Skip to content

Allow forwarding selected request headers to remote authorizer #1270

Description

@richiejenkins

Preflight checklist

Ory Network Project

No response

Describe your problem

The remote authorizer currently forwards only Content-Type and Authorization from the inbound request. Use cases like HMAC/signature preflight verification need additional original-request headers (e.g.X-Signature, X-Timestamp, signing nonces) to reach the verifier service.

Describe your ideal solution

Add an optional forward_request_headers_to_remote: []string config field on the remote authorizer. When set, the listed headers are copied from the inbound request to the outbound request to the remote endpoint.

This mirrors the existing forward_response_headers_to_upstream field but in the request direction. Default behavior is unchanged when omitted.

Workarounds or alternatives

Allowing headers templates access to a .Request field, but the dedicated allowlist field seemed simplest and most consistent with the existing API.

Version

v26.2.0

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    featNew feature or request.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions