Open cfryanr opened 4 years ago
One possible way to support this would be to look for custom headers on the request which would specify the username/password for a password grant flow or the client_id/client_secret for a client credentials grant flow.
Since requests to the ingress are https, these headers would be encrypted, so it seems fairly safe to put secrets in the headers. Any other security concerns that should be considered?
The built-in Istio Authorization Policy handles the Service-to-service authZ use case. See this example (https://istio.io/docs/tasks/security/authorization/authz-http/) where they configure rule to make sure "only productpage app can talk to details app."
i would like to use this proxy outside of istio ecosystem...
Shubham Shukla: