Support Proxy Authentication Mode
Description
Goal:
Support end user credential propagation from incoming http request or websocket payload throughout nodejs and backend services and all the way to auth extension.
Design:
We want to add a “Proxy” authentication mode and supporting attaching a credential to a Principal object. The “Proxy” auth mode will not spin up an authentication server and instead rely on an upstream proxy service to perform the authentication.
Context:
Currently authentication is required once security is enabled. However, there are use cases where authentication may be done upfront before requests are sent to nodejs. In such case, only authorization functionality is needed without additional authentication. Then end user credential in the incoming request should just be propagated as is throughout and to the auth extension.
Release Notes
Added support for PROXY authentication mode.
Activity
This (and RBAC in general) might require some documentation additions to the CDAP documentation, and we’re currently looking into it.
CDAP Backend Component PR:
