Allow definition of protected paths using cookie encoded JWT
Implement oauth flow for specified paths and claims and return a JWT token encoded in an Http only cookie in case of successful login, so login is not requested anymore and client javascript has no access to the JWT.
Compute@Edge OAuth application starter kit
List of dex available claims
oauth:
id: blog
secret: xxxx
issuer: https://login.itsufficient.me
# support openid discovery configuration
authorization_endpoint: https://login.itsufficient.me/auth
token_endpoint: https://login.itsufficient.me/token
scopes:
- openid
- email
- groups
paths:
# absolute path prefixes
/doc/:
# claims per path
name: eric
This could also be implemented at the envoy level or contour level (JWT Verification)
Edited by Éric BURGHARD