Deferred from #167 (hosted multi-user server v1). Track for a future release.
What
Run mitmproxy on the hosted server so agents can point HTTPS_PROXY at a remote URL without needing any local component. Currently agents must run a local proxy sidecar that fetches credentials from the remote daemon (Option B — already works via AUTHSOME_DAEMON_URL).
Shape of the work
- Per-user proxy endpoint, e.g.
https://proxy.authsome.example.com with user identity carried via a proxy auth header or a token in the URL
- Server-side mitmproxy instance that resolves credentials from the hosted
AuthService for the authenticated user
- CA certificate distribution: agents must install and trust the hosted CA cert (mitmproxy CA); document the trust-establishment flow
- Evaluate whether to run one shared mitmproxy instance (multi-tenant routing) or one per user (simpler isolation, more resources)
Prerequisite
#167 (hosted v1) must be complete before this is meaningful.
Deferred from #167 (hosted multi-user server v1). Track for a future release.
What
Run mitmproxy on the hosted server so agents can point
HTTPS_PROXYat a remote URL without needing any local component. Currently agents must run a local proxy sidecar that fetches credentials from the remote daemon (Option B — already works viaAUTHSOME_DAEMON_URL).Shape of the work
https://proxy.authsome.example.comwith user identity carried via a proxy auth header or a token in the URLAuthServicefor the authenticated userPrerequisite
#167 (hosted v1) must be complete before this is meaningful.