{"id":21029765,"url":"https://github.com/loafoe/iam-proxy","last_synced_at":"2026-03-14T22:11:25.128Z","repository":{"id":38292410,"uuid":"342314645","full_name":"loafoe/iam-proxy","owner":"loafoe","description":"HSDP IAM proxy","archived":false,"fork":false,"pushed_at":"2023-05-19T22:00:21.000Z","size":387,"stargazers_count":5,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-03T11:03:07.416Z","etag":null,"topics":["claims","hsdp","iam","jwt","proxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/loafoe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-25T16:53:32.000Z","updated_at":"2022-03-18T12:04:12.000Z","dependencies_parsed_at":"2024-11-19T12:15:06.904Z","dependency_job_id":"a434c628-9b0e-464f-ba03-7c4ef102a32f","html_url":"https://github.com/loafoe/iam-proxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/loafoe/iam-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loafoe%2Fiam-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loafoe%2Fiam-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loafoe%2Fiam-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loafoe%2Fiam-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/loafoe","download_url":"https://codeload.github.com/loafoe/iam-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loafoe%2Fiam-proxy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265227900,"owners_count":23731060,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claims","hsdp","iam","jwt","proxy"],"created_at":"2024-11-19T12:14:10.543Z","updated_at":"2026-03-14T22:11:20.107Z","avatar_url":"https://github.com/loafoe.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# iam-proxy\nHSDP IAM proxy. Position this in front of your app for instant HSDP IAM support. The proxy will\nredirect to IAM for authentication and generate a JWT token which embeds `iam_access_token` and \n`iam_refresh_token` claims containing the IAM tokens for use in your upstream service.\n\n## Features\n- Extremely lean, should run in 16MB RAM\n- Minimal configuration needs\n- Stateless, so scalable if needed\n- Single purpose\n\n## TODO\n- Encrypt IAM claims with `SharedSecret`\n- Add group claims based on IAM Introspect\n- Timely Token refreshes\n\n## Usage\nGather all required params and deploy as a Docker container to Cloud foundry or other hosting service.\nThe upstream should check for presence of the JWT and validate it using the `SharedSecret`. You can perform\nan IAM Introspect call with the access token claim to retrieve addtional permissions for the user.\n\n## Parameters\nSetting parameters is done through the environment:\n\n| Name                     | Description | Default |\n|--------------------------|-------------|---------|\n| IAM_PROXY_APP_URL        | The browser URL of the app | `http://localhost:35444` |\n| IAM_PROXY_REGION         | The HSDP IAM Region to use | `us-east` |\n| IAM_PROXY_ENVIRONMENT    | The HSDP IAM Environment to use | `client-test` | \n| IAM_PROXY_CLIENT_ID      | The HSDP IAM OAuth2 client ID to use | |\n| IAM_PROXY_CLIENT_SECRET  | THe HSDP IAM OAuth2 client Secret to use | |\n| IAM_PROXY_SHARED_SECRET  | The `SharedSecret` to use | `secret` |\n| IAM_PROXY_COOKIE_DOMAIN  | The Cookie domain | inferred from browser URL |\n| IAM_PROXY_UPSTREAM_URL   | The Upstream URL of the app to proxy | |\n| IAM_PROXY_PORT           | The port to listen on for connections | `35444` |\n\n## Building\n```shell\n\u003e docker buildx build --load -f Dockerfile.buildx -t iam-proxy:latest  --platform linux/amd64,linux/arm64 .\n```\n\n## Deploying\n```shell\n\u003e docker run --rm -it -p 35444:35444 -e IAM_PROXY_APP_URL=... -e IAM_PROXY_REGION=... -e ... iam-proxy:latest`\n```\n\n## Contact / Getting help\n\nAsk on the `#terraform` channel on HSDP Slack. We intend to provide a Terraform module shortly, which will be the preferred method for deployment.\n\n# License\nLicense is MIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floafoe%2Fiam-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Floafoe%2Fiam-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floafoe%2Fiam-proxy/lists"}