Skip to content
/ oAuth2-container Public

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

santiblanko/oAuth2-container

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github
.github
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Add oAuth2 to a container with a few lines.

OAuth2 Proxy is a reverse proxy and static file server that provides authentication using third-party providers like Google, GitHub, and others for validating accounts by email, domain, or group.

Oauth2 Proxy is useful when you want:

  • One or more of your applications to be accessible only by authenticated users, for instance, users using a specific domain, emails whitelisting, and more
  • To rely on a third-party provider to handle the authentication process (Google, GitHub, etc.)
  • To keep a clear separation between the authentication service and the rest of your applications

For start:

docker-compose up -d

/ping - returns a 200 OK response, which is intended for use with health checks
/metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
/oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
/oauth2/sign_out - this URL is used to clear the session cookie
/oauth2/start - a URL that will redirect to start the OAuth cycle
/oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
/oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
/oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response;

Others solutions

Keycloak

Generate password for admin:

docker exec local_keycloak \
    /opt/jboss/keycloak/bin/add-user-keycloak.sh \
    -u admin \
    -p admin \
&& docker restart local_keycloak

Request token:

curl -X POST 'http://localhost:8080/auth/realms/test/protocol/openid-connect/token' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'grant_type=password' \
 --data-urlencode 'client_id=my-client' \
 --data-urlencode 'username=santiago.blanco@123.com' \
 --data-urlencode 'password=123'

Get Realm config

http://localhost:8080/auth/realms/test/.well-known/openid-configuration

If this implementation looks great you can share a beer using patreon or send me bitcoins.

Bitcoin direction:

31p39e3AtdEv8T2aU9y9D1XH9Wc5HEtRte

I will be enormously grateful. :) Also I am available for capacitations, keycloak courses and projects!! Whatsapp :) +573233729549

About

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published