https://github.com/sevensolutions/traefik-oidc-auth

🧩 A traefik Plugin for securing the upstream service with OpenID Connect acting as a relying party.
https://github.com/sevensolutions/traefik-oidc-auth

oidc oidc-auth oidc-authentication traefik-plugin

Last synced: 8 days ago
JSON representation

🧩 A traefik Plugin for securing the upstream service with OpenID Connect acting as a relying party.

Host: GitHub
URL: https://github.com/sevensolutions/traefik-oidc-auth
Owner: sevensolutions
License: mit
Created: 2024-05-11T15:28:54.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2025-12-13T15:31:34.000Z (2 months ago)
Last Synced: 2025-12-15T08:07:04.301Z (2 months ago)
Topics: oidc, oidc-auth, oidc-authentication, traefik-plugin
Language: Go
Homepage: https://traefik-oidc-auth.sevensolutions.cc/
Size: 1.07 MB
Stars: 250
Watchers: 5
Forks: 28
Open Issues: 15
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

README

          # Traefik OpenID Connect Middleware

![E2E Tests](https://img.shields.io/github/actions/workflow/status/sevensolutions/traefik-oidc-auth/.github%2Fworkflows%2Fe2e-tests.yml?logo=github&label=E2E%20Tests&color=green)

[![Go Report Card](https://goreportcard.com/badge/github.com/sevensolutions/traefik-oidc-auth)](https://goreportcard.com/report/github.com/sevensolutions/traefik-oidc-auth)

[![Release](https://img.shields.io/github/v/release/sevensolutions/traefik-oidc-auth?label=Release)](https://github.com/sevensolutions/traefik-oidc-auth/releases/latest)

[![License](https://img.shields.io/badge/License-MIT-green.svg)](https://github.com/sevensolutions/traefik-oidc-auth/blob/main/LICENSE)



  

    

  



A traefik Plugin for securing the upstream service with OpenID Connect acting as a relying party.

> [!NOTE]

> This document always represents the latest version, which may not have been released yet.

> Therefore, some features may not be available currently but will be available soon.

> You can use the GIT-Tags to check individual versions.

> [!WARNING]

> This middleware is under active development and breaking changes may occur.

> It is only tested against traefik v3+.

## Tested Providers

| Provider | Status | Notes |

|---|---|---|

| [ZITADEL](https://zitadel.com/) | ✅ | |

| [Kanidm](https://github.com/kanidm/kanidm) | ✅ | See [GH-12](https://github.com/sevensolutions/traefik-oidc-auth/issues/12) |

| [Keycloak](https://github.com/keycloak/keycloak) | ✅ | |

| [Microsoft EntraID](https://learn.microsoft.com/de-de/entra/identity/) | ✅ | |

| [HashiCorp Vault](https://www.vaultproject.io/) | ❌ | See [GH-13](https://github.com/sevensolutions/traefik-oidc-auth/issues/13) |

| [Authentik](https://goauthentik.io/) | ✅ | |

| [Pocket ID](https://github.com/stonith404/pocket-id) | ✅ | |

| [GitHub](https://github.com) | ❌ | GitHub doesn't seem to support OIDC, only plain OAuth. |

| [Logto](https://logto.io/) | ✅ | |

## 📚 Documentation

Please see the full documentation [HERE](https://traefik-oidc-auth.sevensolutions.cc/).

> [!NOTE]

> The documentation is being built from the *production* branch, representing the latest released version.

> If you want to check the documentation of the main branch to see whats comming in the next version, [see here](https://main.traefik-oidc-auth.pages.dev/).

## 🧪 Local Development and Testing

This project uses a [Taskfile](https://taskfile.dev/) for easy access to commonly used tasks. You need to install the Taskfile CLI by following the [official documentation](https://taskfile.dev/installation/). You also need Docker installed on your machine.

You can then run the following command to list all available tasks:

```

task --list

```

The easiest way to get started is to run the plugin with Keycloak because this repo comes with a pre-configured instance.

Just do:

1. Run `task run:keycloak` and wait a moment for everything to be settled

2. Open a web browser and navigate to `http://localhost:9080`

3. You will be redirected to Keycloak's login page. Log in with user `admin` and password `admin`.

If you want to start the plugin with your own identity provider, create the following `.env` file in `workspaces/external-idp`:

```

PROVIDER_URL=...

CLIENT_ID=...

CLIENT_SECRET=...

VALIDATE_AUDIENCE=true

```

And then do:

1. Run `task run:external`

2. Open a web browser and navigate to `http://localhost:9080`

3. You will be redirected to your own identity provider

If you want to play around with the plugin config, modify the file `workspaces/configs/http.yml`.

Changes will be reloaded automatically and you should see some debug output in the container logs.

## ☕ Support

I put a lot of ❤️ and effort into this project. PRs are very welcome and together we can make this a great free alternative to the enterprise OIDC plugin 😎.

Every contribution helps me to improve it, fix bugs and develop new features.  

Please also dont forget to ★ the repo.  

If you'd like to make a small donation, I'd be very grateful. Just click the button below.  

Thank You!

[![](https://img.shields.io/static/v1?label=Sponsor&color=blue&message=%E2%9D%A4&logo=GitHub)](https://github.com/sponsors/sevensolutions)

Are you looking for the right hosting provider?  

Click the link below and get 20€ starting credit when you sign up via this link 😎.

[![Hetzner](https://a11ybadges.com/badge?logo=hetzner)](https://hetzner.cloud/?ref=98cdlRHw6PL5)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/sevensolutions/traefik-oidc-auth

Awesome Lists containing this project

README