The first attempt was based on Envoy proxy Basic Auth. The problem with that implementation is that it doesn't redirect the user to a login page if they don't have a Authorization header set.
The new implementation should make an attempt at utilizing both envoy's own basic-auth feature and Ext_authz to work.
It should use a custom made ext_authz plugin to redirect the user to a login page (basic auth) if they are missing the Authorization header.
It should then use the built in Envoy basic-auth feature to authenticate the user.
If this method fails, write a ext_authz extension that manages the whole flow (authentication and login).
Tests
Should configure Envoy with basic-auth if EnvoyProxyConfig.AuthConfig.AuthType=basic
The first attempt was based on Envoy proxy Basic Auth. The problem with that implementation is that it doesn't redirect the user to a login page if they don't have a Authorization header set.
The new implementation should make an attempt at utilizing both envoy's own basic-auth feature and Ext_authz to work. It should use a custom made ext_authz plugin to redirect the user to a login page (basic auth) if they are missing the Authorization header. It should then use the built in Envoy basic-auth feature to authenticate the user.
If this method fails, write a ext_authz extension that manages the whole flow (authentication and login).
Tests