mod_auth_openidc How to configure empty OIDCClaimPrefix in mod_auth_openidc.conf

612 views Asked by At

I am using mod_auth_openidc as Resource Server. I want to configure OIDCClaimPrefix parameter as empty string, as I want to pass the claims received from OAuth server as it is(don't want any prefix with anything). I tried to keep OIDCClaimPrefix as empty but seems it expects 1 argument. How can I pass empty or blank prefix?

1

There are 1 answers

1
Hans Z. On BEST ANSWER

An empty prefix is currently not possible. You could use a space (" ") and assuming that your application code strips leading and trailing blanks, that may work for you.

Be aware that not adding a prefix makes it impossible to distinguish between headers that mod_auth_openidc sets and headers that are passed in from the client (since mod_auth_openidc cleans any header with the prefix that comes directly from the client), so security-wise it would not make sense to allow an empty prefix.

If you have a compelling case that does not render systems insecure you could add a feature request to the issue tracker on github.