Basic Auth (proto)

This extension has the qualified name envoy.filters.http.basic_auth

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:

Basic Auth configuration overview.

extensions.filters.http.basic_auth.v3.BasicAuth

[extensions.filters.http.basic_auth.v3.BasicAuth proto]

Basic HTTP authentication.

Example:

users:
  inline_string: |-
    user1:{SHA}hashed_user1_password
    user2:{SHA}hashed_user2_password
{
  "users": {...},
  "forward_username_header": ...,
  "authentication_header": ...
}
users

(config.core.v3.DataSource) Username-password pairs used to verify user credentials in the “Authorization” header. The value needs to be the htpasswd format. Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html

forward_username_header

(string) This field specifies the header name to forward a successfully authenticated user to the backend. The header will be added to the request with the username as the value.

If it is not specified, the username will not be forwarded.

authentication_header

(string) This field specifies the request header to load the basic credential from.

If it is not specified, the filter loads the credential from the “Authorization” header.

extensions.filters.http.basic_auth.v3.BasicAuthPerRoute

[extensions.filters.http.basic_auth.v3.BasicAuthPerRoute proto]

Extra settings that may be added to per-route configuration for a virtual host or a cluster.

{
  "users": {...}
}
users

(config.core.v3.DataSource, REQUIRED) Username-password pairs for this route.