An open API service indexing awesome lists of open source software.

https://github.com/giantswarm/oauth2-proxy-app

Giant Swarm app for oauth2-proxy, a reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers
https://github.com/giantswarm/oauth2-proxy-app

app auth0 chart oauth2 sso

Last synced: 4 months ago
JSON representation

Giant Swarm app for oauth2-proxy, a reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers

Awesome Lists containing this project

README

          

# oauth2-proxy-app

Reverse OAuth2 proxy that handles authentication for GS web frontends.

It is build upon the [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy), with the configuration:

```bash
--cookie-expire=24h0m0s
--cookie-refresh=0h60m0s
--provider=oidc
# Use Auth0 as identity provider
--oidc-issuer-url=https://giantswarm.eu.auth0.com/
--login-url=https://giantswarm.eu.auth0.com/authorize
--redeem-url=https://giantswarm.eu.auth0.com/oauth/token
--validate-url=https://giantswarm.eu.auth0.com/userinfo
```

More options can be found in the [command line options documentation](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#command-line-options).

> **Note:** This chart will not deploy any resources unless at least one provider is defined in `oauth2Proxy.providers` in your values file. By default, the providers list is empty and no resources will be created until you add a provider configuration.

## Add authentication/authorization to a web frontend

1. Add following annotations to the existing ingress:

```yaml
annotations:
nginx.ingress.kubernetes.io/auth-signin: https://HOST/oauth2/start
nginx.ingress.kubernetes.io/auth-url: https://HOST/oauth2/auth
```

2. Create a new oauth2 ingress together with the existing ingress

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ Your.Service.Name }}-oauth2-proxy
namespace: kube-system
spec:
rules:
- host: {{ Your.Service.URL }}
http:
paths:
- backend:
service:
name: oauth2-proxy
port:
number: 4180
path: /oauth2
pathType: Prefix
```

If TLS is enabled, add the same certificate from the existing ingress, to the oauth2 ingress.

3. Add to Service URL to the list of allowed Callback URLs in [Auth0](https://manage.auth0.com/#/):

Navigate to the Application `OAuth2-Proxy` and enter the service URL in the
list of allowed Callback URLs with the following scheme:

```nohighlight
https://{{ Your.Service.URL }}/oauth2/callback
```

This has to be done for every installation separately.