Istio Authservice

Istio Authservice helps delegate the OIDC Authorization Code Grant Flow to the Istio mesh. It is compatible with any standard OIDC Provider as well as other Istio End-user Auth features, including Authentication Policy and RBAC. Together, they allow developers to protect their APIs and web apps without any application code required.

Some of the features it provides:

• Transparent login and logout
  • Retrieves OAuth2 Access tokens, ID tokens, and refresh tokens
• Fine-grained control over which url paths are protected
• Session management
  • Configuration of session lifetime and idle timeouts
  • Refreshes expired tokens automatically
• Compatible with any standard OIDC Provider
• Supports multiple OIDC Providers for same application
• Trusts custom CA certs when talking to OIDC Providers
• Works either at the sidecar or gateway level

Istio Authservice is built entirely on open source. The binaries are available at no cost, and support is provided by Tetrate Community Slack channels and the Istio community.