Mistic92
commented
3 years ago When I have made Traduora behind Pomerium proxy all the time I'm getting Your session has expired, please signin to continue. error and can't login.
Open Mistic92 opened 3 years ago
Mistic92
commented
3 years ago When I have made Traduora behind Pomerium proxy all the time I'm getting Your session has expired, please signin to continue. error and can't login.
anthonynsimon
commented
3 years ago Hey,
Do you have more info on the error, and some details on the environment?
It would be great if you could describe how to reproduce the issue.
Mistic92
commented
3 years ago To reproduce you'll need to setup Pomerium and Traduora on GCP Cloud Run where Traduora service is not publicly accessible. Main issue is probably because of Auth header used where it's also used for service-to-service authentication in Cloud Run. Pomerium is setting Authentication header to it's own which allow communicate with services hidden behind it but that's also the reason why Traduora is showing error with invalid header.
anthonynsimon
commented
3 years ago Unfortunately, I'm not sure how to go about this. The Authorization: Bearer XXX header is pretty standard for JWT based authentication, and not particular to Traduora.
I think the issue is you're trying to switch the authentication system for the one Promerium has, and this is not supported without implementing a new auth backend that supports the protocols Promerium requires.
Mistic92
commented
3 years ago Yep I know. I think I'll fork Traduora and move auth header name to env. Maybe calling it "x-trad-auth" will work. Google is doing similar thing in Dialogflow where they are using Authorization and "x-goog-auth". Unfortunately I have some troubles to build docker image but I'll open new issue for this.
anthonynsimon
commented
3 years ago Alright, let me know how it goes!
On Mon, 21 Dec 2020 at 10:44, Łukasz Byjoś notifications@github.com wrote:
Yep I know. I think I'll fork Traduora and move auth header name to env. Maybe calling it "x-trad-auth" will work. Google is doing similar thing in Dialogflow where they are using Authorization and "x-goog-auth". Unfortunately I have some troubles to build docker image but I'll open new issue for this.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/traduora/traduora/issues/181#issuecomment-748878377, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADFDEB2A76BGJPJOWX2OXWDSV4KGZANCNFSM4UMFME7A .
Is your feature request related to a problem? Please describe. No clear way to integrate with Pomerium proxy to have beyond corp security
Describe the solution you'd like I'm not sure but maybe it's trivial but right now I don't see way to integrate it to work with Pomerium proxy https://github.com/pomerium/pomerium I see that there is option to use google auth but we are doing this on pomerium step