Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add wasm-oidc-plugin to readme #95

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add wasm-oidc-plugin to readme #95

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,17 @@ This repository contains several canonical Wasm extensions, which intend to demo
## Extensions

* *[Basic auth](/extensions/basic_auth/)* enforces basic auth based on request host, path, and methods. In this extension, you can find how to perform local auth decision based on headers and local reply, as well as JSON configuration string parsing and base64 decoding.

* *[C++ scaffold](/extensions/scaffold/)* provides an empty C++ extension, which can be used as a starting point to write a C++ Wasm extension.

* *[gRPC access logging](./extensions/grpc_logging)* makes a logging request to a gRPC service with various kinds of request and workload attributes. In this extension, you can find how to perform asynchronous telemetry reporting, fetch various request attributes and proxy properties, use protobuf and make gRPC callout.

* *JWT based routing ([WIP](https://github.com/istio-ecosystem/wasm-extensions/issues/16))* reads JWT token information from Envoy dynamic metadata written by JWT auth filter, update host header accordingly, and trigger routing recomputation. In this extension, you can find how to read dynamic metadata, manipulate headers, and affect request routing.

* *[Local rate limit](/extensions/local_rate_limit/)* applies a token bucket rate limit to incoming requests. Each request processed by the filter utilizes a single token, and if no tokens are available, the request is denied. In this extension you can find how to share data across all plugin VMs and deny request with local reply.

* *[wasm-oidc-plugin](https://github.com/antonengelhardt/wasm-oidc-plugin)* performs the OIDC Authorization Code Flow when session cookies are not presented in a request. These cookies are encrypted with AES-256-GCM and contain the authorization state of the client, such as `id_token` and `access_token`. The plugin can be configured to exclude certain hosts, paths, and URLs. ID Token validation is optional, and both the config reload interval and the cookie duration can be configured as desired.

* *[Open Policy Agent client](/extensions/open_policy_agent)* makes HTTP callout to an Open Policy Agent (OPA) server and based on OPA server response decides whether to allow or deny an incoming request. A result cache is also included to avoid expensive callout on every request. In this extension, you can find how to perform HTTP callout, and asynchronously continue or stop an incoming request based on the response of HTTP call. You will also find how to record stats, which can be scraped in the same way as Istio standard metrics.

* *[Zig scaffold](/extensions/zig_demo/)* provides an empty [Zig](https://ziglang.org/) extension, which can be used as a starting point to write a Zig Wasm extension.
Expand Down