{"id":16690332,"url":"https://github.com/mrsaints/forward-ext-authz-service","last_synced_at":"2025-05-15T12:31:22.513Z","repository":{"id":152406189,"uuid":"322731176","full_name":"MrSaints/forward-ext-authz-service","owner":"MrSaints","description":"A forward authentication / authorisation (authN) implementation of Envoy External Authorization (ext_authz), built with Contour, and Pomerium in mind.","archived":false,"fork":false,"pushed_at":"2020-12-19T01:13:03.000Z","size":21,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-28T09:08:04.633Z","etag":null,"topics":["authentication","authorization","cloud-native","contour","envoy","ext-authz","forward-auth","ingress","kubernetes","oauth2","oidc","pomerium","proxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MrSaints.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-19T00:01:49.000Z","updated_at":"2024-03-26T13:00:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"feb7b3f0-d0e6-4599-be7a-f0eff292f50e","html_url":"https://github.com/MrSaints/forward-ext-authz-service","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrSaints%2Fforward-ext-authz-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrSaints%2Fforward-ext-authz-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrSaints%2Fforward-ext-authz-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrSaints%2Fforward-ext-authz-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MrSaints","download_url":"https://codeload.github.com/MrSaints/forward-ext-authz-service/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254341088,"owners_count":22054982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","cloud-native","contour","envoy","ext-authz","forward-auth","ingress","kubernetes","oauth2","oidc","pomerium","proxy"],"created_at":"2024-10-12T15:51:09.964Z","updated_at":"2025-05-15T12:31:22.498Z","avatar_url":"https://github.com/MrSaints.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# forward-ext-authz-service\n\nA forward authentication / authorisation (authN) implementation of [Envoy](https://www.envoyproxy.io/) [External Authorization (ext_authz)](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter), built with [Contour](https://projectcontour.io/), and [Pomerium](https://www.pomerium.com/) in mind.\n\n_This is still under development. It works, but use at your own risk._\n\n---\n\n**Why do I need this?**\n\n1. You are using an ingress controller\n2. You want to delegate authN to an external Identity and Access Management (IAM) solution (e.g. Keycloak, OAuth2 Proxy, Pomerium), and have it handle the entire authN flow (with redirects)\n3. The ingress controller does not directly support OAuth2, OpenID Connect (OIDC) OR any other integration with an external IAM solution you want to use (e.g. it may not implement `ext_authz`)\n4. The external IAM solution you want to use supports forward authN\n\nIf the answer is \"yes\" to all the above, this is where `forward-ext-authz-service` comes in.\n\nIt bridges the gap between an ingress controller which _only supports_ `ext_authz`, and an external IAM solution that does not support `ext_authz`, but does support forward authN. Specifically, it was built with Contour, and Pomerium in mind.\n\nEven if your ingress controller does support other non-Envoy authN options, you may want to consider using this as an alternative solution so that you can leverage the often simpler `ext_authz` integration instead.\n\n\n## TODO\n\n- [ ] Publish Docker image\n- [ ] Create sample Kubernetes manifests\n- [ ] Expand docs with diagram of authN flow\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrsaints%2Fforward-ext-authz-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrsaints%2Fforward-ext-authz-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrsaints%2Fforward-ext-authz-service/lists"}