This project is part of FIWARE OPS infrastructure. It provides possibility to NGINX to authenticate users via Keyrock IDM with OAuth2 protocol. It works as a service in pair with NGINX http_auth_request_module and allow to check if user has an access to defined service or not. Service use cookies.
This is an alfa revision
$ docker run -it --rm \
-p 0.0.0.0:8080:8080 \
fiware/service.oauth2provider \
--keyrock ${KEYROCK}
--client_id ${CLIENT_ID}
--client_secret ${CLIENT_SECRET}
--redirect_uri ${REDIRECT_URI}
--upstream ${UPSTREAM}
--cookie_key ${BIG_RANDOM_NUMBER}
--cookie_lifetime ${TIME_IN_HOURS}
--salt ${SALT}$ curl http://localhost:8080/oauth2/ping- You must provide a valid values for all parameters except 'ip' and 'port'.
- Cookie_key uses to encrypt cookie
- /oauth2/auth - check validity of cookie prepared by other endpoints, reply 200, 401
- /oauth2/sign_in - redirect to Keyrock, reply 303
- /oauth2/callback - entrypoint for Keyrock, validate a token, preparing cookies, reply 303, 403
- /oauth2/ping - reply pong
- /oauth2/version - reply with version
Test configuration prepared, see default.conf. You can use docker-compose file to test it.