Skip to content

UNINETTSigma2/goidc-proxy

BranchesTags

Repository files navigation

OpenID Connect Proxy

The proxy is based on coreos/go-oidc package. It supports simple proxying request based on authentication from any OpenID Connect providers. You can forward either OAuth2 Accesstoken (oauth2) or JWT Token (jwt) in Authorization header. The OAuth2 Accesstokenis the default option for sending to downstream target application. This is useful depending upon your target application configured under proxy section.

In addition to that it has support for two factor authentication which is primarily tested for Dataporten. Two factor can be enabled for selected users/groups or for all the users.

Authentication with Dataporten

{
    "proxy": {
        "target": "https://httpbin.org"
    },
    "engine": {
        "client_id": "<client_id>",
        "client_secret": "<client_secret>",
        "issuer_url": "https://auth.dataporten.no",
        "redirect_url": "http://localhost:8888/oauth2/callback",
        "scopes": "userid",
        "signkey": "testtesttesttest",
        "groups_endpoint": "",
        "token_type": "oauth2",
        "jwt_token_issuer": "https://jwt.example.no",
        "twofactor": {
            "all": false,
            "redirect_on_response": false,
            "principals": "",
            "acr_values": "",
        },
        "logging": {
            "level": "info"
        }
    },
    "server": {
        "port": 8888,
        "health_port": 1337,
        "cert": "cert.pem",
        "key": "key.pem",
        "ssl": false,
        "secure_cookie": false
    }
}

You need to copy the client-id and client-sercret from Dataporten Dashboard. Also make sure you have the redirect_url set accordingly as well as other details.

Authentication with Google OpenID Connect

The configuration file for using Google as OpenID provider

{
    "proxy": {
        "target": "https://httpbin.org"
    },
    "engine": {
        "client_id": "<client-id>",
        "client_secret": "<client-sercret>",
        "issuer_url": "https://accounts.google.com",
        "redirect_url": "http://localhost:8888/oauth2/callback",
        "scopes": "email",
        "signkey": "testtesttesttest",
        "groups_endpoint": "",
        "token_type": "oauth2",
        "jwt_token_issuer": "https://jwt.example.no",
        "twofactor": {
            "all": false,
            "redirect_on_response": false,
            "principals": "",
            "acr_values": "",
        },
        "logging": {
            "level": "debug"
        }
    },
    "server": {
        "port": 8888,
        "health_port": 1337,
        "cert": "cert.pem",
        "key": "key.pem",
        "ssl": false,
        "secure_cookie": false
    }
}

You need to copy the client-id and client-sercret from Google API console. Also make sure you have the redirect_url set accordingly as well as other details.

About

OpenID Connect proxy

Topics

proxy openidconnect dataporten

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

21 stars

Watchers

11 watching

Forks

5 forks
Report repository

Releases 1

v2.1.0 Latest
Apr 28, 2023

Packages

No packages published

Contributors 7

Languages