Token Authorization to Route

[quasiben]

I'm interested in using a proxy with a token auth scheme. Is it out of scope for configurable-http-proxy to check a token/jwt before routing ?

[minrk]

I think it might be. How would you handle that? A single app-wide token? Or per-route tokens? Checking cookies vs headers, etc.?

It's a bit of a can of worms to start implementing auth in the proxy, since there are so many different ways to do it.

[minrk]

Or were you thinking of token-based routing (i.e. specifying the target based on token)? That's an interesting idea. I'm not sure quite how it would fit.

[quasiben]

Sorry, i took off for a bit. I was thinking about single app-wide tokens. Token generation should be handled by some other auth and be responsible for correctly generating the token/permissioning to a specific route. In this case, configurable-http-proxy simply checks if the JWT is valid or not

[arnaudRenardRomeo]

I'm also interested with this enhancement.

It could be based on a simple cookie, and I can provide to the API, a list of cookies (name/values) allowed to access to the path.
Other solution is to implement Oauth or any other solution, but it's much more complex

[oschuett]

I also think this would be a great feature. It could be implemented like --host-routing. The advantage of cookie based routing would be that all users get the same urls, which would allow sharing them. Right now e.g. it's not possible to readily share mybinder urls.