Service registry configuration | Authorization
Authorization parameters help protect upstream routes before traffic reaches the backend service. They define the access-token requirement, the required OAuth scopes, and the forwarded identity context sent to the upstream.
Service registry upstreams can be customized through either the Administration API, the user interface, or static configuration files. The configuration is organized around:
- General configuration
- URIs
- Authorization
- Security
Authorization parameters
Authorize requires requests to provide a valid OAuth access token before they are forwarded.
Required scopes restrict authorized traffic by HTTP method. Keys can be HTTP methods such as GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, or * for the default rule. Values are the OAuth scopes required for the method.
Error content type defines the content type returned for gateway authorization errors.
Forbidden response customizes the response returned when the access token is valid but does not contain the required scopes.
Unauthorized response customizes the response returned when the request has no valid access token.
Forwarded token signature algorithm enables boruta to send backend request context in the X-Forwarded-Authorization header. Supported algorithms are HS256, HS384, HS512, RS256, RS384, and RS512.
Forwarded token secret signs forwarded tokens when using an HS* algorithm. Leave it empty to let boruta generate one.
Forwarded token private key signs forwarded tokens when using an RS* algorithm. Leave it empty to let boruta generate a key pair.
Forwarded token public key is the public key matching the generated or configured private key.
User interface
