Need additional header for secret opa tokens

Tyk will only allow valid bearer tokens, so need additional place to add magic root token
CanDIG · Jul 28, 2022 · 832948c · 832948c
1 parent 84a464a
commit 832948c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/permissions_engine/authz.rego b/permissions_engine/authz.rego
@@ -41,8 +41,10 @@ allow {                             # Allow request if...
     right.path == input.path        # Right.path matches input.path.
 }
 
+x_opa := input.headers["X-Opa"][_]
+
 identity_rights[right] {             # Right is in the identity_rights set if...
-    token := tokens[input.identity]  # Token exists for identity, and...
+    token := tokens[x_opa]  # Token exists for identity, and...
     role := token.roles[_]           # Token has a role, and...
     right := rights[role]            # Role has rights defined.
 }