External Auth challenges

[ghost]

Started playing with this feature since is an open requirement and found couple of things that are not working out quite well for me, let me list them out below

This is my scenario:

• test-api has 3 methods: GET users, GET users?:id, and POST users
• my extauth is /auth endpoint accept only POST

Issues

• When I tried GET /users, it tries to authorize at GET /auth/users (not found)
• When I tried POST /users, it tries to authorize at POST /auth/users (not found)
• Also when I tried an undefined mapping like GET /, it tries to hit the authentication service GET /auth (not found)

Questions:

• Can I just specify this is my auth endpoint and don't attach the mapping?
• Do just a POST to the extauth, don't carry out the mapping method?
• Can I add some body/header to the extauth call?
• is it possible to specify which mapping will need auth, and have some others run free of auth?

Here's my config:

apiVersion: ambassador/v0
kind: Mapping
name: users_mapping
prefix: /users/
method: GET
rewrite: /users/
service: test-api:3000

apiVersion: ambassador/v0
kind: Module
name: authentication
config:
auth_service: "test-api:3000"
path_prefix: "/auth"
allowed_headers:

• "authorization"
• "x-qotm-session"

Thanks,
Roilan

[richarddli]

Are you using Ambassador, or are you using the Envoy with the ext-auth filter? It looks like you're using Ambassador in which case the right repository is https://github.com/datawire/ambassador/. Have you followed the tutorial at https://www.getambassador.io/user-guide/auth-tutorial?