Skip to content

Enhancement Proposal: Authentication Filter #4136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 21 commits into from
Nov 4, 2025
Merged

Enhancement Proposal: Authentication Filter #4136

Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
8e19dc9
Enhancement Proposal for Authentication Filter
shaun-nx Oct 22, 2025
12ccfd4
Merge branch 'main' into proposal/auth-filter
shaun-nx Oct 22, 2025
f2e013f
Fix pre-commit errors
shaun-nx Oct 22, 2025
2a7f803
Merge branch 'main' into proposal/auth-filter
shaun-nx Oct 22, 2025
1b1665a
Add non-goals, test and security considerations. Move preface down to…
shaun-nx Oct 22, 2025
6a36b93
Update Alternatives section to refer to new External AuthFilter doc (…
shaun-nx Oct 23, 2025
601f362
Fix pre-commit errors
shaun-nx Oct 23, 2025
77eb226
Merge branch 'main' into proposal/auth-filter
shaun-nx Oct 23, 2025
88230d0
Set status to provisional, include only goals and non-goals
shaun-nx Oct 24, 2025
5990f77
Merge branch 'main' into proposal/auth-filter
shaun-nx Oct 24, 2025
f65e66a
Remove diagram
shaun-nx Oct 24, 2025
3d9fef4
Fix typos
shaun-nx Oct 24, 2025
f71701a
Merge branch 'main' into proposal/auth-filter
shaun-nx Oct 24, 2025
8705cd6
Merge branch 'main' into proposal/auth-filter
shaun-nx Oct 28, 2025
b7e2219
Update goals and non-goals
shaun-nx Oct 28, 2025
b581079
Update non-goals
shaun-nx Oct 28, 2025
1bed1f0
Fix pre-commit errors
shaun-nx Oct 28, 2025
47894e2
Merge branch 'main' into proposal/auth-filter
shaun-nx Nov 3, 2025
1ba1f3e
Update Goals and Non-goals
shaun-nx Nov 3, 2025
710ef5b
Update non-goals
shaun-nx Nov 3, 2025
dfbb573
Merge branch 'main' into proposal/auth-filter
tataruty Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions docs/proposals/authentication-filter.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Enhancement Proposal-4052: Authentiation Filter

- Issue: https://github.com/nginx/nginx-gateway-fabric/issues/4052
- Status: Provisional

## Summary

Design and implement a means for users of NGINX Gateway Fabric to enable authentication on requests to their backend applications.
This new filter should eventually expose all forms of authentication available through NGINX, both Open Source and Plus.

## Goals

- Design a means of configuring authentication for NGF
- Design Authentication CRD with Basic Auth and JWT Auth in mind
- Determine initial resource specification
- Evaluate filter early in request processing, occurring before URLRewrite, header modifiers and backend selection
- Authentication failures returns 401 Unauthorized by default
- Ensure response codes are configurable

## Non-Goals

- Design for OIDC Auth
- An Auth filter for TCP and UDP routes
- Design for integration with [ExternalAuth in the Gateway API](https://gateway-api.sigs.k8s.io/geps/gep-1494/)
Loading