Closed c0c0n3 closed 4 years ago
@gboege when you can find the time (it'll take a couple of hours probably), it'd be great if you could:
dev
branch.In particular, if you could please have a look at how AuthZ calls work since I've made a couple of assumptions that could be totally wrong:
scopes
claim so I thought clients would list in there user roles, similar to OAuth "scope" param.Changing any of the above is relatively easily though.
This PR wraps up the R&D prototype, bringing in:
While there's still quite a bit to do before we can call it a solid product, we have a workable Mixer-based architecture (but see #29) we can use for demos & showcases. In fact, we can
header
payload through configurable RSA infrastructure and deny access or forward requests to the target service according to validation outcome.header
mechanism.Also, our mesh comes by default with
So we've got enough leverage to quickly spin up a demo on a box with Minikube or even do it in a K8s cluster for showcases. But here are some limitations to keep in mind: