[Envoy Proxy] API Key Auth for Backwards Compatibility with Portal

[commoddity]

Objective

Add simple (static) string API Key Auth to Envoy to allow the use of PATH by existing Portal users.

Origin Document

The Envoy Proxy feature as it currently exists[1][2] uses JWT token authorization from an external auth provider (Auth0).

This has some tradeoffs:

• Improvement: PATH is more secure than portal-middleware because we have refreshable JWTs.
• Tradeoff: portal-middleware uses simple basic static API keys and this solution is not backwards compatible.

References:

• [1] #47
• [2] #52

Goals

• Enable backward compatibility during the migration from portal-middleware to PATH
• Enable two forms of authentication for development & production w/ speed & security tradeoffs

Deliverables

• [ ] Update the envoy/auth_server package to handle authorizing requests using the existing static secret key stored in the Portal database (if the Portal App is set to require it).
• [ ] Enable ☝️ to be configurable via an ENV variable.
• [ ] Allow PATH's EnvoyGo External Authorization Server` to authorize requests using the static API key about
• [ ] Introduce documentation & configuration to specify if PATH should be deployed via JWT or or static API key

---

Creator: @commoddity Co-Owners: @Olshansk @adshmh @fredteumer

[Olshansk]

@commoddity I updated the github issue deliverables & goals. PTAL when you can.

CC @adshmh for context