heimdall icon indicating copy to clipboard operation
heimdall copied to clipboard
verified publisher icon dadrus

Support for k8s TokenReview API

Open dadrus opened this issue 2 years ago • 0 comments

Preflight checklist

  • [X] I agree to follow this project's Code of Conduct.
  • [X] I have read and am following this repository's Contribution Guidelines."
  • [ ] I have discussed this feature request with the community.

Describe the background of your feature request

To allow the usage of k8s built-in authorization resources, there is a need to verify the ServiceAccount token preented in the corresponding request.

Describe your idea

Even that is possible by making use of the JWT authenticator, it would be much more convenient if there would be an authenticator, which would make use of the k8s TokenRequest API.

Are there any workarounds or alternatives?

As written above, one could theoretically use the available JWT authenticator for this purpose. It would however require a pretty complex configuration.

Version

1.13.0-alpha

Additional Context

This FR can be considered as a prerequisite for #1180

dadrus avatar Feb 08 '24 09:02 dadrus