Closed abinet closed 2 years ago
Hi @abinet , thanks a lot. I agree with this proposal, the functionality makes a lot of sense. We also thought about it already, but we currently use a side car for this functionality internally and it was not a main priority to replace it with internal logic, but clearly, that would make the setup way simpler for everybody.
https://github.com/zalando/skipper/issues/1752 might be related
I added some comments. Mainly:
In current project we are using skipper to cover authorization part for applications running on AKS. OpenID flow works fine, but because Azure AD does not provide token introspection endpoint, we are not able to validate tokens in service-2-service use case. To cover this gap we implemented a new filter jwtValidation. This filter extracts Authorization Bearer token, validates using public keys of Authorization server and stores info into same map as oauthOidcUserInfo does. So we can use oidcClaimsQuery for filtering based on claims extracted from the token.
Filter parameters are:
Here is the example of usage:
It would be great to review filter functionality with skipper team and contribute back.