Does Couper have something similar to Traefik's ForwardAuth?

[zzl221000]

Traefik ForwardAuth
ForwardAuth can use the status code from an external service response to perform a simple token validation, and it can also forward the response headers from the external service.

[malud]

Hi,
thanks for your question. Actually we have no dedicated configuration for this but you could achieve this flow with our sequence feature in combination with the expected_status attribute for the request or proxy block. Have a look at our auth-sequence example: https://github.com/coupergateway/couper-examples/blob/master/sequences/couper-auth.hcl

Maybe you would like to do such a request with the request block and just forward things that your auth service needs and continue with a proxy block to pass/stream the original request to the protected service.

[malud]

Example for my suggestion, with that all requests to /api/** must pass the auth service with 200 OK:

server {
    # ...
    api {
        base_path = "/api"
        endpoint "/**" {
            request "forwardauth" {
                url = "http://my-auth-service.local"
                # forward just the values you need
                headers = request.headers
                # or
                #body = request.body
                # or
                #form_body = request.form_body
                
                expected_status = [200]
            }
            
            proxy {
                # forward the client request to the backend service if 'forwardauth' request is successful
                # append additional infos if requred
                add_request_headers = {
                    "X-From-Auth-Service": backend_responses.forwardauth.headers["claims-or-something-else"]
                }
                url = "http://my-backend-service.local" 
            }
        }
    }
}