A Mapping can pass these settings along to an AuthService. This is helpful to allow these specific configurations to apply only to certain Mappings and not globally.
An AuthService can be disabled for a specific Mapping with the
bypass_auth attribute. This will tell Ambassador to allow all requests for that Mapping through without interacting with the external auth service. This could be helpful, for example, for a public API.
auth_context_extensions attribute will pass the given values along to the AuthService when authentication happens. The values are arbitrary key value pairs formatted as strings.
auth_context_extensions:foo: barbaz: zing
More information is available on the Envoy documentation on external authentication.