Skip to content

Why there's no additional_headers setting for jwt auth? #1181

Answered by vinckr
renom asked this question in Q&A
Discussion options

You must be logged in to vote

Hey @renom
I think the reason why it's not available for the jwt method could be due to the nature of JWT itself. JWT are self-contained, meaning that all the necessary information should be contained within the token itself. This includes the method used for authentication, which is typically specified in the alg (algorithm) claim of the JWT. So here might not be a need to specify the method in an additional header.
If you need to add custom headers based on the authentication method, you might consider using Ory's hydrator mutator. This mutator allows for fetching additional data from external APIs, which can be then used by other mutators. It works by making an upstream HTTP call to an…

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@renom
Comment options

Answer selected by vinckr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants