ever-traduora icon indicating copy to clipboard operation
ever-traduora copied to clipboard

Published 20 hours ago verified publisher icon ever-co

Pomerium proxy support

Open Mistic92 opened this issue 3 years ago • 6 comments

Is your feature request related to a problem? Please describe. No clear way to integrate with Pomerium proxy to have beyond corp security

Describe the solution you'd like I'm not sure but maybe it's trivial but right now I don't see way to integrate it to work with Pomerium proxy https://github.com/pomerium/pomerium I see that there is option to use google auth but we are doing this on pomerium step

Mistic92 avatar Dec 03 '20 15:12 Mistic92

When I have made Traduora behind Pomerium proxy all the time I'm getting Your session has expired, please signin to continue. error and can't login.

Mistic92 avatar Dec 08 '20 11:12 Mistic92

Hey,

Do you have more info on the error, and some details on the environment?

It would be great if you could describe how to reproduce the issue.

anthonynsimon avatar Dec 20 '20 19:12 anthonynsimon

To reproduce you'll need to setup Pomerium and Traduora on GCP Cloud Run where Traduora service is not publicly accessible. Main issue is probably because of Auth header used where it's also used for service-to-service authentication in Cloud Run. Pomerium is setting Authentication header to it's own which allow communicate with services hidden behind it but that's also the reason why Traduora is showing error with invalid header.

Mistic92 avatar Dec 21 '20 09:12 Mistic92

Unfortunately, I'm not sure how to go about this. The Authorization: Bearer XXX header is pretty standard for JWT based authentication, and not particular to Traduora.

I think the issue is you're trying to switch the authentication system for the one Promerium has, and this is not supported without implementing a new auth backend that supports the protocols Promerium requires.

anthonynsimon avatar Dec 21 '20 09:12 anthonynsimon

Yep I know. I think I'll fork Traduora and move auth header name to env. Maybe calling it "x-trad-auth" will work. Google is doing similar thing in Dialogflow where they are using Authorization and "x-goog-auth". Unfortunately I have some troubles to build docker image but I'll open new issue for this.

Mistic92 avatar Dec 21 '20 09:12 Mistic92

Alright, let me know how it goes!

On Mon, 21 Dec 2020 at 10:44, Łukasz Byjoś [email protected] wrote:

Yep I know. I think I'll fork Traduora and move auth header name to env. Maybe calling it "x-trad-auth" will work. Google is doing similar thing in Dialogflow where they are using Authorization and "x-goog-auth". Unfortunately I have some troubles to build docker image but I'll open new issue for this.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/traduora/traduora/issues/181#issuecomment-748878377, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADFDEB2A76BGJPJOWX2OXWDSV4KGZANCNFSM4UMFME7A .

anthonynsimon avatar Dec 21 '20 09:12 anthonynsimon