Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin interface for own authentication #459

Open
fapo85 opened this issue May 8, 2024 · 4 comments
Open

Plugin interface for own authentication #459

fapo85 opened this issue May 8, 2024 · 4 comments
Labels
enhancement New feature or request for-later

Comments

@fapo85
Copy link

fapo85 commented May 8, 2024
edited
Loading

Describe the feature request

We would like to use Unleash Edge in a zero trust environment.
There, jwt is issued by the api token which must be validated accordingly.
It would make sense for us to create a corresponding custom authentication function and configure it accordingly in Unleash Edge.
A plugin interface would be suitable for this.

it must also be possible to add a corresponding header to requests in the upstream direction.

Background

No response

Solution suggestions

It might also make sense to use the plugin interface for custom decision scenarios.
But I'm sure you can decide that better.
@fapo85 fapo85 added the enhancement New feature or request label May 8, 2024
@sighphyre
Copy link
Member

This is a pretty interesting request. I don't see a way this is possible right now because of the way Unleash works with SDKs. In theory, Edge is a proxy with some interesting details between an SDK and Unleash itself. How do you see this working if we take Edge out of the equation?

@fapo85
Copy link
Author

fapo85 commented May 13, 2024

We currently have our own proxy, written in typescript.

For authentication towards unleash we simply add a header injector by passing a customHeadersFunction.

We also have java services which talk directly to unleash, there is also the function to pass a customHttpHeadersProvider.

so at least in the nodejs and java sdk there is this possibility.

I'm not familiar enough with rust, but I think there will also be a corresponding option or it could simply be added.

If this function does not exist in the rust sdk, I think it would definitely be a corresponding added value, otherwise the sdk's for the other languages would not have this possibility.

and then the corresponding functions must be passed to the outside world via a plugin interface.

@FredrikOseberg FredrikOseberg moved this from New to In Progress in Issues and PRs May 15, 2024
@FredrikOseberg FredrikOseberg moved this from In Progress to For later in Issues and PRs May 15, 2024
@sighphyre
Copy link
Member

@fapo85 This is honestly a lot bigger than it sounds. Edge's auth later is pretty involved around the way it resolves tokens and uses those to hydrate it's data internally. It doesn't actually use the Rust SDK directly to do that.

I don't think this is a trivial thing to do, I've pulled it onto our backlog, we'll have to take a look in a future quarter

@fapo85
Copy link
Author

fapo85 commented May 15, 2024

super, thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request for-later
Projects
Issues and PRs
Status: For later
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fapo85 @sighphyre