{"id":20410306,"url":"https://github.com/kuadrant/authorino-examples","last_synced_at":"2026-04-19T11:32:08.564Z","repository":{"id":39743261,"uuid":"431031596","full_name":"Kuadrant/authorino-examples","owner":"Kuadrant","description":"Examples and demo resources of https://github.com/kuadrant/authorino","archived":false,"fork":false,"pushed_at":"2025-03-10T16:39:44.000Z","size":3930,"stargazers_count":1,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-13T07:25:18.649Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Kuadrant.png","metadata":{"files":{"readme":"README.md","changelog":"news-api/.dockerignore","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-23T09:08:57.000Z","updated_at":"2025-11-08T03:28:48.000Z","dependencies_parsed_at":"2022-08-28T06:35:11.670Z","dependency_job_id":"c1aabc39-990f-4f14-9acb-4bfe197a5c07","html_url":"https://github.com/Kuadrant/authorino-examples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Kuadrant/authorino-examples","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fauthorino-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fauthorino-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fauthorino-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fauthorino-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Kuadrant","download_url":"https://codeload.github.com/Kuadrant/authorino-examples/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fauthorino-examples/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32005509,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T20:23:30.271Z","status":"online","status_checked_at":"2026-04-19T02:00:07.110Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T05:45:38.869Z","updated_at":"2026-04-19T11:32:08.518Z","avatar_url":"https://github.com/Kuadrant.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# authorino-examples\n\nExamples of Authorino [`AuthConfig`](https://github.com/kuadrant/authorino/blob/docs/architecture.md#the-authorino-authconfig-custom-resource-definition-crd) custom resources, applications and deployment manifests used in demos and tutorials of [Authorino](https://github.com/kuadrant/authorino).\n\nPlease refer to the Authorino [User guides](https://github.com/kuadrant/authorino/blob/main/docs/user-guides.md) for usage instructions related to most of the resources included in this repo.\n\n## Custom apps and deployments\n\nFor each application below, you will usually find a `*-deploy.yaml` file in the corresponding directory of the application. This file contains the required manifests to deploy the application to a Kubernetes cluster.\n\n### Talker API\n\nJust another echo API that responds as JSON whatever attributes it gets in the original HTTP request.\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/kuadrant/authorino-examples:talker-api\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:talker-api\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### News API\n\nThe News Agency API (\"News API\" for short) is a REST API to manage news articles (Create, Read, Delete), with no embedded concept of authentication or authorization. Records are stored in memory (default) or in a Redis database (by supplying a `REDIS_URL` environment variable).\n\nHTTP endpoints available:\n```\nPOST /{category}[/{id}]   Create a news article\nGET /{category}           List news articles\nGET /{category}/{id}      Read a news article\nDELETE /{category}/{id}   Delete a news article\n```\n\nA news article is structured as follows:\n\n```jsonc\n{\n  \"id\": \u003cstring: auto-generated if not provided\u003e,\n  \"title\": \u003cstring\u003e,\n  \"body\": \u003cstring\u003e,\n  \"date\": \u003cstring: ISO 8601\u003e,\n  \"author\": \u003cstring\u003e,\n  \"user_id\": \u003cstring\u003e\n}\n```\n\nIn the requests to `POST /{category}`, `author` and `user_id` can be supplied in either of 2 supported HTTP headers:\n- `X-Ext-Auth-Data`: stringified JSON containing at least the `author` and the `user_id` properties;\n- `X-Ext-Auth-Wristband`: an Authorino [Festival Wrisband](https://github.com/Kuadrant/authorino/blob/main/docs/features.md#festival-wristband-tokens-responsewristband) token whose `name` and `sub` claims map respectively to `author` and the `user_id`.\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/kuadrant/authorino-examples:news-api\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:news-api\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Envoy\n\nKubernetes manifests to deploy Envoy proxy – `ConfigMap`, `Deployment`, `Service` and `Ingress`.\n\nThe `ConfigMap` contains an Envoy configuration to put the [Talker API](#talker-api) (`http://*:8000/ → talker-api:3000`) and the [Talker Web](talker-web) (`http://*:8000/web → http://talker-web:888`) apps behind the reverse-proxy. It also sets up Authorino (`authorino-authorino-authorization:50051`) and [Limitador](#limitador) (`limitador:8081`), respectively, in the external authorization and rate limiting HTTP filters.\n\nThe config is provided in two flavors (kustomize overlays): TLS and no-TLS enabled in the Authorino endpoints (gRPC ext-authz and Wirstband OIDC discovery). When TLS is enabled, the deployment expects the Authorino certificates to be stored in an `authorino-ca-cert` `Secret`.\n\nThe rate limit configuration has `failure_mode_deny: false`, which means that requests will only be rate limited when Limitador is running. If Authorino cannot be reached, on the other hand, requests will be rejected with a `403 Forbidden` response.\n\nThe external authorization filter is disabled for the endpoints of the Talker Web app.\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://hub.docker.com/r/envoyproxy/envoy/tags/?page=1\u0026name=v1.25-latest\"\u003e\u003ccode\u003eenvoyproxy/envoy:v1.25-latest\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Keycloak\n\nA bundle with Kubernetes manifests to deploy a [**Keycloak**](https://www.keycloak.org) server, preloaded with the following realm setup:\u003cbr/\u003e\n- Admin console: http://localhost:8080/admin (admin/p)\n- Preloaded realm: **kuadrant**\n- Preloaded clients:\n  - **demo**: to which API consumers delegate access and therefore the one which access tokens are issued to\n  - **talker-api**: used by Authorino to fetch UMA-protected resource data associated with the Talker API (Client secret: 523b92b6-625d-4e1e-a313-77e7a8ae4e88)\n- Preloaded resources (`talker-api` client):\n  - `/hello`\n  - `/greetings/1` (owned by user jonh)\n  - `/greetings/2` (owned by user jane)\n  - `/goodbye`\n- Preloaded authorization scopes (`talker-api` client):\n  - `get`\n  - `post`\n  - `put`\n  - `delete`\n- Realm roles:\n  - member (default to all users)\n  - admin\n- Preloaded users:\n  - john/p (member)\n  - jane/p (admin)\n  - peter/p (member, email not verified)\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"quay.io/keycloak/keycloak:22.0\"\u003e\u003ccode\u003equay.io/keycloak/keycloak:22.0\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Dex\n\nA bundle with Kubernetes manifests to deploy a [**Dex**](https://dexidp.io) server, preloaded with the following setup:\u003cbr/\u003e\n- Preloaded clients:\u003cbr/\u003e\n  - **demo**: to which API consumers delegate access and therefore the one which access tokens are issued to (Client secret: aaf88e0e-d41d-4325-a068-57c4b0d61d8e)\n- Preloaded users:\u003cbr/\u003e\n  - marta@localhost/password\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/dexidp/dex:v2.26.0\"\u003e\u003ccode\u003equay.io/dexidp/dex:v2.26.0\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### a12n-server\n\nA bundle with Kubernetes manifests to deploy a [**a12n-server**](https://github.com/curveball/a12n-server) server and corresponding MySQL database, preloaded with the following setup:\u003cbr/\u003e\n- Admin console: http://a12n-server:8531 (admin@demo/123456)\n- Preloaded clients:\u003cbr/\u003e\n  - **service-account-1**: to obtain access tokens via `client_credentials` OAuth2 grant type, to consume the Talker API (Client secret: DbgXROi3uhWYCxNUq_U1ZXjGfLHOIM8X3C2bJLpeEdE); includes metadata privilege: `{ \"talker-api\": [\"read\"] }` that can be used to write authorization policies\n  - **talker-api**: to authenticate to the token introspect endpoint (Client secret: V6g-2Eq2ALB1_WHAswzoeZofJ_e86RI4tdjClDDDb4g)\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImages:\u003c/th\u003e\n      \u003ctd\u003e\n        \u003ca href=\"https://quay.io/kuadrant/authorino-examples:a12n-server\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:a12n-server\u003c/code\u003e\u003c/a\u003e\u003cbr/\u003e\n        \u003ca href=\"https://quay.io/kuadrant/authorino-examples:a12n-server-mysql\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:a12n-server-mysql\u003c/code\u003e\u003c/a\u003e\n      \u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Talker Web\n\nNode.js Single Page Application (SPA) that consumes resources of the [Talker API](#talker-api) from a web browser.\n\nURL behind Envoy: http://talker-api.127.0.0.1.nip.io:8000/web\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/kuadrant/authorino-examples:talker-web\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:talker-web\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Matrix Quotes\n\nNode.js web application that gathers quotes from characters of the film _The Matrix_ (1999).\n\nIf you haven't watched The Matrix yet, stop what you are doing, go watch it now, and then come back 🙂\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/kuadrant/authorino-examples:matrix-quotes\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:matrix-quotes\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### API consumer\n\nSimple script that curls a given endpoint in a loop, every X seconds. It only sends `GET` requests.\n\nArguments:\n- `--endpoint`: the endpoint to send requests to;\n- `--token`: the value of the authentication token;\n- `--token-path`: path to an authentication token file monted in the file system;\n- `--credentials-in`: where the authentication token must fly in the request (options: `authorization_header`, `custom_header`, `cookie`, `query`; default: `authorization_header`);\n- `--credentials-key`: additional value to `--credentials-in` – the authorization header prefix, name of custom header, cookie id or query string parameter (default: `Bearer`);\n- `--interval`: interval (in seconds) between requests.\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/kuadrant/authorino-examples:api-consumer\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:api-consumer\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### IP Location\n\nSimple service to resolve an IPv4 address into geo location info.\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/kuadrant/authorino-examples:ip-location\"\u003e\u003ccode\u003equay.io/kuadrant/authorino-examples:ip-location\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Limitador\n\nKubernetes manifests to deploy [**Limitador**](https://github.com/kuadrant/limitador), pre-configured in the [reverse-proxy](#envoy) to rate-limit the [Talker API](#talker-api) app to 5 hits per minute per `user_id`.\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImage:\u003c/th\u003e\n      \u003ctd\u003e\u003ca href=\"https://quay.io/3scale/limitador:latest\"\u003e\u003ccode\u003equay.io/3scale/limitador:latest\u003c/code\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### Tracing (OpenTelemetry and Jaeger)\n\nKubernetes manifests to deploy [Jaeger](https://www.jaegertracing.io/) and [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) (with the Jaeger exporter configured).\n\n\u003ctable\u003e\n \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003cth\u003eImages:\u003c/th\u003e\n      \u003ctd\u003e\n        \u003ca href=\"https://hub.docker.com/r/jaegertracing/all-in-one/tags/?page=1\u0026name=1.22\"\u003e\u003ccode\u003ejaegertracing/all-in-one:1.22\u003c/code\u003e\u003c/a\u003e\u003cbr/\u003e\n        \u003ca href=\"https://hub.docker.com/r/otel/opentelemetry-collector/tags/?page=1\u0026name=0.74.0\"\u003e\u003ccode\u003eotel/opentelemetry-collector:0.74.0\u003c/code\u003e\u003c/a\u003e\n        \u003ca href=\"https://hub.docker.com/r/otel/opentelemetry-collector-contrib/tags/?page=1\u0026name=0.74.0\"\u003e\u003ccode\u003eotel/opentelemetry-collector-contrib:0.74.0\u003c/code\u003e\u003c/a\u003e\n      \u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuadrant%2Fauthorino-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkuadrant%2Fauthorino-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuadrant%2Fauthorino-examples/lists"}