README
¶
JWT authentication proxy
UNDER CONSTRUCTION, NOT READY TO BE USED YET
Use cases:
- As a standalone application (reverse proxy) for authenticating requests to your application
- As a Go middleware for authenticating requests to your server
Features:
- Validating JWT access tokens
- Refreshing JWT access tokens with refresh tokens
Works the same way as bitly/oauth2_proxy but with a few additions:
- Refreshes access tokens.
- Haves an option of not redirecting every request to OIDC/OAuth2 provider's login page. E.g. redirecting API calls with expired authentication from frontend login page doesn't work. Requests not redirected to the login page will receive a response with 401 or 403 as status code and a JSON with
redirectUrlfield so the frontend can redirect the browser itself. - Redirects back to original url once authentication is renewed
See flow diagram for details.
Documentation
¶
Index ¶
Constants ¶
View Source
const ( // ScopeOpenID will return basic information ScopeOpenID = "openid" // ScopeOfflineAccess will return refresh token ScopeOfflineAccess = "offline_access" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Next http.Handler
Next http.Handler
// CallbackPath to handle authorization callback
CallbackPath string
// AuthClient for handling authentication flow
AuthClient *oauth2.Config
// AdditionalAuthURLParameters for providers who require additional authorization parameters,
// like Auth0 requires to set and "audience" parameter in order to receive a JWT access token
AdditionalAuthURLParameters []oauth2.AuthCodeOption
// SessionStore for persisting session state
SessionStore sessions.Store
// SkipAuthenticationRegex for skipping authentication on these paths
SkipAuthenticationRegex []string
// SkipRedirectToLoginRegex for skipping redirecting user to auth provider's login page.
// If a path matches one of these, a response with status code 401 with
// JSON with redirectUrl field will be returned. Use this to prevent the middleware redirecting
// API requests to the login page.
SkipRedirectToLoginRegex []string
// Logger, optional
Logger *log.Logger
// contains filtered or unexported fields
}
Config for Middleware
type Middleware ¶
type Middleware struct {
*Config
}
Middleware for authentication requests
func NewMiddleware ¶
func NewMiddleware(config *Config) (*Middleware, error)
NewMiddleware creates a new authentication middleware
func (*Middleware) ServeHTTP ¶
func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP will authenticate the request and forward it to the next http.Handler
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
authproxy
command
|
|
|
echoserver
command
|
|
|
internal
|
|
|
random
Package random provides functions for generating random length strings and byte slices.
|
Package random provides functions for generating random length strings and byte slices. |
|
server
Package server implements a HTTP server
|
Package server implements a HTTP server |
|
Package oidc provides functions for interacting with OpenID Connect providers
|
Package oidc provides functions for interacting with OpenID Connect providers |
|
Package upstream offers different upstream implementations used as http.Handler
|
Package upstream offers different upstream implementations used as http.Handler |
Click to show internal directories.
Click to hide internal directories.