blog

12020-09-15

SEAN K.H. LIAO

authnz

For user requests only.

authn

Situation: you have an API gateway (ex traefik) or service mesh (ex istio) that can intercept and redirect requests. You have some existing authz system you want to use, maybe the same as for your East-West traffic. You want to redirect requests without a valid session / jwt to login to a third party identity provider.

Options:

authn authz

Situation: you have an API gateway that can intercept requests. You want to redirect requests without a valid session / jwt to login to a third party identity provider and enforce some policy on that request at the same time.

Options:

identity provider

loginserver4, ORY Hydra, ...

gateway

The reverse proxy / identity aware proxy / thing that intercepts your requests.

traefik, envoy, ory oathkeeper, pomerium, ...