Skip to content

Latest commit

 

History

History
46 lines (39 loc) · 1.94 KB

README.md

File metadata and controls

46 lines (39 loc) · 1.94 KB

FIWARE Banner

OAuth2 Provider for Keyrock and NGINX

Docker badge Build Status

Overview

This project is part of FIWARE OPS infrastructure. It provides possibility to NGINX to authenticate users via Keyrock IDM with OAuth2 protocol. It works as a service in pair with NGINX http_auth_request_module and allow to check if user has an access to defined service or not. Service use cookies.

WARNING

This is an alfa revision

How to run

$ docker run -it --rm \
             -p 0.0.0.0:8080:8080 \
             fiware/service.oauth2provider \
             --keyrock ${KEYROCK}
             --client_id ${CLIENT_ID}
             --client_secret ${CLIENT_SECRET}
             --redirect_uri ${REDIRECT_URI}
             --upstream ${UPSTREAM}
             --cookie_key ${BIG_RANDOM_NUMBER}
             --cookie_lifetime ${TIME_IN_HOURS}
             --salt ${SALT}
$ curl http://localhost:8080/oauth2/ping

How to configure

  • You must provide a valid values for all parameters except 'ip' and 'port'.
  • Cookie_key uses to encrypt cookie

List of endpoints

  • /oauth2/auth - check validity of cookie prepared by other endpoints, reply 200, 401
  • /oauth2/sign_in - redirect to Keyrock, reply 303
  • /oauth2/callback - entrypoint for Keyrock, validate a token, preparing cookies, reply 303, 403
  • /oauth2/ping - reply pong
  • /oauth2/version - reply with version

Sampe NGINX config

Test configuration prepared, see default.conf. You can use docker-compose file to test it.