Passthrough Auth
When using Gloo Edge’s external authentication server, it may be convenient to authorize requests with your own server. Gloo Edge allows this functionality with two types of passthrough auth:
-
gRPC Passthrough Auth: Authenticating using an external grpc service that implements Envoy's Authorization Service API.
-
Http Passthrough Auth: Authenticating using an external Http service.
Passthrough auth vs. Custom Auth vs. Custom Extauth plugin
You can also implement your own auth with Gloo Edge with a Custom Auth server or an Extauth plugin.
Passthrough vs. Custom Auth server With passthrough, you can leverage other Gloo Edge extauth implementations (e.g. OIDC, API key, etc.) alongside custom logic. A custom auth server is not integrated with Gloo Edge extauth so it can not do this.
Passthrough vs. Extauth plugin Using Gloo Edge to passthrough requests to a separate authentication component eliminates the need to recompile extauth plugins with each version of Gloo Edge Enterprise.
Passthrough Cons While using a Passthrough service does provide additional flexibility and convenience with auth configuration, it does require an additional network hop from Gloo Edge’s external auth service to the gRPC service.