You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(This is used to request new product features, please visit https://discuss.istio.io for questions on using Istio)
Describe the feature request
istio authorization api support scope attribute in conditions.
These are the currently supported conditions --> https://istio.io/latest/docs/reference/config/security/conditions/
It support claims. But not scopes Describe alternatives you've considered
I can use claims in the JWT token and use claims matching , however in OAUTH2 standards scope is the correct way to describe if the token is allowed access to a particular resourse.
These are the list of support condition attributes https://istio.io/latest/docs/reference/config/security/conditions/
There is request.auth.claims. I would like to also have Istio support request.auth.scope as auth policy condition.
I understand OPA policy evaluation supports scope, but it makes sense to add scope validation within Istio's own Authorization policy since claim verification is already supported. Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ X] Security
[ ] Test and Release
[ ] User Experience
Additional context
The text was updated successfully, but these errors were encountered:
(This is used to request new product features, please visit https://discuss.istio.io for questions on using Istio)
Describe the feature request
istio authorization api support scope attribute in conditions.
These are the currently supported conditions -->
https://istio.io/latest/docs/reference/config/security/conditions/
It support claims. But not scopes
Describe alternatives you've considered
I can use claims in the JWT token and use claims matching , however in OAUTH2 standards scope is the correct way to describe if the token is allowed access to a particular resourse.
These are the list of support condition attributes
https://istio.io/latest/docs/reference/config/security/conditions/
There is request.auth.claims. I would like to also have Istio support request.auth.scope as auth policy condition.
I understand OPA policy evaluation supports scope, but it makes sense to add scope validation within Istio's own Authorization policy since claim verification is already supported.
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ X] Security
[ ] Test and Release
[ ] User Experience
Additional context
The text was updated successfully, but these errors were encountered: