From e9546b40c8befabda26c1598c124a6ee2a8d2b8f Mon Sep 17 00:00:00 2001 From: mo khan Date: Wed, 28 May 2025 14:26:19 -0600 Subject: refactor: always provide a user in the request context --- etc/envoy/envoy.yaml | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) (limited to 'etc') diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml index ef676fb..a7d20be 100644 --- a/etc/envoy/envoy.yaml +++ b/etc/envoy/envoy.yaml @@ -172,24 +172,23 @@ static_resources: typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: - provider1: + id_token_provider: issuer: https://example.com audiences: - OAUTH_CLIENT_ID claim_to_headers: - claim_name: sub - header_name: x-jwt-claim-sub + header_name: x-id-jwt-claim-sub - claim_name: nickname - header_name: x-jwt-claim-username + header_name: x-id-jwt-claim-username - claim_name: profile - header_name: x-jwt-claim-profile-url + header_name: x-id-jwt-claim-profile-url - claim_name: picture - header_name: x-jwt-claim-picture-url + header_name: x-id-jwt-claim-picture-url forward: true - forward_payload_header: x-jwt-payload + forward_payload_header: x-id-jwt-payload from_cookies: - id_token - - bearer_token issuer: https://example.com remote_jwks: http_uri: @@ -197,21 +196,13 @@ static_resources: cluster: oidc timeout: 5s rules: - - match: - path: /health - - match: - prefix: /sparkles - - match: - prefix: /dashboard/nav - match: safe_regex: regex: .*\\.(css|js|png|html|ico)$ - match: path: / - - match: - path: /dashboard requires: - provider_name: provider1 + provider_name: id_token_provider - name: envoy.filters.http.ext_authz typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz -- cgit v1.2.3