Given a kubernetes environment with nginx-ingress operator in place
And auth0 configured for Social Login
And ingress rules configured for a ‘staging’ site
When a request is made against the controller
from an ip range not whitelisted
OR not containing a special header (HTTP Basic / Token etc)
I want to redirect the user to Auth0
When a request is made against the controller
from a whitelisted Ip range OR with a valid http header bearer token
I want the request to be default allowed
Why?
Because we have automated scanning systems such as site crawlers, penetration testing systems, and so on that cannot handle oauth flows and need an escape hatch to reach our sites.
Multiple ingress services are not viable due to the overheads in configuration.
We also make urls from these sites available to ‘trusted external users’ and so need to have a mechanism to authenticate their access (hence Auth0).
So in summary;
Have a Kubernetes ingress with Auth0 oauth access control, but bypass when a token/http basic credential is included on the request.
Any ideas?