Custom parameters in the body of HTTP external metadata POST requests

[guicassolato]

Adds parameters and contentType options to spec.metadata.http

parameters is a list of static and dynamic values (fetched from the authroization JSON) to be encoded in the body of HTTP requests whenever using POST method.

contentType drives the encoding of parameters. Accepted values are: application/x-www-form-urlencoded (default) and application/json.

Example of auth config with 3 HTTP external metadata requests using GET and POST methods and different request Content-Type options:

metadata:
  - name: echo-api-get
    http:
      endpoint: http://talker-api.authorino.svc.cluster.local:3000/metadata?encoding=text/plain&original_path={context.request.http.path}
      method: GET
      sharedSecretRef:
        name: talker-api-protection-secret
        key: echo-metadata-shared-auth
      credentials:
        in: authorization_header
        keySelector: Bearer
  - name: echo-api-post-form
    http:
      endpoint: http://talker-api.authorino.svc.cluster.local:3000/metadata?encoding=form-data
      method: POST
      bodyParameters:
        - name: original_path
          valueFrom:
            authJSON: context.request.http.path
        - name: fixed_value
          value: foo
  - name: echo-api-post-json
    http:
      endpoint: http://talker-api.authorino.svc.cluster.local:3000/metadata?encoding=json
      method: POST
      contentType: application/json
      bodyParameters:
        - name: original_path
          valueFrom:
            authJSON: context.request.http.path
        - name: my_str
          value: foo
        - name: my_num
          value: 123
        - name: my_bool
          value: true
        - name: my_arr
          value: ["a", "b", "c"]
        - name: my_obj
          value:
            a_prop: "a value"

The config above will cause the 3 HTTP requests below, sent by Authorino to the http://talker-api.authorino.svc.cluster.local:3000, within the scope of the ext-auth workload trigered by the following request:

curl -H 'Host: talker-api' -H 'Authorization: APIKEY <redacted>' -X POST -d 'foo=bar' -d 'blah=bleh' "http://talker-api-behind-envoy/hello?format=form-data"

Metadata HTTP request echo-api-get:

GET /metadata?encoding=text/plain&original_path=/hello?format=form-data HTTP/1.1
Content-Type: text/plain
Host: talker-api.authorino.svc.cluster.local:3000
User-Agent: Go-http-client/1.1
Authorization: Bearer 7f6fcf4961b979cd703e6c396d1378e282b109991344a97c2ad4d785eece3d54
Accept-Encoding: gzip
Version: HTTP/1.1
(…other request headers omitted)

Metadata HTTP request echo-api-post-form:

POST /metadata?encoding=form-data HTTP/1.1
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
Host: talker-api.authorino.svc.cluster.local:3000
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
Version: HTTP/1.1
(…other request headers omitted)

fixed_value=foo&original_path=%2Fhello%3Fformat%3Dform-data

Metadata HTTP request echo-api-post-json:

POST /metadata?encoding=json HTTP/1.1
Content-Length: 139
Content-Type: application/json
Host: talker-api.authorino.svc.cluster.local:3000
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
Version: HTTP/1.1
(…other request headers omitted)

{"my_arr":["a","b","c"],"my_bool":true,"my_num":123,"my_obj":{"a_prop":"a value"},"my_str":"foo","original_path":"/hello?format=form-data"}

---

Closes #151

[miguelsorianod]

The approach looks good to me 👍
If I understand correctly, using a POST to interact with an API that uses XML would not be possible right? it is limited to url form and json

[guicassolato]

If I understand correctly, using a POST to interact with an API that uses XML would not be possible right? it is limited to url form and json

Correct, @miguelsorianod. But adding support for other formats to encode the payload in the future shouldn't be hard. Let's move on with this change the way it is now and whoever needs other format can open a issue. XML would be a particularly easy one to fix.

Thanks!

[miguelsorianod]

👍