Authorize Service URL
Summary
Authorize Service URL is the location of the internally accessible Authorize Service.
Multiple URLs can be specified with authorize_service_urls
as an array.
Unlike the Authenticate Service, the Authorize Service has no publicly accessible HTTP handlers, so this setting is purely for gRPC communication.
If your load balancer does not support gRPC pass-through, you must set this value to an internally routable location (https://pomerium-authorize-service.default.svc.cluster.local
) instead of an externally routable one (https://authorize.corp.example.com
).
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage |
---|---|---|---|
authorize_service_url | AUTHORIZE_SERVICE_URL | URL | required (Inferred in all-in-one mode to be localhost) |
authorize_service_urls | AUTHORIZE_SERVICE_URLS | URL | required (Inferred in all-in-one mode to be localhost) |
authorize_service_url/s
is a bootstrap configuration setting and is not configurable in the Console.
The authorize_service_url
is not customizable in all-in-one mode with the CRD
Examples
Examples:
# config file key
authorize_service_urls:
- https://localhost:5443
- https://authorize.corp.example.com
# environment variable
AUTHORIZE_SERVICE_URL=https://pomerium-authorize-service.default.svc.cluster.local