We have a customer who needs OAuth access tokens to be included in each HTTP request made from our platform to their API Gateway. Additionally, they require mutual TLS (mTLS) on all requests, including the OIDC endpoint, which we've already implemented. We're trying to avoid building a custom HTTP proxy microservice for this. If anyone has Helm examples they could share, that would be great!
3 Answers
Isn't this already supported by Envoy? You should be able to use it for injecting the tokens with the right setup.
I know it's not very helpful, but shouldn't developers be managing the tokens directly in their applications? If you're looking to inject them at the network level without using a proxy, an Envoy sidecar can do the trick with the right configuration. If you're using Istio, you’d want to set up an Egress Gateway pointing to their service and use a VirtualService to modify calls to include the token as a header. Just keep in mind that you'll first need a way to fetch the token.
I'm actually doing something similar right now. I've got a Lua filter in Envoy that works but it's a bit hacky and needs improvements like caching. If you want, I can share the manifest with you!
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically