basic_auth: support authorization header override (#36046)

Commit Message: basic_auth: support authorization header override Additional Description: provide a way to do basic authorization on headers other than `:Authorization`. Say we are doing two level of basic authorization. One at the proxy level with header name `Proxy-Authorization` and the other one at the application level with header name `Authorization`. Risk Level: low Testing: unit test Docs Changes: changelog Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Networking team <networking@lyft.com> Co-authored-by: Networking team <networking@lyft.com> Mirrored from https://github.com/envoyproxy/envoy @ f3ff3306f53fc0ebb6314ffad947896b56b23d29
2 months ago · fb8dbdf62d
parent 6b419c04ce
commit fb8dbdf62d
1 changed files with 6 additions and 0 deletions
--- a/envoy/extensions/filters/http/basic_auth/v3/basic_auth.proto
+++ b/envoy/extensions/filters/http/basic_auth/v3/basic_auth.proto
@ -41,6 +41,12 @@ message BasicAuth {
  // If it is not specified, the username will not be forwarded.
  string forward_username_header = 2
      [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}];
+
+  // This field specifies the request header to load the basic credential from.
+  //
+  // If it is not specified, the filter loads the credential from  the "Authorization" header.
+  string authentication_header = 3
+      [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}];
 }

 // Extra settings that may be added to per-route configuration for