External Authorization

    The external authorization network filter calls an external authorization service to check if the incoming request is authorized or not. If the request is deemed unauthorized by the network filter then the connection will be closed.

    Tip

    It is recommended that this filter is configured first in the filter chain so that requests are authorized prior to rest of the filters processing the request.

    The content of the request that are passed to an authorization service is specified by .

    The network filter, gRPC service, can be configured as follows. You can see all the configuration options at Network filter.

    A sample filter configuration could be:

    The network filter outputs statistics in the config.ext_authz. namespace.

    The External Authorization filter emits dynamic metadata as an opaque only when the gRPC authorization server returns a with a filled dynamic_metadata field.