Skip to content
/ oauth2-pkce-proxy Public

Proxy that adds OAuth2 PKCE support to providers that do not support it. Written in Go.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bwilczynski/oauth2-pkce-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.github/workflows
.github/workflows
 
 
handlers
handlers
 
 
models
models
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

OAuth2 PKCE Proxy

Build Status Go Report

Written in Go this small app will proxy PKCE requests to OAuth2 providers that currently do not support it. It was written mostly to simplify the usage of Strava CLI and Sonos CLI that currently require users to create their own client applications in order to use it.

Installation

Currently there is no installer provided. You need to build it from source:

go build .

Docker and Homebrew are coming soon!

Usage

Use authorization-endpoint and token-endpoint flags passed to oauth2-pkce-proxy to configure OAuth provider (by default it points to Strava OAuth2). Pass your application's client-id and client-secret that will be used for further authentication calls.

You can also use environment variables, all CLI flags have equivalents starting with PKCE_PROXY and using snake case, for example:

export PKCE_PROXY_AUTHORIZATION_ENDPOINT=https://www.strava.com/oauth/authorize

Run the server (by default it will listen on 8080):

oauth2-pkce-proxy \
      --client-id "OAuth Client ID" \
      --client-secret "OAuth Client Secret" \
      --console

Call it using excellent step utility:

step oauth \
    --authorization-endpoint http://localhost:8080/authorize \
    --token-endpoint http://localhost:8080/token \
    --client-id "OAuth Client ID" \
    --scope activity:read_all

Your default web browser has been opened to visit:

http://localhost:8080/authorize?client_id=31056&code_challenge=q8NDohZJemwxjQNVd1zQySckYjLQQm8lADn4obl_K-s&code_challenge_method=S256&nonce=208e331e3fbaa84d1579d4e16c7e0de17ce9b900e84d0218b6b2b27b18bb3706&redirect_uri=http%3A%2F%2F127.0.0.1%3A51195&response_type=code&scope=activity%3Aread_all&state=oAVV5t1wMmLhHJ1sUFszRAZDNK3AYtxJ
{
  "access_token": "5181012ebe596a4b6ff9cc7f5e82fee4a8e685df",
  "id_token": "",
  "refresh_token": "707e29ebe8ee2f2115c3d24c3f5de00c7a35bd47",
  "expires_in": 21600,
  "token_type": "Bearer"
}

For usage and help content, pass in the --help parameter, for example:

./oauth2-pkce-proxy --help

Features

  • Graceful shutdown
  • Prometheus metrics
  • Structured logging with zerolog
  • 12-factor app with viper

Endpoints

Endpoint Description
GET /authorize Used by the client to send the code challenge as part of the OAuth 2.0 Authorization Request
GET /code Callback endpoint used by the server to return the code
POST /token Used by the client to send Authorization Code and the Code Verifier to the Token Endpoint and exchange it for access token
GET /metrics Get Prometheus metrics

About

Proxy that adds OAuth2 PKCE support to providers that do not support it. Written in Go.

Topics

oauth2-proxy pkce oauth2-authorization-code-flow pkce-flow

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages