authenticate requests in Envoy Proxy?

[luca.l...@gmail.com]

Hello list, I am evaluating Envoy Proxy for a potential project and even if I tried to search in the documentation I cannot find out if and how it is possible to handle authentication inside Envoy.

We are still on the whiteboard for the project, but the general idea would be to authenticate requests at the edge using an opaque token and use that to attach JWT tokens to requests going to our inside services. More or less like what is outlined in this blog post. The actual auth and associations would be done in another service and I am trying to figure if Envoy could forward tokens to that services, get a JWT from it and attach the jwt to the request it is proxy'ing. Is it possible at all?

Or maybe if there is any better way to handle this problem with Envoy any suggestion would be appreciated.

Thanks, Luca

[Matt Klein]

There is an official JWT auth filter in progress.

There is also the existing "external auth" gRPC filter. This is being extended to also support REST/HTTP as well by the Ambassador folks.

--
You received this message because you are subscribed to the Google Groups "envoy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-users+unsubscribe@googlegroups.com.
To post to this group, send email to envoy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-users/4ef586ef-ab75-48a4-b4b0-6b93bf02aad2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Matt Klein

Software Engineer

mkl...@lyft.com

https://calendly.com/mattklein123