Route based on claims

[Ghostbird]

Is it possible to select a route based on the Claims of the HttpContext.User?
My use case is that request by one user should take use a different route than requests by another user.

E.g. a request for /foo by user A should proxy to https://example.com/foo and transform the request to use a client certificate. However a request for /foo by user B should proxy to https://contoso.com/foo and use OIDC client-credentials to get a token for that call.

It seems a problem will be that Authorization is predicated on routing in YARP which seems to create a catch-22. My middleware must run before routing, but it needs the authenticated identity, which is only known after routing.

[Tratcher]

Nothing built in, though there are manual ways you could do it. See:
https://github.com/dotnet/yarp/blob/5e0bbb4375b1385ff6a7cafe47fb6217854656d2/samples/ReverseProxy.Direct.Sample/README.md
Or

yarp/src/ReverseProxy/Model/HttpContextFeaturesExtensions.cs

Line 49 in 5e0bbb4

public static void ReassignProxyRequest(this HttpContext context, ClusterState cluster)

Part of the problem is that the type of auth to be performed can be specified per route in aspnetcore, so auth happens after routing.

Do you have auth setup so that it happens before requests and is route independent?