Sending the jwt token and request payload via kubernetes ingress controller

Question

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/auth-url: https://externalauthetication/authorize
    nginx.ingress.kubernetes.io/auth-method: POST
spec:
  rules:
  - host: hw1.yourdomain
    http:
      paths:
      - backend:
          serviceName: hello-kubernetes-first
          servicePort: 80
  - host: hw2.yourdomain
    http:
      paths:
      - backend:
          serviceName: hello-kubernetes-second
          servicePort: 80

the externalauthtication/authorize api expects a jwt authentication and a request payload

so test this i am sending the jwt token and payload via curl

curl -i -k https://hw1.yourdomain -H "accept: /" -H "Authorization: Bearer yJ0eXAiOiJKV1QiL*****" -H "Content-Type: application/json" -d "{"pathParameters":{"additionalProp1":"string","additionalProp2":"string","additionalProp3":"string"},"opId":"queryApps","scope":"region"}"

but getting this error 2021/03/04 09:05:40 [error] 4619#4619: *538371 auth request unexpected status: 411 while sending to client, client: 192.168.99.1, server: hw1.yourdomain, request: "POST / HTTP/2.0", host: "hw1.yourdomain" 192.168.99.1 - - [04/Mar/2021:09:05:40 +0000] "POST / HTTP/2.0" 500 170 "-" "curl/7.71.1" 3520 1.746 [default-hello-kubernetes-first-80] [] - - - - 530753d2f9468f09f8c94030fcb4f640

Is this the right way to set the auth-url and send the token and request payload

As [the 411 reference explains](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/411), nginx is sending a `POST` to that URI, but either without a body (which I strongly suspect) or a body of indefinite length, which makes the upstream server angry. The `auth-url:` mechanism does not pass along the _client's request_ to the authorization server, that would be crazy. Perhaps you're missing [`nginx.ingress.kubernetes.io/auth-proxy-set-headers:`](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#external-authentication)? — mdaniel, Mar 04 '21 at 15:31
What should I set in auth_proxy_set_headers ? how to pass the jwt token from curl command to the auth-url ? — Divya Vyas, Mar 04 '21 at 20:05
hi @[Divya Vyas](https://stackoverflow.com/users/9389899/divya-vyas), how it can be recreated, could you provide more details about your https://externalauthetication/authorize. What version of nginx-ingress controller are you using? — Mark, Mar 09 '21 at 09:11

Sending the jwt token and request payload via kubernetes ingress controller

0 Answers0