oauth2-proxy
diff --git a/‎go.mod‎
Lines changed: 7 additions & 4 deletions b/‎go.mod‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎go.sum‎
Lines changed: 19 additions & 0 deletions b/‎go.sum‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎internal/pages/keycloak_login_page.go‎
Lines changed: 21 additions & 0 deletions b/‎internal/pages/keycloak_login_page.go‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎internal/pages/provider_button_page.go‎
Lines changed: 1 addition & 1 deletion b/‎internal/pages/provider_button_page.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎internal/utils/playwright.go‎
Lines changed: 19 additions & 1 deletion b/‎internal/utils/playwright.go‎
Lines changed: 19 additions & 1 deletion
diff --git a/‎tests/keycloak/compose.yaml‎
Lines changed: 63 additions & 0 deletions b/‎tests/keycloak/compose.yaml‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎tests/keycloak/e2e_test.go‎
Lines changed: 59 additions & 0 deletions b/‎tests/keycloak/e2e_test.go‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎tests/keycloak/oauth2-proxy.cfg‎
Lines changed: 18 additions & 0 deletions b/‎tests/keycloak/oauth2-proxy.cfg‎
Lines changed: 18 additions & 0 deletions
@@ -1,6 +1,12 @@
 module github.com/oauth2-proxy/e2e
 
-go 1.23.7
+go 1.24
+
+require (
+	github.com/onsi/ginkgo/v2 v2.23.4
+	github.com/onsi/gomega v1.37.0
+	github.com/playwright-community/playwright-go v0.5101.0
+)
 
 require (
 	github.com/deckarep/golang-set/v2 v2.8.0 // indirect
@@ -10,9 +16,6 @@ require (
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/pprof v0.0.0-20250418163039-24c5476c6587 // indirect
-	github.com/onsi/ginkgo/v2 v2.23.4 // indirect
-	github.com/onsi/gomega v1.37.0 // indirect
-	github.com/playwright-community/playwright-go v0.5101.0 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	golang.org/x/net v0.39.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 
@@ -1,4 +1,6 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/deckarep/golang-set/v2 v2.8.0 h1:swm0rlPCmdWn9mESxKOjWk8hXSqoxOp+ZlfuyaAdFlQ=
 github.com/deckarep/golang-set/v2 v2.8.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=
@@ -14,15 +16,28 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/pprof v0.0.0-20250418163039-24c5476c6587 h1:b/8HpQhvKLSNzH5oTXN2WkNcMl6YB5K3FRbb+i+Ml34=
 github.com/google/pprof v0.0.0-20250418163039-24c5476c6587/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
+github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
 github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/playwright-community/playwright-go v0.5101.0 h1:gVCMZThDO76LJ/aCI27lpB8hEAWhZszeS0YB+oTxJp0=
 github.com/playwright-community/playwright-go v0.5101.0/go.mod h1:kBNWs/w2aJ2ZUp1wEOOFLXgOqvppFngM5OS+qyhl+ZM=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
+github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
 go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
@@ -71,7 +86,11 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
 golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -0,0 +1,21 @@
+package pages
+
+import (
+	. "github.com/onsi/gomega"
+	pw "github.com/playwright-community/playwright-go"
+)
+
+func KeycloakLogin(page pw.Page, username, password string) {
+	usernameInput := page.Locator("input#username")
+	passwordInput := page.Locator("input#password")
+
+	err := usernameInput.Fill(username)
+	Expect(err).NotTo(HaveOccurred(), "Couldn't enter username")
+
+	err = passwordInput.Fill(password)
+	Expect(err).NotTo(HaveOccurred(), "Couldn't enter password")
+
+	btn := page.Locator("button#kc-login", pw.PageLocatorOptions{HasText: "Sign In"})
+	err = btn.Click()
+	Expect(err).NotTo(HaveOccurred(), "Couldn't login")
+}
@@ -19,7 +19,7 @@ func (p *ProviderButtonPage) SignIn() {
 	_, err := p.page.Goto(p.baseUrl)
 	Expect(err).ToNot(HaveOccurred(), "Provider button page not loading")
 
-	btn := p.page.Locator("button", pw.PageLocatorOptions{HasText: "Sign in with Dex"})
+	btn := p.page.Locator("button", pw.PageLocatorOptions{HasText: "Sign in with " + p.providerName})
 
 	err = btn.Click()
 	Expect(err).NotTo(HaveOccurred(), "Provider button wasn't found")
 
@@ -1,6 +1,9 @@
 package utils
 
 import (
+	"os"
+	"strconv"
+
 	"github.com/playwright-community/playwright-go"
 )
 
@@ -16,7 +19,7 @@ func NewBrowserManager() (*BrowserManager, error) {
 	}
 
 	browser, err := pw.Chromium.Launch(playwright.BrowserTypeLaunchOptions{
-		Headless: playwright.Bool(false),
+		Headless: playwright.Bool(getHeadless()),
 	})
 	if err != nil {
 		return nil, err
@@ -35,6 +38,7 @@ func (bm *BrowserManager) NewTestContext() (playwright.BrowserContext, playwrigh
 	}
 
 	page, err := context.NewPage()
+	page.SetDefaultTimeout(10000)
 	return context, page, err
 }
 
@@ -44,3 +48,17 @@ func (bm *BrowserManager) Close() error {
 	}
 	return bm.pw.Stop()
 }
+
+func getHeadless() bool {
+	val := os.Getenv("BROWSER_HEADLESS")
+	if val == "" {
+		return true
+	}
+
+	// Parse as boolean (accepts "false", "true", "0", "1", "t", "yes", "y", etc.)
+	b, err := strconv.ParseBool(val)
+	if err != nil {
+		return true
+	}
+	return b
+}
@@ -0,0 +1,63 @@
+services:
+  oauth2-proxy:
+    pull_policy: never
+    image: quay.io/oauth2-proxy/oauth2-proxy:latest
+    command: --config /oauth2-proxy.cfg
+    hostname: oauth2-proxy
+    volumes:
+      - "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
+    restart: unless-stopped
+    ports:
+      - 4180:4180/tcp
+    networks:
+      keycloak: {}
+      upstream: {}
+    depends_on:
+      - keycloak
+      - upstream
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:26.2
+    command:
+      - "start-dev"
+      - "--http-port=9080"
+      - "--health-enabled=true"
+      - "--import-realm"
+    volumes:
+      - ./realm:/opt/keycloak/data/import
+    environment:
+      KC_HTTP_PORT: 9080
+      KEYCLOAK_ADMIN: [email protected]
+      KEYCLOAK_ADMIN_PASSWORD: password
+    ports:
+      - 9080:9080/tcp
+    networks:
+      keycloak:
+        aliases:
+          - keycloak.localtest.me
+
+  wait-for-keycloak:
+    image: alpine
+    command:
+      - "tail"
+      - "-f"
+      - "/dev/null"
+    healthcheck:
+      test:
+        ["CMD", "wget", "-q", "--spider", "http://keycloak:9000/health/ready"]
+      interval: 5s
+      timeout: 10s
+      retries: 20
+    depends_on:
+      - keycloak
+    networks:
+      keycloak:
+
+  upstream:
+    image: kennethreitz/httpbin:latest
+    networks:
+      upstream:
+
+networks:
+  keycloak: {}
+  upstream: {}
@@ -0,0 +1,59 @@
+package keycloak
+
+import (
+	"testing"
+
+	"github.com/oauth2-proxy/e2e/internal/pages"
+	"github.com/oauth2-proxy/e2e/internal/utils"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	pw "github.com/playwright-community/playwright-go"
+)
+
+var (
+	bm *utils.BrowserManager
+)
+
+func TestKeycloakSuite(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Keycloak Test Suite")
+}
+
+var _ = BeforeSuite(func() {
+	var err error
+	bm, err = utils.NewBrowserManager()
+	Expect(err).NotTo(HaveOccurred())
+})
+
+var _ = AfterSuite(func() {
+	Expect(bm.Close()).To(Succeed())
+})
+
+var _ = Describe("Login Flow", func() {
+	var (
+		context pw.BrowserContext
+		page    pw.Page
+	)
+
+	BeforeEach(func() {
+		var err error
+		context, page, err = bm.NewTestContext()
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	AfterEach(func() {
+		Expect(context.Close()).To(Succeed())
+	})
+
+	It("should authenticate", func() {
+		baseUrl := "http://oauth2-proxy.localtest.me:4180"
+
+		pages.NewProviderButtonPage(page, baseUrl, "Keycloak").SignIn()
+		pages.KeycloakLogin(page, "[email protected]", "password")
+
+		httpbin := pages.NewHttpbinPage(page, baseUrl)
+		headers := httpbin.GetHeaders()
+
+		Expect(headers["X-Forwarded-Email"]).To(Equal("[email protected]"))
+	})
+})
@@ -0,0 +1,18 @@
+http_address="0.0.0.0:4180"
+cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
+email_domains="example.com"
+cookie_secure="false"
+upstreams="http://upstream"
+cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
+whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
+
+# keycloak provider
+client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
+client_id="oauth2-proxy"
+redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
+
+# in this case oauth2-proxy is going to visit
+# http://keycloak.localtest.me:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration
+oidc_issuer_url="http://keycloak.localtest.me:9080/realms/oauth2-proxy"
+provider="oidc"
+provider_display_name="Keycloak"