Authentication and Authorization
Why Authenticate in API Gateway Environments
API Gateways act as a control point for the outside world to access the various application services (monoliths, microservices, serverless functions) running in your environment. In microservices or hybrid application architecture, any number of these workloads need to accept incoming requests from external end users (clients). Incoming requests are treated as anonymous or authenticated and depending on the service. You may want to establish and validate who the client is, the service they are requesting, and define any access or traffic control policies.
Gloo Mesh Gateway provides several mechanisms for authenticating requests. Gloo Mesh Gateway includes an external auth (Ext Auth) service that has built in support for authenticating with Identity Providers over LDAP or OIDC. It also supports other forms of authentication, including basic auth and API keys. Ext Auth has a plugin and passthrough framework so that custom business logic for bespoke auth protocols can be loaded and configured easily with Gloo Mesh. Ext Auth also supports a dynamic, flexible language called Rego for applying fine-grained authorization policies using Open Policy Agent. Ext Auth configuration can be chained to perform a multi-step authentication and authorization process.
Finally, you can write your own custom authentication service and integrate it with Gloo Mesh Gateway.
The Ext Auth section below includes guides for all the different authentication sources supported out of the box, and a guide to creating your own plugins or passthrough server for custom authentication logic. Also included in this section is a guide for developing a Custom Auth service.
External Authentication: Authenticate and authorize requests to your services using Gloo Mesh's external auth service.
Basic Auth: Authenticating using a dictionary of usernames and passwords on a virtual gateway.
OAuth: External Auth with OAuth
API Keys: How to setup ApiKey authentication.
OPA Authorization: Illustrating how to combine OpenID Connect with Open Policy Agent to achieve fine-grained policy with Gloo Mesh.
LDAP: Authenticate and authorize requests using LDAP.
Custom Auth server: External Authentication with your own auth server