When using Gloo Edge’s external authentication server, it may be convenient to authorize requests with your own server. Gloo Edge allows this functionality with two types of passthrough auth:
gRPC Passthrough Auth: Authenticating using an external grpc service that implements Envoy's Authorization Service API.
Http Passthrough Auth: Authenticating using an external Http service.
Passthrough auth vs. Custom Auth vs. Custom Extauth plugin
You can also implement your own auth with Gloo Edge with a Custom Auth server or an Extauth plugin.
Passthrough vs. Custom Auth server With passthrough, you can leverage other Gloo Edge extauth implementations (e.g. OIDC, API key, etc.) alongside custom logic. A custom auth server is not integrated with Gloo Edge extauth so it can not do this.
Passthrough vs. Extauth plugin Using Gloo Edge to passthrough requests to a separate authentication component eliminates the need to recompile extauth plugins with each version of Gloo Edge Enterprise.
Passthrough Cons While using a Passthrough service does provide additional flexibility and convenience with auth configuration, it does require an additional network hop from Gloo Edge’s external auth service to the gRPC service.