Envoy OIDC Authserver

An implementation of Envoy External Authorization, focused on delivering authN/Z solutions for Envoy proxy. Compatible with Kubernetes Ingress classes like Project Contour or Istio.

Some of the features it provides:

Transparent login
- Retrieves OAuth2 Access tokens, ID tokens and refresh tokens
- Compatible with any standard OIDC Provider
- Supports PKCE flow (public)
- Logout redirects
Session management
- Session tokens and data are cryptographically verifiable.
- Refreshes expired tokens automatically
Pre and post authorization policies with Open Policy Agent (OPA) policies.
- Allowing fine grained policy rules per request.
- Post authorization token policies (decode JWT and verify claims).

Name		Name	Last commit message	Last commit date
Latest commit History 108 Commits
.github		.github
authz		authz
logging		logging
oidc		oidc
policy		policy
proto		proto
run		run
server		server
session		session
store		store
telemetry		telemetry
.envrc		.envrc
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
.ko.yaml		.ko.yaml
LICENSE		LICENSE
README.md		README.md
Taskfile.yml		Taskfile.yml
buf.gen.yaml		buf.gen.yaml
buf.work.yaml		buf.work.yaml
compose.yaml		compose.yaml
flake.lock		flake.lock
flake.nix		flake.nix
go.mod		go.mod
go.sum		go.sum
main.go		main.go

License

shelmangroup/envoy-oidc-authserver

Folders and files

Latest commit

History

Repository files navigation

Envoy OIDC Authserver

About

Topics

Resources

License

Stars

Watchers

Forks

Languages