An implementation of Envoy External Authorization, focused on delivering authN/Z solutions for Envoy proxy. Compatible with Kubernetes Ingress classes like Project Contour or Istio.
Some of the features it provides:
-
Transparent login
- Retrieves OAuth2 Access tokens, ID tokens and refresh tokens
- Compatible with any standard OIDC Provider
- Supports PKCE flow (public)
- Logout redirects
-
Session management
- Session tokens and data are cryptographically verifiable.
- Refreshes expired tokens automatically
-
Pre and post authorization policies with Open Policy Agent (OPA) policies.
- Allowing fine grained policy rules per request.
- Post authorization token policies (decode JWT and verify claims).