| description |
|---|
Protects a route using a provider and the Oauth2 protocol |
This plugin protects a given route by authenticating against a provider and a JWT token sent as an HTTP-only cookie for you particular domain.
githubworkos
Plugin options are always passed via the config key.
provider | One of the providers listed above |
client_id | Client ID of your app in the provider of your choosing |
client_secret | Client Secret of your app in the provider of your choosing |
jwt_secret | The secret for the JWT token used in the generate HTTP-only cookie. Needs to be at least 64 chars. |
validations | An list (array) of validations for your provider |
The OAuth2 plugins allows you to define whether a given user can access the domain requested.
To only allow access from specific emails:
# ... the rest of the plugin config from above
validations = [
{ key = "email", values = ["email@gmail.com", "valid@yahoo.com"]
]To only allow access from specific usernames (depends on provider)
validations = [
{ key = "username", values = ["user2021", "proksi"]
]You can combine all validations together
validations = [
{ key = "username", values = ["user2021", "proksi"],
{ key = "email", values = ["email@gmail.com", "valid@yahoo.com"]
]A complete plugin definition looks like the following:
{% code title="proksi.hcl" lineNumbers="true" %}
lets_encrypt {
enabled = true
email = "test@email.com"
}
routes = [{
host = "website.com"
upstreams = [{ ip = "localhost", port = 3000 }]
plugins = [
{ name = "request_id" },
{
name = "oauth2",
config = {
provider = "github"
client_id = "lv1.98asd7h12h3"
client_secret = "lvl2.91823hl1238d"
# Generated using `openssl rand -hex 64`
jwt_secret = "d1a86503f928b387dcde695176e02c9c6fb0a96f91f4436d2f724b312c4a1e7fc16d5f86bd37f4fe6267e628dca8a55f621f8e4f2f41725ff00cdfbb971b0384"
validations = [
{ key = "email", values = ["me@proksi.info"] }
]
}
}
]
}]{% endcode %}