feat: adding a python callout for JWT token validation

[mateustd-ciandt]

This PR implements JWT token validation in the external authorization server.

It allows the server to extract tokens from Authorization headers, validate them using a public key, and add decoded claims as headers to upstream requests.

Also adding a test file as well.

This will use the server at the PR: #272

[jstraceski]

Looks good to me. The Dockerfile structure may cause some issues though.

[jstraceski]

This file should probably look like this https://github.com/GoogleCloudPlatform/service-extensions/blob/main/callouts/python/extproc/example/Dockerfile file with a few changes.

namely:
We need to make sure that the default proto path is set to
ARG proto_path="envoy/service/auth/v3/external_auth.proto"

and

COPY ./extproc/service ./extproc/service
COPY ./extproc/ssl_creds ./extproc/ssl_creds

Need to point to the new server directory.

I would also change:

FROM service-callout-common-python

AND

FROM launcher.gcr.io/google/debian12 as service-callout-common-python

to extauth-common-python

[mateustd-ciandt]

Hello, pushed some changes so the Dockerfile is more like the reference one! Thanks!

[jstraceski]

After we got automated testing working in #272 could you address the new failures @mateustd-ciandt.

[mateustd-ciandt]

@jstraceski updated the test file for this one too! thanks

[snippet-bot]

Here is the summary of changes.

You are about to add 1 region tag.

• plugins/samples/geo_directional_origin/plugin.go:15, tag serviceextensions_plugin_geo_routing

---

This comment is generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.
To update this comment, add snippet-bot:force-run label or use the checkbox below:

• Refresh this comment