GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dgn → oidc-filter

dgn / oidc-filter

Licence: Apache-2.0 license
A WASM plugin for Envoy supporting the Open ID Connect Authorization Flow, extending Istio's JWT functionality

Programming Languages

rust
11053 projects
Makefile
30231 projects
Dockerfile
14818 projects

Labels

jwtwasmopenid-connectenvoyistiooidc-filter

Projects that are alternatives of or similar to oidc-filter

External Auth Server
easy auth for reverse proxies
Stars: ✭ 189 (+372.5%)
Mutual labels:  openid-connect, envoy, istio
Microservices Traffic Management Using Istio
Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. In this code we show how we can enable your microservices with advanced traffic management, routing and tracing capabilities leveraging Istio
Stars: ✭ 257 (+542.5%)
Mutual labels:  envoy, istio
Meshery
Meshery, the service mesh management plane
Stars: ✭ 608 (+1420%)
Mutual labels:  envoy, istio
apiclarity
Reconstruct Open API Specifications from real-time workload traffic seamlessly.
Stars: ✭ 290 (+625%)
Mutual labels:  envoy, istio
Microservices On Cloud Kubernetes
Microservices demo application on cloud-hosted Kubernetes cluster
Stars: ✭ 213 (+432.5%)
Mutual labels:  envoy, istio
Learn Istio
⛵️ Istio resources 🕸
Stars: ✭ 1,025 (+2462.5%)
Mutual labels:  envoy, istio
Istio Tutorial
Istio Tutorial for https://dn.dev/master
Stars: ✭ 1,025 (+2462.5%)
Mutual labels:  envoy, istio
Layer5
Layer5, the service mesh company, representing every service mesh
Stars: ✭ 137 (+242.5%)
Mutual labels:  envoy, istio
kubernetes workshop
Kubernetes is an open source Container Orchestration System for automatic deployment, scaling, and management of Containerized application. Kubernetes gives you the freedom to take advantage of on-premise, hybrid or public cloud infrastructure. Kubernetes helps you to scale both horizontally and vertically depends on the load.
Stars: ✭ 27 (-32.5%)
Mutual labels:  envoy, istio
engarde
Parse default envoy (and istio-proxy) access logs like a champ with engarde and jq
Stars: ✭ 82 (+105%)
Mutual labels:  envoy, istio
meshery
Meshery, the cloud native manager
Stars: ✭ 1,587 (+3867.5%)
Mutual labels:  envoy, istio
istio
istio offical suppport for arm64 will land since v1.15
Stars: ✭ 168 (+320%)
Mutual labels:  istio
gitops-app-distribution
GitOps workflow for managing app delivery on multiple clusters
Stars: ✭ 22 (-45%)
Mutual labels:  istio
consul2istio
Connect Consul registry to Istio Service Mesh.
Stars: ✭ 27 (-32.5%)
Mutual labels:  istio
Envoy-Pilot
Envoy xDS Server with Consul
Stars: ✭ 72 (+80%)
Mutual labels:  envoy
logto
🧑‍🚀 Logto helps you build the sign-in, auth, and user identity within minutes. We provide an OIDC-based identity service and the end-user experience with username, phone number, email, and social sign-in, with extendable multi-language support.
Stars: ✭ 3,421 (+8452.5%)
Mutual labels:  openid-connect
kourier
Kourier is a Knative Serving Ingress. It has been adopted by Knative, and we keep developing it at: github.com/knative/net-kourier
Stars: ✭ 47 (+17.5%)
Mutual labels:  envoy
istio-mastery
(outdated) Source code for the article Back to Microservices with Istio
Stars: ✭ 89 (+122.5%)
Mutual labels:  istio
gke-istio-gce-demo
In this project, you will leverage Kubernetes Engine and Google Compute Engine to explore how Istio can manage services that reside outside of the Kubernetes Engine environment. You will deploy a typical Istio service mesh in Kubernetes Engine, then configure an externally deployed microservice to join the mesh.
Stars: ✭ 53 (+32.5%)
Mutual labels:  istio
learn-layer5
A sample application for learning how to service mesh and for validating SMI conformance
Stars: ✭ 43 (+7.5%)
Mutual labels:  istio
View All Similar Projects ➔

oidc-filter

oidc-filter is a Wasm plugin for Envoy/Istio that will redirect users to a given authentication URI if they do not present a JWT token.

Features

  • Automatically redirect users with no active session to an OpenID Connect Authorization Server for authorization
  • Stores JWT in cookie and transparently writes it to Authorization header for every request

How do I use this thing?

Check out the examples/ directory.

Limitations

  • oidc-filter doesn't verify the JWTs yet (but Istio does that)
  • If the token has expired, AJAX calls with methods other than GET will fail on first attempt (but then succeed afterwards)
  • Not using state or nonce yet (so susceptible to replay attacks)

Development

  • Running make in the root of the repository will build plugin.wasm
  • Running make image will build a container image compatible with OpenShift Service Mesh 2.0+ and Istio 1.12+
  • See the examples/ directory for how to test your changes

TODO

  • Add option to replay POST requests after redirects (so that redirected AJAX calls don't fail)
    • Not sure if that's good behaviour
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].