecomment-500510015>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADTRZEBTVA6SAZ3JEM4WVOLPZ2G5ZANCNFSM4HWVSMYQ> .

[ojafri]

can i please request a review for this pr, this has been pending for 3+ weeks already. If this won't be reviewed, I'll close it, but would very much appreciate if it can be commented upon what's the problem