Header Injection, Dashboard, JWT


#1

Trying to set up Tyk for the first time…

According to dpkg I have tyk-gateway 2.2.0.27 and tyk-dashboard 1.2.0.0

I have set up my API successfully, and I’d like to put JWT claims into the request header that goes to the back-end services. I see that header injection with $tyk_context.* should be supported in Tyk 2.2, and I believe I saw that the support for accessing JWT claims via the context was added in 2.2.0.4 or something (so I’m assuming I should see it in 2.2.0.27).

Nevertheless, I can’t get anything with $tyk_context to work.

I go into the dashboard, select the API, select my (working) entry in Endpoint Designer, and use Modified Headers / Request.

If I add the header “x-some-header” with value “14” then my service sees the header.

If I add the same header with any of the following values, then my service does not see the header (it silently disappears).

$tyk_context.jwt_claims_MyClaimName
$tyk_context.token
$tyk_context.remote_addr
$tyk_context

I do not see any errors in /var/log/upstart/tyk-gateway.log so I’m not even sure how to debug it. If somehow I don’t have a release supporting the first option, I would have expected the second to put the whole JWT token in there, and if somehow that’s not the token in question, at a minimum I would have expected the third to work.

Is there some different syntax needed when applying these settings via the dashboard? Or does it simply not work via the dashboard? (Though it doesn’t come through as a fixed value of $tyk_context… either – the header just isn’t added to the request.)

Any suggestions on how to debug this?

Thanks!


#2

Have you enabled context variables in your API Definition (see the advanced tab)?

M.


#3

That was it. Now working. Thanks!

I had no idea there was a setting needed to enable that – maybe it could be mentioned on the page https://tyk.io/tyk-documentation/transform-traffic/request-headers/ ?


#4

Yeah we might want to add a note there.

Context vars take extra processing so they need to be explicitly enabled as we need to take the processing hit.