https://github.com/shelmangroup/envoy-oidc-authserver

An implementation of Envoy External Authorization
https://github.com/shelmangroup/envoy-oidc-authserver

authentication envoy ext-authz k8s oidc open-policy-agent

Last synced: 14 days ago
JSON representation

An implementation of Envoy External Authorization

• Host: GitHub
• URL: https://github.com/shelmangroup/envoy-oidc-authserver
• Owner: shelmangroup
• License: apache-2.0
• Created: 2024-01-04T17:20:15.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-04-09T21:23:54.000Z (about 1 year ago)
• Last Synced: 2024-04-10T07:35:42.752Z (about 1 year ago)
• Topics: authentication, envoy, ext-authz, k8s, oidc, open-policy-agent
• Language: Go
• Homepage:
• Size: 140 KB
• Stars: 5
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Envoy OIDC Authserver

An implementation of Envoy External Authorization, focused on delivering

authN/Z solutions for Envoy proxy. Compatible with Kubernetes Ingress

classes like [Project Contour](https://projectcontour.io/) or [Istio](https://istio.io).

Some of the features it provides:

- Transparent login

  - Retrieves OAuth2 Access tokens, ID tokens and refresh tokens

  - Compatible with any standard OIDC Provider

  - Supports PKCE flow (public)

  - Logout redirects

- Session management

  - Session tokens and data are cryptographically verifiable.

  - Refreshes expired tokens automatically

- Pre and post authorization policies with Open Policy Agent (OPA) policies.

  - Allowing fine grained policy rules per request.

  - Post authorization token policies (decode JWT and verify claims).