nginx auth_request: access original query parameter

Question

I'm trying to figure out if it is possible to forward a query-parameter from the original URL to the auth_request handler/service?

Users should be able to add the API-token as a query-parameter like this: https://example.com/api/user?token=237263864823674238476

And not via header or cookie. Can I access the token parameter somehow in the auth-service? Or write the token query-parameter in a custom header with NGINX?
Tried this so far:

location = /api/user {
  auth_request /auth;
  proxy_set_header X-auth-token-from-query $arg_token;

  proxy_pass http://<url>;
}

/auth endpoint doesn't get the X-auth-token-from-query header but after returning a 200 the upstream-proxy does get the header.

Answer 1

You'll very likely want to pass the url (the uri) to the auth-request endpoint as well. You can do this in one go:

location = /api/auth {
  proxy_set_header X-Original-URI $request_uri;
  proxy_set_header X-Original-METHOD $request_method;
  proxy_pass_request_body off;
  proxy_set_header Content-Length "";

  proxy_pass http://<url>;
}

Bonus: I also passed the method! :tada:

Answer 2

The following worked for me

        location = /auth {
          internal;
          set $query '';
          if ($request_uri ~* "[^\?]+\?(.*)$") {
              set $query $1;
          }
          proxy_pass                http://myauthpoint?$query;
          proxy_pass_request_body   off;
          proxy_set_header          Content-Length "";
        }