envoyproxy/envoy

Question about validating two tokens in the headers and ignoring one header if not present.

Open

#34,308 opened on 2024年5月22日

GitHub で見る
 (1 comment) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/jwt_authnhelp wantedquestion

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (平均マージ 8d) (30d で 378 merged PRs)

説明

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Title: validating two tokens in the headers and ignoring one header if not present.

Description: The requirement I have is to accept and additional token header named X-originating-api-authorization, validate it along with the default authorization header using same issuer but ignore the check if X-originating-api-authorization is not present.

I have tried to achieve this by using allow_missing: {} but it doesnt work.

Envoy config as follows: rules: - match: { prefix: "/" } requires: requires_all: requirements: - requires_any: requirements: - provider_name: xyz_auth_pageSize - allow_missing: {} - requires_any: requirements: - provider_name: xyz_auth0 - provider_name: xyz_abc_auth0

please help find a solution [optional Relevant Links:] https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/jwt_authn/v3/config.proto

コントリビューターガイド