Skip to main content

Authorize Service URL

Summary

Authorize Service URL is the location of the internally accessible Authorize Service.

Multiple URLs can be specified with authorize_service_urls as an array.

Note

Unlike the Authenticate Service, the Authorize Service has no publicly accessible HTTP handlers, so this setting is purely for gRPC communication.

If your load balancer does not support gRPC pass-through, you must set this value to an internally routable location (https://pomerium-authorize-service.default.svc.cluster.local) instead of an externally routable one (https://authorize.corp.example.com).

How to configure

Config file keysEnvironment variablesTypeUsage
authorize_service_urlAUTHORIZE_SERVICE_URLURLrequired (Inferred in all-in-one mode to be localhost)
authorize_service_urlsAUTHORIZE_SERVICE_URLSURLrequired (Inferred in all-in-one mode to be localhost)

Examples

Examples:

# config file key
authorize_service_urls:
- https://localhost:5443
- https://authorize.corp.example.com

# environment variable
AUTHORIZE_SERVICE_URL=https://pomerium-authorize-service.default.svc.cluster.local