Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add request Headers to OPA authorization request #36

Closed
massenz opened this issue Aug 21, 2022 · 1 comment
Closed

Add request Headers to OPA authorization request #36

massenz opened this issue Aug 21, 2022 · 1 comment
Labels
enhancement New feature or request policy related to OPA/Policy evaluation Urgent

Comments

@massenz
Copy link
Owner

massenz commented Aug 21, 2022

We currently only send the path and method to OPA for authorization (alongside the JWT); we should also send "relevant" (as defined by the user) headers.

This could be a mix of "well-known" as well as "custom" headers:

opa:
  headers:
    - x-org-id
    - x-user-def
    - ContentType

If any (or all) of the headers are missing in the API call, they are simply ignored and the authorization is sent to OPA: auth policies will decide if those are required and access ought to be denied if missing.

The headers will be sent in the OPA request as key-value pairs (we assume single-valued headers):

      {
        "input": {
            "api_token": ".... API Token Base-64 encoded ...",
            "resource": {
                "method": "POST",
                "path": "/path/to/resource",
                "headers": [
                  { "name": "x-org-id", "value": "123456"},
                  { "name": "ContentType", "value": "application/json"},
                  ...
                ]
           }
        }
      }

and will be available as an array of objects in the Rego policy at input.resource.headers, and each header will be accessible as, for example input.resource.headers["x-org-id"].
@massenz massenz added enhancement New feature or request Urgent policy related to OPA/Policy evaluation labels Aug 21, 2022
@massenz massenz mentioned this issue Aug 21, 2022
Open
massenz added a commit that referenced this issue Nov 16, 2022
@massenz
[#36] Adding Headers to OPA request
e3435f8
massenz added a commit that referenced this issue Nov 19, 2022
@massenz
[#36] Updated tests & configuration
9dc36c7
massenz added a commit that referenced this issue Nov 19, 2022
@massenz
[#36] Adding HTTP Headers to OPA Auth request (#45)
208703f 
* [#36] Adding Headers to OPA request
@massenz
Copy link
Owner Author

massenz commented Nov 19, 2022

Completed in #45

@massenz massenz closed this as completed Nov 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request policy related to OPA/Policy evaluation Urgent
Projects
Spring Security OPA Integration
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@massenz