feat(gateway): add support for authorization header authentication (!275) · Merge requests · data-custodian / custodian

Martin Fontanet requested to merge gateway-header-auth into develop Mar 19, 2024

This PR enables authentication using the Authorization header at the gateway level. Prior to that, the authentication was handled by browser cookies. This was not compatible with CLI tools and made external access to the PDP endpoint complicated.

The gateway now uses the following mechanism to authenticates the users:

Look for an Authorization header in the user request, extract & validate the token.
- If the token is valid, pass it to the proxied endpoint.
- If the token is not valid, return a 401 Unauthorized error.
If the request does not contain an Authorization header with a token, look for a cookie that contains the ID Token, extract & validate it.
- If the token is valid, pass it to the proxied endpoint.
- If the token is not valid, redirect the user to the login page.
If neither the header nor the cookie are found, redirect the user to the login page.

Edited Mar 19, 2024 by Martin Fontanet

feat(gateway): add support for authorization header authentication

Merge request reports