Expand description
External authorization via the Envoy ext_authz gRPC contract.
Before a transcoded request is forwarded upstream, the proxy calls the
configured ext_authz server’s envoy.service.auth.v3.Authorization/Check
with the request’s HTTP attributes. An OK status allows the request (and may
inject response headers); anything else denies it. This is the same contract
OPA’s Envoy plugin and any ext_authz server implement.
Structs§
- Authz
- A configured ext_authz client.
Functions§
- middleware
- Axum middleware gating proxied requests through the ext_authz server.