quilkin icon indicating copy to clipboard operation
quilkin copied to clipboard

Published 20 hours ago verified publisher icon googleforgames

Authentication

Open luna-duclos opened this issue 4 years ago • 1 comments

We should talk about authentication and figure out if we want to deal with auth at all, and if so, what we want to do.

This is auth as in, doing stuff like receiving a JWT token on initial connection

think: similar to how a streaming grpc call might have auth metadata as its initiated, which can then be validated

luna-duclos avatar Nov 25 '20 16:11 luna-duclos

An example of how istio does this, for reference:

apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: foobar
spec:
  jwtRules:
    - issuer: https://embark-studios.eu.auth0.com/
      jwksUri: https://embark-studios.eu.auth0.com/.well-known/jwks.json
      audiences:
        - https://launcher.embark.net
    - issuer: https://auth.embark.net/
      jwksUri: https://auth.embark.net/.well-known/jwks.json
      audiences:
        - https://launcher.embark.net
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: foobar
spec:
  rules:
    - from:
        - source:
            requestPrincipals: ["*"]
    - to:
        - operation:
            paths: ["/healthz"]

luna-duclos avatar Nov 25 '20 16:11 luna-duclos