From 1cc1f1bb8c03a8b763d1a40890f06e90255e603a Mon Sep 17 00:00:00 2001
From: "m.lettere" <marco.lettere@nubisware.com>
Date: Fri, 22 Oct 2021 15:02:05 +0200
Subject: [PATCH] support IAM sending gunzipped tokens

---
 roles/pep/templates/nginx.default.conf.j2 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/pep/templates/nginx.default.conf.j2 b/roles/pep/templates/nginx.default.conf.j2
index 9a6ed51..d4c526b 100644
--- a/roles/pep/templates/nginx.default.conf.j2
+++ b/roles/pep/templates/nginx.default.conf.j2
@@ -57,12 +57,14 @@ server {
     proxy_set_header  Authorization $pep_credentials;
     proxy_set_header  Content-Type "application/x-www-form-urlencoded";
     proxy_pass        "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token/introspect";
-  
+    
+    proxy_ignore_headers  Cache-Control Expires Set-Cookie;
+    gunzip on;
+ 
     proxy_cache           token_responses; # Enable caching
     proxy_cache_key       $source_auth;    # Cache for each source authentication
     proxy_cache_lock      on;              # Duplicate tokens must wait
     proxy_cache_valid     200 10s;         # How long to use each response
-    proxy_ignore_headers  Cache-Control Expires Set-Cookie;
   }
   
   location /jwt_request {
@@ -72,6 +74,7 @@ server {
     proxy_set_header  Authorization $pep_credentials;
     proxy_set_header  Content-Type "application/x-www-form-urlencoded";
     proxy_pass        "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token";
+    gunzip on;
   }
   
   location /permission_request {
@@ -81,6 +84,7 @@ server {
     proxy_set_header  Content-Type "application/x-www-form-urlencoded";
     proxy_set_header  Authorization "Bearer $auth_token";
     proxy_pass        "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token";
+    gunzip on;
   }
 
 }