Auth0 Identity Value Not Fetching Inside Identity Field #1475

JVaghela-Fintech · 2025-05-15T10:04:03Z

I'm having trouble fetching the Auth0 identity value inside the zilla:identity field. Despite explicitly configuring identity: sub in the JWT guard settings, the identity value is not being populated.

Steps to Reproduce:

Configure Auth0 application with HTTP authentication enabled
Set issuer and audience from Auth0:

issuer: auth0 issuer
audience: auth0 audience

Attempt to fetch the identity using:

zilla:identity: ${guarded['lsauthgaurd'].identity}

Configuration:

name: ZillaProxy
vaults: {}
guards:
  lsauthgaurd:
    type: jwt
    options:
      issuer: auth0 issuer
      audience: auth0 audience
      challenge: 30
      identity: sub


bindings:
  tcp_server_a:
    type: tcp
    kind: server
    options:
      host: 0.0.0.0
      port: 7114
    exit: http_server_a
  http_server_a:
    type: http
    kind: server
    telemetry:
      exporters:
        stdout:
          type: stdout
    options:
      access-control:
        policy: cross-origin
      authorization:
        lsauthgaurd:
          credentials:
            headers:
              authorization: Bearer {credentials}
            query:
              access_token: "{credentials}"


      versions:
        - h2
        - http/1.1
    routes:
      - when:
          - headers:
              :scheme: http
              :authority: ${{env.AUTHORITY_URL}}
              :path: /updates
          - headers:
              :scheme: https
              :authority: ${{env.AUTHORITY_URL}}
              :path: /updates
        exit: updates-sse_server

      - when:
          - headers:
              :scheme: http
              :authority: ${{env.AUTHORITY_URL}}
              :path: /live-trades
          - headers:
              :scheme: https
              :authority: ${{env.AUTHORITY_URL}}
              :path: /live-trades
        exit: updates-sse_server

      - when:
          - headers:
              :scheme: http
              :authority: ${{env.AUTHORITY_URL}}
          - headers:
              :scheme: https
              :authority: ${{env.AUTHORITY_URL}}
              # :path: /api/*
        exit: http-kafka_proxy_a

  updates-sse_server:
    type: sse
    kind: server
    exit: updates_sse_kafka_mapping
  updates_sse_kafka_mapping:
    type: sse-kafka
    kind: proxy
    routes:
      - when:
          - path: /updates
        with:
          topic: ordermanager.ui.orders
        exit: sse_kafka_cache_client

      - when:
          - path: /live-trades
        with:
          topic: rtrs.realtime.trades.ui.outbound
        exit: sse_kafka_cache_client
  sse_kafka_cache_client:
    type: kafka
    kind: cache_client
    exit: sse_kafka_cache_server
  sse_kafka_cache_server:
    type: kafka
    kind: cache_server
    options:
      bootstrap:
        - ordermanager.ui.orders
        - rtrs.realtime.trades.ui.outbound
    exit: sse_kafka_client
  sse_kafka_client:
    type: kafka
    kind: client
    telemetry:
      exporters:
        stdout:
          type: stdout
    options:
      servers:
        - ${{env.KAFKA_BOOTSTRAP_SERVER}}
      sasl:
        mechanism: scram-sha-256
        username: ${{env.SASL_USERNAME}}
        password: ${{env.SASL_PASSWORD}}
    exit: ${{env.TRANSPORT_CLIENT}}

  http-kafka_proxy_a:
    type: http-kafka
    kind: proxy
    telemetry:
      exporters:
        stdout:
          type: stdout
    routes:
      - when:
          - method: PUT
            path: /historical-trades/{id}
          - method: GET
            path: /historical-trades/{id};cid={correlationId}
        exit: kafka_cache_client_b
        with:
          capability: produce
          topic: rtrs.historical.query.ui.inbound # Kafka topic for historical trades
          key: ${params.id} # Idempotency key for request deduplication
          reply-to: rtrs.historical.trades.ui.outbound # Outbound topic for reply
          overrides:
            zilla:identity: ${guarded['lsauthgaurd'].identity}
          async:
            location: /historical-trades/${params.id};cid=${correlationId}
        # guarded:
        #   lsauthgaurd:
        #     - write:Admin
        #     - read:Admin

  kafka_cache_client_b:
    type: kafka
    kind: cache_client
    telemetry:
      metrics:
        - stream.*
        - http.*
    exit: kafka_cache_server_b
  kafka_cache_server_b:
    type: kafka
    kind: cache_server
    telemetry:
      metrics:
        - stream.*
        - http.*
    options:
      bootstrap:
        - rtrs.historical.trades.ui.outbound

    exit: kafka_client_b
  kafka_client_b:
    type: kafka
    kind: client
    telemetry:
      metrics:
        - stream.*
        - http.*
    options:
      servers:
        - ${{env.KAFKA_BOOTSTRAP_SERVER}}
      sasl:
        mechanism: scram-sha-256
        username: ${{env.SASL_USERNAME}}
        password: ${{env.SASL_PASSWORD}}
    exit: ${{env.TRANSPORT_CLIENT}}
  tls_client_a:
    type: tls
    kind: client
    exit: tcp_client_b
  tcp_client_b:
    type: tcp
    kind: client
telemetry:
  exporters:
    stdout:
      type: stdout

Expected Behavior:
The zilla:identity field should be populated with the sub claim from the JWT token.

Actual Behavior:
The identity value is not being fetched or populated in the zilla:identity field.

The text was updated successfully, but these errors were encountered:

jfallows added the needs_triage Unknowns need to be addressed label May 26, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Auth0 Identity Value Not Fetching Inside Identity Field #1475

Auth0 Identity Value Not Fetching Inside Identity Field #1475

Auth0 Identity Value Not Fetching Inside Identity Field #1475

Auth0 Identity Value Not Fetching Inside Identity Field #1475

Comments