server {
  listen       80;
  server_name  mydomain.com;

  location ^~ /sso/validate {
    proxy_pass http://vouch:9090/validate;
    proxy_set_header Host $http_host;
    proxy_pass_request_body off;
  }

  location ^~ /api/v1/ {
    auth_request /sso/validate;
    
    # get the claim/s into a local nginx variable
    auth_request_set $sub       $upstream_http_x_vouch_idp_claims_sub;
    auth_request_set $email     $upstream_http_x_vouch_idp_claims_email;
    auth_request_set $verified  $upstream_http_x_vouch_idp_claims_email_verified;

    # forward the claim to the proxied server
    proxy_set_header X-sub              $sub;
    proxy_set_header X-email            $email;
    proxy_set_header X-email-verified   $verified;

    # generic proxy headers
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_redirect off;
    proxy_buffering off;
    proxy_pass http://api./;
  }
}