External authorization

External authorization

For cases where authorization decisions need to be made out-of-process, the external authorization policy can be used. This sends a request to an external server, such as Open Policy Agent which will decide whether the request is allowed or denied. This is done utilizing the External Authorization gRPC service.

Configuration just requires specifying the address of the authorization service:

extAuthz:
  host: localhost:9000