Start as Envoy AuthService

[imranismail]

I'd like to see if this is an option that can be explored:

Add an option to start as a GRPC service implementing Envoy's AuthService protobuf spec

https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/auth/v2/external_auth.proto
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto

The alternative is implementing this GRPC service separately and talk to the /decisions API. That introduces a network hop.

Since Oathkeeper is typically used at the edge, reducing the network latency seems like a good idea.

[aeneasr]

Wow, sorry for my super late reply! I think GRPC support would make a ton of sense. We should consider it for the next (#441) iteration of ORY Oathkeeper.

[RichiCoder1]

I'd be interested in this as well, but for the slightly different reason that our Envoy deployment only supports gRPC ExtAuth and not HTTP.

[derekperkins]

Same as @RichiCoder1, we're using Contour as our kubernetes ingress controller, and it only supports the v3 grpc auth protocol.

[aeneasr]

Thank you, unfortunately we currently lack the resources to work on this, but we have plans for "Ory Oathkeeper 2.0", it's just not clear when we have the capacity to execute them.

[alxgda]

Same as @derekperkins we're using Contour as our kubernetes ingress controller, and it only supports the v3 grpc auth protocol

[github-actions]

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue

• open a PR referencing and resolving the issue;
• leave a comment on it and discuss ideas on how you could contribute towards resolving it;
• leave a comment and describe in detail why this issue is critical for your use case;
• open a new issue with updated details and a plan for resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️