authservice

module
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2024 License: Apache-2.0

README

authservice

CI

An implementation of Envoy External Authorization, focused on delivering authN/Z solutions for Istio and Kubernetes.

Introduction

authservice helps delegate the OIDC Authorization Code Grant Flow to the Istio mesh. authservice is compatible with any standard OIDC Provider as well as other Istio End-user Auth features, including Authentication Policy and RBAC. Together, they allow developers to protect their APIs and web apps without any application code required.

Some of the features it provides:

  • Transparent login and logout
    • Retrieves OAuth2 Access tokens, ID tokens, and refresh tokens
  • Fine-grained control over which url paths are protected
  • Session management
    • Configuration of session lifetime and idle timeouts
    • Refreshes expired tokens automatically
  • Compatible with any standard OIDC Provider
  • Supports multiple OIDC Providers for same application
  • Trusts custom CA certs when talking to OIDC Providers
  • Works either at the sidecar or gateway level

How does authservice work?

This flowchart explains how authservice makes decisions at different points in the login lifecycle.

Contributing

Contributions are very welcome! Please read the Contributing guidelines to get started.

Detailed development instructions can be found in the Development guide.

Directories

Path Synopsis
config
k8s

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL