| title | Envoy External Authorization | |||
|---|---|---|---|---|
| keywords |
|
|||
| description | External authorization with Envoy. |
One way of extending the popular Envoy proxy is by developing an external authorization service.
This example illustrates using fiber and the keyauth middleware as an authorization service for a front
proxy (the configuration could also be used for an L2 / Sidecar proxy). See authz.
It also uses fiber as a sample upstream service, with the following endpoints. See app.
| Name | Rute | Protected | Method |
|---|---|---|---|
| Health | /health | No | GET |
| Resource | /api/resource | Yes | GET |
docker-compose up --build -d
| Name | Command | Status |
|---|---|---|
| Not protected | curl localhost:8000/health -i |
200 |
| Missing API key | curl localhost:8000/api/resource -i |
403 |
| Invalid API key | curl localhost:8000/api/resource -i -H "x-api-key: invalid-key" |
403 |
| Valid API key | curl localhost:8000/api/resource -i -H "x-api-key: valid-key" |
200 |
docker-compose down