You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The forward_auth is versatile support supporting taking authZ decisions based on response headers. Some 3rd party systems provide authorization decisions as Json documents instead of HTTP headers.
The cloudfoundry platform as a service, relies on such mechanism, where it exposes an api endpoint /v3/service_instances/:guid/permission to verify whether the current browser session is authenticated and authorized to perform two static actions: read and manage. This endpoint returns a json payload such as
{
"manage": true,
"read": true
}
It would be quite useful if caddy could act as a reverse proxy for web uis that need to only be displayed to authenticated and authorized browser sessions.
The forward_auth is versatile support supporting taking authZ decisions based on response headers. Some 3rd party systems provide authorization decisions as Json documents instead of HTTP headers.
The cloudfoundry platform as a service, relies on such mechanism, where it exposes an api endpoint
/v3/service_instances/:guid/permissionto verify whether the current browser session is authenticated and authorized to perform two static actions: read and manage. This endpoint returns a json payload such as{ "manage": true, "read": true }It would be quite useful if caddy could act as a reverse proxy for web uis that need to only be displayed to authenticated and authorized browser sessions.
See more details in https://docs.cloudfoundry.org/services/dashboard-sso.html#checking-user-permissions
Currently, the forward_auth and reverse_proxy response matchers at https://caddyserver.com/docs/caddyfile/response-matchers include:
It would be useful to have a new
response_body_json_matcherreusing most of the current CEL expression matcher such as{ "expr": "{http.response.body.manage} == true", "name": "has-manage-permission" }The text was updated successfully, but these errors were encountered: