Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rgl/use-oauth2-proxy
oauth2-proxy as an GitHub authenticating reverse proxy example
https://github.com/rgl/use-oauth2-proxy
oauth2 oidc openid-connect
Last synced: about 1 month ago
JSON representation
oauth2-proxy as an GitHub authenticating reverse proxy example
- Host: GitHub
- URL: https://github.com/rgl/use-oauth2-proxy
- Owner: rgl
- Created: 2022-11-02T07:31:15.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2022-11-02T18:42:31.000Z (about 2 years ago)
- Last Synced: 2024-10-26T13:07:00.759Z (3 months ago)
- Topics: oauth2, oidc, openid-connect
- Language: Go
- Homepage:
- Size: 3.91 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# About
[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) as an GitHub authenticating reverse proxy example.
# Usage
Add `127.0.0.1 example.test` to your `hosts` file.
Register a [new GitHub OAuth Application](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#github-auth-provider) with:
| Setting | Value |
|------------------------------|--------------------------------------------|
| `Homepage URL` | `http://example.test:4180` |
| `Authorization callback URL` | `http://example.test:4180/oauth2/callback` |
Generate a new client secret, and export the created application OAuth credentials as environemnt variables:
```bash
export OAUTH2_PROXY_PROVIDER='github'
export OAUTH2_PROXY_SCOPE='user:email'
#export OAUTH2_PROXY_GITHUB_USER='rgl'
export OAUTH2_PROXY_CLIENT_ID='YOUR_OAUTH2_PROXY_GITHUB_APP_CLIENT_ID'
export OAUTH2_PROXY_CLIENT_SECRET='YOUR_OAUTH2_PROXY_GITHUB_APP_CLIENT_SECRET'
```
Download `oauth2-proxy`:
```bash
wget https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.4.0/oauth2-proxy-v7.4.0.windows-amd64.tar.gz
tar xf oauth2-proxy-v7.4.0.windows-amd64.tar.gz --strip-components 1
```
Start the `oauth2-proxy` service:
```bash
export OAUTH2_PROXY_COOKIE_SECRET="$(openssl rand -hex 16)"
./oauth2-proxy \
--email-domain=* \
--http-address=:4180 \
--redirect-url=http://example.test:4180/oauth2/callback \
--cookie-secure=false \
--cookie-samesite=strict \
--upstream=http://localhost:4181/example \
--upstream="file:///$(cygpath --windows "$PWD" | tr \\\\ /)/#/"
```
In another shell, build and start the example service:
```bash
cd example
go build
./example -listen 127.0.0.1:4181
```
Access the root endpoint:
1. http://example.test:4180
Access some of the [endpoints](https://oauth2-proxy.github.io/oauth2-proxy/docs/features/endpoints):
1. http://example.test:4180/oauth2/userinfo
1. http://example.test:4180/oauth2/sign_out
# Alternatives
* [caddy-security](https://github.com/greenpau/caddy-security)
* [ory](https://github.com/ory)