authorino
authorino copied to clipboard
Kuadrant
K8s-native AuthN/AuthZ service to protect your APIs.
As part of a chain of requests that by definition includes several other systems and services, the authorization service should have support for request tracing. That includes possibility to track...
There's already a placeholder for it at https://github.com/3scale-labs/authorino/blob/2b6a6f8016a5837650506cd125751f8d95ea4197/pkg/config/identity/hmac.go.
#247 delivered the first step of runtime evaluator caching, i.e. in-memory caching. Next step is to make possible for users to extend/move this type of caching to an external storage...
Unlike evaluators' runtime cache, the caching of API key Secrets is virtually unlimited (or limited by the amount of resources available to the process only.) This is not ideal. Instead,...
Authorization policies in Authorino are **binary** in the sense that they evaluate to either GRANTED or DENIED, and **atomic** in the sense that either ALL policies shall grant access or...
Authorino should implement some support for access token revocation. Even with access tokens being checked in the identity verification step, Authorino could save processing and some external I/O by: 1....
**Is your feature request related to some problem you are facing? Please describe that problem here.** :- Want to configure builtin OPA with Authorino in such a way that fetching...
We should refactor the codebase and follow the principles of the Golang language. We can start with using the camelCase instead of the snake_case and find other inconsistencies. Based on...
Authorino implements 3 so-called "strategies" for the 3 first phases of auth pipeline (wristband phase excluded). These strategies are: - _at least one_ of the concurrent evaluators of the phase...
Authorino can already issue OIDC-compliant "Festival Wristband" ID tokens (signed JWTs) at the end of the auth pipeline. As a consequence, this requires as well an HTTP service to expose...