{"id":20238923,"url":"https://github.com/quintilesims/auth0-proxy","last_synced_at":"2025-04-10T19:36:05.200Z","repository":{"id":57499788,"uuid":"83085213","full_name":"quintilesims/auth0-proxy","owner":"quintilesims","description":"Reverse Proxy that redirects to Auth0 for authentication","archived":false,"fork":false,"pushed_at":"2018-08-01T20:37:24.000Z","size":16,"stargazers_count":6,"open_issues_count":1,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-24T17:14:11.564Z","etag":null,"topics":["auth0","go","golang","layer0","reverse-proxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/quintilesims.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-24T21:43:09.000Z","updated_at":"2024-12-03T14:46:10.000Z","dependencies_parsed_at":"2022-08-28T15:24:10.949Z","dependency_job_id":null,"html_url":"https://github.com/quintilesims/auth0-proxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quintilesims%2Fauth0-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quintilesims%2Fauth0-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quintilesims%2Fauth0-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quintilesims%2Fauth0-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/quintilesims","download_url":"https://codeload.github.com/quintilesims/auth0-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248281414,"owners_count":21077423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth0","go","golang","layer0","reverse-proxy"],"created_at":"2024-11-14T08:36:09.118Z","updated_at":"2025-04-10T19:36:05.176Z","avatar_url":"https://github.com/quintilesims.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Layer0 Auth0 Proxy\n\nSometimes, you want to put a sensitive web application behind a login wall.\nSometimes, you don't want to write the authentication logic yourself.\nIn this repository, we provide a proxy application that authenticates through Auth0 and can be easily inserted into any Terraform deployment.\n\n**NOTE: The Auth0 Proxy requires the `layer0-terraform-provider` binary for Layer0 v0.10.4+.**\nYou can find appropriate downloads at [http://layer0.ims.io/releases/](http://layer0.ims.io/releases/).\n\n\n# Usage\n\n## An Example\n\nLet's discuss what a possible deployment might look like.\n\n1. A Layer0 environment in which all of the following resources will live.\n2. A sensitive application deployed to AWS.\n3. A private load balancer that sits in front of the sensitive application.\n4. The auth0-proxy application, also deployed to AWS.\n5. A public load balancer that sits in front of the auth0-proxy application.\n\nIf we hand-wave away the specifics of the sensitive application (the \"myapp\" service in the coming example), a sample Terraform deployment of this whole system might look like this:\n\n```\n# main.tf\n\nprovider \"layer0\" {\n  endpoint        = \"${var.endpoint}\"\n  token           = \"${var.token}\"\n  skip_ssl_verify = true\n}\n\nresource \"layer0_environment\" \"demo\" {\n  name = \"demo\"\n}\n\nresource \"layer0_load_balancer\" \"myapp\" {\n  name        = \"myapp\"\n  environment = \"${layer0_environment.demo.id}\"\n  private     = true\n\n  port {\n    host_port      = 80\n    container_port = 80\n    protocol       = \"http\"\n  }\n}\n\nresource \"layer0_service\" \"myapp\" {\n  name          = \"myapp\"\n  environment   = \"${layer0_environment.demo.id}\"\n  load_balancer = \"${layer0_load_balancer.myapp.id}\"\n  # and any other values that myapp needs\n}\n\n# Here's what we do in order to add the auth0-proxy:\nmodule \"auth0\" {\n  source                  = \"github.com/quintilesims/auth0-proxy//terraform\"\n  auth0_domain            = \"SOME AUTH0 DOMAIN\"\n  auth0_client_id         = \"AUTH0 CLIENT ID\"\n  auth0_client_secret     = \"AUTH0 CLIENT SECRET\"\n  auth0_redirect_uri      = \"https://${module.auth0.load_balancer_url}\"\n  layer0_environment_id   = \"${layer0_environment.demo.id}\"\n  proxy_load_balancer_url = \"${layer0_load_balancer.myapp.url}\"\n  ssl_certificate         = \"NAME OF AN SSL CERTIFICATE\"\n}\n\noutput \"auth0_proxy_load_balancer_url\" {\n  value = \"https://${module.auth0.load_balancer_url}\"\n}\n```\n\nNow, all traffic should access the sensitive application by using the value of the `auth0_proxy_load_balancer_url` output.\n\n## Required Parameters\n\nThere are eight paramters that _must_ be supplied to the Auth0 Proxy module.\n\n**Note:**\nThe Auth0 Proxy requires a configured Auth0 client that is responsible for authenticating users.\nSeveral of the parameters that the Auth0 Proxy module requires come from this client.\n\n- `source` - The location of the terraform files for the Auth0 Proxy module.\nThis will probably always be `\"github.com/quintilesims/auth0-proxy//terraform\"`.\n\n- `auth0_domain` - The domain you will use for Auth0 authentication.\n\n- `auth0_client_id` - The ID of the Auth0 client to be used for authentication.\n\n- `auth0_client_secret` - The secret string of the Auth0 client to be used for authentication.\n\n- `auth0_redirect_uri` - The location to which Auth0 should redirect after authentication.\nUnless you have a custom domain, this should be the URL of the Auth0 Proxy's load balancer.\n(You can get that programmatically: `\"https://${module.auth0.load_balancer_url}\"`.)\n**NOTE: This must contain the protocol, and must match a URL specified in the Auth0 client's allowed callback URLs.**\n\n- `layer0_environment_id` - The ID of the Layer0 environment in which to deploy the Auth0 Proxy module.\nThis should be the same environment in which the sensitive application is deployed.\n\n- `proxy_load_balancer_url` - The location to which authenticated traffic should be directed.\nIn other words, the private load balancer that sits in front of the sensitive application.\n**NOTE: This must NOT include the protocol (i.e. \"http://\").**\n\n- `ssl_certificate_name` - The Auth0 Proxy communicates over https, so you must supply an SSL certificate.\nWhile testing, you can use the default certificate that the Layer0 instance creates (`\"l0-YOUR_LAYER0_PREFIX_HERE-api\"`).\nFor production services, it's strongly recommended that you create and use a different certificate.\n\n\nThere are a few other variables with default values that can be overridden in the Auth0 module.\nYou can find them at the top of the [terraform/layer0.tf](terraform/layer0.tf) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquintilesims%2Fauth0-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquintilesims%2Fauth0-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquintilesims%2Fauth0-proxy/lists"}