I’m trying to remove user authorization built-in to the applications and move then to istio. In the past i have been able to use
AuthorizationPolicy with JWT to secure public restful services. This time its a front-end
We use keycloak OIDC and currently we use lua inside an openresty container to obtain the JWT cookie and based on that the user is either redirected to keycloak’s login page, is granted access or if the user does not have the proper role, we send back a 403 error page.
I have the following questions:
- How can i have istio/envoy redirect when they need to login?
- can i use
fromHeadersto obtain the JWT from keycloak’s cookies?