Funky Authorization

[odino]

Hi @kameshsampath -- great work here!

I was wondering how did you manage to make sure that the Authorization header is present to allow the request? I've setup a similar repo but:

• if I use (request.headers["authorization"]|"unauthorized") == "unauthorized" then requests with a valid token get rejected (I suspect because the JWT auth listener removes the Authorization header altogether)
• with request.headers["authorization"] == "unauthorized" requests with no Authorization header go through

Any idea? I think you faced something similar (mentioned here) but it's not clear to me how you solved it.

[kameshsampath]

@odino - which version of Istio ?? I just used this https://github.com/kameshsampath/istio-keycloak-demo/blob/master/cars-api/src/istio/mixer-rule-only-authorized.yaml ( this version seem to be stable for me with Istio 0.5.0) for adding the authorization check ideally this suited for demo purposes from various Istio Security threads I did see that they are refactoring the JWT - not sure something might be broken in new version . Can check and tell.

with request.headers["authorization"] == "unauthorized" requests with no Authorization header go through thats the expected behaviour

CC: @sebastienblanc

[odino]

I'm using 0.5, I see lots going on around the jet stuff but so far it's fairly undocumented so quite hard to work :) your tutorial was a blessing!

On Feb 15, 2018 6:03 PM, "Kamesh Sampath" notifications@github.com wrote:

@odino https://github.com/odino - which version of Istio ?? I just used this https://github.com/kameshsampath/istio-keycloak- demo/blob/master/cars-api/src/istio/mixer-rule-only-authorized.yaml ( this version seem to be stable for me with Istio 0.5.0) for adding the authorization check ideally this suited for demo purposes from various Istio Security threads I did see that they are refactoring the JWT - not sure something might be broken in new version . Can check and tell.

with request.headers["authorization"] == "unauthorized" requests with no Authorization header go through thats the expected behaviour

CC: @sebastienblanc https://github.com/sebastienblanc

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/kameshsampath/istio-keycloak-demo/issues/5#issuecomment-365936023, or mute the thread https://github.com/notifications/unsubscribe-auth/AAUC5BFcK9mkWTioBF3YrGQcghJyM_hOks5tVDk3gaJpZM4SGcUl .