authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

Restrict parts of an API based on path

Open anatosun opened this issue 3 years ago • 1 comments

Describe your question/ A clear and concise description of what you're trying to do.

I'd like to restrict parts of an API based on path.

For example, users of group A would not be able to access /api/settings and would get a 403 error, while admins could access any path of the API. Furthermore, group A would not be allowed to perform any POST operation on any path of the api.

Relevant infos i.e. Version of other software you're using, specifics of your setup

I'm using Authentik with ForwardAuth Traefik inside docker.

Additional context

I tried applying restrictions with policy expressions without any luck unfortunately.

Thank's a lot for your support

anatosun avatar Sep 12 '22 13:09 anatosun

Not currently possible with just authentik, however you could work around this by setting a custom header (https://goauthentik.io/docs/providers/proxy/custom_headers), and then checking for its existence/value in traefik

BeryJu avatar Sep 15 '22 10:09 BeryJu