summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-05-28 14:26:19 -0600
committermo khan <mo@mokhan.ca>2025-05-28 14:26:19 -0600
commite9546b40c8befabda26c1598c124a6ee2a8d2b8f (patch)
treec7b09c0c1c821b516e56b5ac3637dc07dc97d039 /etc
parent1de6a34a55c2e8b7d50945984acb45e7809f6a37 (diff)
refactor: always provide a user in the request context
Diffstat (limited to 'etc')
-rw-r--r--etc/envoy/envoy.yaml23
1 files changed, 7 insertions, 16 deletions
diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml
index ef676fb..a7d20be 100644
--- a/etc/envoy/envoy.yaml
+++ b/etc/envoy/envoy.yaml
@@ -172,24 +172,23 @@ static_resources:
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
providers:
- provider1:
+ id_token_provider:
issuer: https://example.com
audiences:
- OAUTH_CLIENT_ID
claim_to_headers:
- claim_name: sub
- header_name: x-jwt-claim-sub
+ header_name: x-id-jwt-claim-sub
- claim_name: nickname
- header_name: x-jwt-claim-username
+ header_name: x-id-jwt-claim-username
- claim_name: profile
- header_name: x-jwt-claim-profile-url
+ header_name: x-id-jwt-claim-profile-url
- claim_name: picture
- header_name: x-jwt-claim-picture-url
+ header_name: x-id-jwt-claim-picture-url
forward: true
- forward_payload_header: x-jwt-payload
+ forward_payload_header: x-id-jwt-payload
from_cookies:
- id_token
- - bearer_token
issuer: https://example.com
remote_jwks:
http_uri:
@@ -198,20 +197,12 @@ static_resources:
timeout: 5s
rules:
- match:
- path: /health
- - match:
- prefix: /sparkles
- - match:
- prefix: /dashboard/nav
- - match:
safe_regex:
regex: .*\\.(css|js|png|html|ico)$
- match:
path: /
- - match:
- path: /dashboard
requires:
- provider_name: provider1
+ provider_name: id_token_provider
- name: envoy.filters.http.ext_authz
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 23:25:37 +0000