Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support BasicAuth and KeyAuth based authentication #1660

Closed
saltbo opened this issue Jul 14, 2023 · 9 comments
Closed

Support BasicAuth and KeyAuth based authentication #1660

saltbo opened this issue Jul 14, 2023 · 9 comments
Labels
area/policy help wanted Extra attention is needed kind/enhancement New feature or request
Milestone
Backlog

Comments

@saltbo
Copy link

saltbo commented Jul 14, 2023
edited
Loading

Description:

Support BasicAuth and KeyAuth based authentication

[optional Relevant Links:]

envoyproxy/envoy#15365
@saltbo saltbo added the kind/enhancement New feature or request label Jul 14, 2023
@github-actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

@github-actions github-actions bot added stale and removed stale labels Aug 17, 2023
@arkodg
Copy link
Contributor

arkodg commented Sep 21, 2023

thinking out loud

and something similar could be done for API Key as well

@arkodg arkodg added this to the Backlog milestone Sep 21, 2023
@zhaohuabing
Copy link
Member

@arkodg AFAIK, Envoy doesn't have built-in BasicAuth or API key support. But it may be accomplished by extensions such as lua, wasm, or External Authorization.

@zhaohuabing
Copy link
Member

Basic Auth has been merged into Envoy. envoyproxy/envoy#30079. I plan to add it to the SecurityPolicy in the next release.

@arkodg arkodg added the help wanted Extra attention is needed label Nov 10, 2023
@zhaohuabing zhaohuabing mentioned this issue Nov 16, 2023
Merged
@arkodg
Copy link
Contributor

arkodg commented Nov 16, 2023

@zhaohuabing can we reuse the same Envoy Filter for API key auth ?

@zhaohuabing
Copy link
Member

zhaohuabing commented Nov 16, 2023
edited
Loading

@zhaohuabing can we reuse the same Envoy Filter for API key auth ?

The problem is, unlike HTTP Basic Auth, API key auth is much more flexible, the key can be in the header, path, or even body. I think we will need a dedicated envoy filter in Envoy if we want to support API key auth, we can follow the open API specs: https://swagger.io/docs/specification/authentication/api-keys/#:~:text=API%20keys%20are%20supposed%20to,mechanisms%20such%20as%20HTTPS%2FSSL.

@arkodg
Copy link
Contributor

arkodg commented Nov 16, 2023

yeah nice, it would look a lot like from_headers in https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/jwt_authn/v3/config.proto#extensions-filters-http-jwt-authn-v3-jwtprovider

@zhaohuabing zhaohuabing mentioned this issue Nov 20, 2023
Merged
This was referenced Nov 28, 2023
Merged
Closed
@saltbo saltbo closed this as completed Dec 9, 2023
@zhaohuabing
Copy link
Member

Key auth is not supported yet. We can open another issue to track it.

1 similar comment
@zhaohuabing
Copy link
Member

Key auth is not supported yet. We can open another issue to track it.

@saltbo saltbo reopened this Dec 9, 2023
@arkodg arkodg mentioned this issue Feb 16, 2024
Closed
@arkodg arkodg closed this as completed Feb 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/policy help wanted Extra attention is needed kind/enhancement New feature or request
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@zhaohuabing @arkodg @saltbo