An OpenID Connect Relying Party designed to support authentication and authorization in a reverse proxy.
Users are authenticated using the configured OpenID Provider and authorized using the provided configuration. Session information is stored as a signed JWT in a cookie.
-
Performs authentication and authorization. The user's email address is returned in the
X-Subjectresponse header.Query parameters:
Name Required Description groupNo The group name to use for authorization. redirectNo The URL to redirect to after a successful login. Status codes:
Status Description 200 The user is authenticated and authorized. 302 The user is not authenticated and a redirect URL was provided. Redirects to the OpenID Provider Authorization Endpoint. 401 The user is not authenticated and a redirect URL was not provided. 403 The user is authenticated but not authorized. -
Starts the OpenID Connect Authorization Code Flow.
Query parameters:
Name Required Description redirectNo The URL to redirect to after a successful login. Status codes:
Status Description 302 Redirects to the OpenID Provider Authorization Endpoint. -
Performs logout.
Status codes:
Status Description 200 The user was successfully logged out. -
Completes the OpenID Connect Authorization Code Flow. The OpenID Provider should be configured with this endpoint as the callback URL.
Status codes:
Status Description 200 The user was successfully logged in and a redirect URL was not provided. 302 The user was successfully logged in and a redirect URL was provided. Redirects to the provided redirect URL.
Configuration is provided using command-line flags and a YAML configuration file.
Detailed usage information is available using the -help flag.
-
groupsGroup memberships to use for authorization.
groups:
group1:
- [email protected]
group2:
- [email protected]
- [email protected]