Edge Auth for Datum Tunnels

[bmertens-datum]

We have all of these features available in the API today. I have only personally used the CIDR-based authorization rules so far, but the others are available as well. Edge auth is independent of tunnel creation, so we can start exercising these features now.

Basic & API Key Auth

• Checks a username/password or a secret key to decide if a request is allowed in.

JWT Auth Providers

• Verifies an identity token to confirm who is making the request.

OIDC Auth

• Lets users sign in using a trusted login system like Google, Microsoft, or Okta.

Authorization Rules JWT Principal

• Allows or blocks access based on who the user or service is.

Authorization Rules Headers

• Allows or blocks access based on information sent in the request headers.

Authorization Rules CIDRs

• Allows or blocks access based on where the request is coming from (IP address).

Which features do we want to include in the alpha, beta and launch?
Right now, these can be configured on a proxy or on a path. Do we want to also explore configuration at the project level or via labels as part of the alpha, beta or launch?