HTTPTask Authorization header from inbound REST call

We have an Angular Single Page Application making REST calls to a SpringBoot based Flowable engine. We are using oAuth2 with a JWT in the Authorization HTTP header to call the engine from the front-end. This was relatively easy thanks to the forum posts by @Robinyo (thank you). The only piece that was missing for me, was a custom AuthenticationContext, which was needed because the default SpringSecurityAuthenticationContext returns the name from the Authentication, which seems to be the name of the token, not the value of the ‘id’ claim in the token principal. That’s okay, because the JWT that we get back from Auth0 is pretty custom in it’s claims. As a result, the userID from the JWT is automatically assigned as the ‘startUserId’ of the case / process (and the equivalent IdentityLink).
So, now to the question: In the process that we start, we have a HTTPTask to send a request to another internal REST service, and we would like to reuse the Authorization header of the inbound REST request for the outbound REST request from our HTTPTask. In an ideal world, we should probably behave like an oAuth2 client and get another JWT from our authentication server to use in the outgoing HTTP request. However, it would be nice (and simple) if we could simply pull the existing Authorization header from the current Authentication context and add it to the outgoing request.
I’m thinking that there should be a convenient extension point for adding the header, just looking to see if anyone can give me a pointer in the correct direction before I experiment with extending HttpActivityBehaviorImpl, HttpActivityExecutor or HttpClientBuilder

Currently, the only way I can see is by providing a custom httpActivityExecutor (see, that would do that (but it’s quite low-level).

Hi, I am having a similar requirement. A logged in user has a user task (and a jsessionID in the request header) that I would like to forward to the Http Task. I have created a HttpActivityCustomBehaviourImpl where I managed to set a header container the security token. But I seem to struggle with getting request header from the inbound user task. Is there any way to access these inbound request headers from the HttpActivityCustomBehaviourImpl class?