https://github.com/giantswarm/oauth2-proxy-app
Giant Swarm app for oauth2-proxy, a reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers
https://github.com/giantswarm/oauth2-proxy-app
app auth0 chart oauth2 sso
Last synced: 4 months ago
JSON representation
Giant Swarm app for oauth2-proxy, a reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers
- Host: GitHub
- URL: https://github.com/giantswarm/oauth2-proxy-app
- Owner: giantswarm
- License: apache-2.0
- Created: 2018-06-13T08:32:15.000Z (about 8 years ago)
- Default Branch: main
- Last Pushed: 2026-02-20T11:42:35.000Z (4 months ago)
- Last Synced: 2026-02-20T15:52:40.830Z (4 months ago)
- Topics: app, auth0, chart, oauth2, sso
- Language: Makefile
- Homepage:
- Size: 268 KB
- Stars: 3
- Watchers: 7
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: CODEOWNERS
- Security: SECURITY.md
- Dco: DCO
Awesome Lists containing this project
README
# oauth2-proxy-app
Reverse OAuth2 proxy that handles authentication for GS web frontends.
It is build upon the [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy), with the configuration:
```bash
--cookie-expire=24h0m0s
--cookie-refresh=0h60m0s
--provider=oidc
# Use Auth0 as identity provider
--oidc-issuer-url=https://giantswarm.eu.auth0.com/
--login-url=https://giantswarm.eu.auth0.com/authorize
--redeem-url=https://giantswarm.eu.auth0.com/oauth/token
--validate-url=https://giantswarm.eu.auth0.com/userinfo
```
More options can be found in the [command line options documentation](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#command-line-options).
> **Note:** This chart will not deploy any resources unless at least one provider is defined in `oauth2Proxy.providers` in your values file. By default, the providers list is empty and no resources will be created until you add a provider configuration.
## Add authentication/authorization to a web frontend
1. Add following annotations to the existing ingress:
```yaml
annotations:
nginx.ingress.kubernetes.io/auth-signin: https://HOST/oauth2/start
nginx.ingress.kubernetes.io/auth-url: https://HOST/oauth2/auth
```
2. Create a new oauth2 ingress together with the existing ingress
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ Your.Service.Name }}-oauth2-proxy
namespace: kube-system
spec:
rules:
- host: {{ Your.Service.URL }}
http:
paths:
- backend:
service:
name: oauth2-proxy
port:
number: 4180
path: /oauth2
pathType: Prefix
```
If TLS is enabled, add the same certificate from the existing ingress, to the oauth2 ingress.
3. Add to Service URL to the list of allowed Callback URLs in [Auth0](https://manage.auth0.com/#/):
Navigate to the Application `OAuth2-Proxy` and enter the service URL in the
list of allowed Callback URLs with the following scheme:
```nohighlight
https://{{ Your.Service.URL }}/oauth2/callback
```
This has to be done for every installation separately.