I'm building a multi tenant SaaS offering on top of Kubernetes. My understanding is that Authelia runs at the ingress/proxy layer (nginx, traefik, etc) before hitting the app service.
I like this idea since you technically would not have to build anything directly in each of the apps to handle authentication. However, because of the dynamic nature of this SaaS I need to have a layer in there somewhere that can first query something (API, database, cache,etc) that based on data from the incoming request would tell authelia if auth is required or not.
Is this possible with authelia? If so, any examples of how this might work?
So the url can be anything and would not be known ahead of time if it is secure or not, because we allow the user to set a flag on that "resource" which is database driven. So, if someone goes to myapp.com/path1 right now, it may allow anonymous but 10 minutes later may require authentication. So we can't hardcode paths in authelia ahead of time.
I'm thinking more about this, sounds like we need something in FRONT of authelia for this, right? So whatever that thing is, will forward to authelia or not.