Does anyone use EnvoyProxy for mTLS and OAuth token injection in production?

0
4
Asked By TechyNinja42 On

We have a customer who needs OAuth access tokens to be included in each HTTP request made from our platform to their API Gateway. Additionally, they require mutual TLS (mTLS) on all requests, including the OIDC endpoint, which we've already implemented. We're trying to avoid building a custom HTTP proxy microservice for this. If anyone has Helm examples they could share, that would be great!

3 Answers

Answered By CodeWiz88 On

Isn't this already supported by Envoy? You should be able to use it for injecting the tokens with the right setup.

Answered By DevDude99 On

I know it's not very helpful, but shouldn't developers be managing the tokens directly in their applications? If you're looking to inject them at the network level without using a proxy, an Envoy sidecar can do the trick with the right configuration. If you're using Istio, you’d want to set up an Egress Gateway pointing to their service and use a VirtualService to modify calls to include the token as a header. Just keep in mind that you'll first need a way to fetch the token.

Answered By LuaMaster123 On

I'm actually doing something similar right now. I've got a Lua filter in Envoy that works but it's a bit hacky and needs improvements like caching. If you want, I can share the manifest with you!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.