Warning

The v2 xDS API is not supported in Envoy v1.18.0 and above.

Authorization Service

The authorization service request messages used by external authorization network filter and HTTP filter.

service.auth.v2.CheckRequest

[service.auth.v2.CheckRequest proto]

{
  "attributes": "{...}"
}
attributes

(service.auth.v2.AttributeContext) The request attributes.

service.auth.v2.DeniedHttpResponse

[service.auth.v2.DeniedHttpResponse proto]

HTTP attributes for a denied response.

{
  "status": "{...}",
  "headers": [],
  "body": "..."
}
status

(type.HttpStatus, REQUIRED) This field allows the authorization service to send a HTTP response status code to the downstream client other than 403 (Forbidden).

headers

(repeated core.HeaderValueOption) This field allows the authorization service to send HTTP response headers to the downstream client. Note that the append field in HeaderValueOption defaults to false when used in this message.

body

(string) This field allows the authorization service to send a response body data to the downstream client.

service.auth.v2.OkHttpResponse

[service.auth.v2.OkHttpResponse proto]

HTTP attributes for an ok response.

{
  "headers": []
}
headers

(repeated core.HeaderValueOption) HTTP entity headers in addition to the original request headers. This allows the authorization service to append, to add or to override headers from the original request before dispatching it to the upstream. Note that the append field in HeaderValueOption defaults to false when used in this message. By setting the append field to true, the filter will append the correspondent header value to the matched request header. By leaving append as false, the filter will either add a new header, or override an existing one if there is a match.

service.auth.v2.CheckResponse

[service.auth.v2.CheckResponse proto]

Intended for gRPC and Network Authorization servers only.

{
  "status": "{...}",
  "denied_response": "{...}",
  "ok_response": "{...}"
}
status

(Status) Status OK allows the request. Any other status indicates the request should be denied.

denied_response

(service.auth.v2.DeniedHttpResponse) Supplies http attributes for a denied response.

An message that contains HTTP response attributes. This message is used when the authorization service needs to send custom responses to the downstream client or, to modify/add request headers being dispatched to the upstream.

Only one of denied_response, ok_response may be set.

ok_response

(service.auth.v2.OkHttpResponse) Supplies http attributes for an ok response.

An message that contains HTTP response attributes. This message is used when the authorization service needs to send custom responses to the downstream client or, to modify/add request headers being dispatched to the upstream.

Only one of denied_response, ok_response may be set.