Open fapo85 opened 2 months ago
sighphyre
commented
1 month ago This is a pretty interesting request. I don't see a way this is possible right now because of the way Unleash works with SDKs. In theory, Edge is a proxy with some interesting details between an SDK and Unleash itself. How do you see this working if we take Edge out of the equation?
fapo85
commented
1 month ago We currently have our own proxy, written in typescript.
For authentication towards unleash we simply add a header injector by passing a customHeadersFunction.
We also have java services which talk directly to unleash, there is also the function to pass a customHttpHeadersProvider.
so at least in the nodejs and java sdk there is this possibility.
I'm not familiar enough with rust, but I think there will also be a corresponding option or it could simply be added.
If this function does not exist in the rust sdk, I think it would definitely be a corresponding added value, otherwise the sdk's for the other languages would not have this possibility.
and then the corresponding functions must be passed to the outside world via a plugin interface.
sighphyre
commented
1 month ago @fapo85 This is honestly a lot bigger than it sounds. Edge's auth later is pretty involved around the way it resolves tokens and uses those to hydrate it's data internally. It doesn't actually use the Rust SDK directly to do that.
I don't think this is a trivial thing to do, I've pulled it onto our backlog, we'll have to take a look in a future quarter
fapo85
commented
1 month ago super, thanks
Describe the feature request
We would like to use Unleash Edge in a zero trust environment. There, jwt is issued by the api token which must be validated accordingly. It would make sense for us to create a corresponding custom authentication function and configure it accordingly in Unleash Edge. A plugin interface would be suitable for this.
it must also be possible to add a corresponding header to requests in the upstream direction.
Background
No response
Solution suggestions
It might also make sense to use the plugin interface for custom decision scenarios. But I'm sure you can decide that better.