Skip to content

Latest commit

 

History

History
24 lines (16 loc) · 808 Bytes

README.md

File metadata and controls

24 lines (16 loc) · 808 Bytes

Envoy OIDC Authserver

An implementation of Envoy External Authorization, focused on delivering authN/Z solutions for Envoy proxy. Compatible with Kubernetes Ingress classes like Project Contour or Istio.

Some of the features it provides:

  • Transparent login

    • Retrieves OAuth2 Access tokens, ID tokens and refresh tokens
    • Compatible with any standard OIDC Provider
    • Supports PKCE flow (public)
    • Logout redirects
  • Session management

    • Session tokens and data are cryptographically verifiable.
    • Refreshes expired tokens automatically
  • Pre and post authorization policies with Open Policy Agent (OPA) policies.

    • Allowing fine grained policy rules per request.
    • Post authorization token policies (decode JWT and verify claims).