Skip to content

unhookd/we-have-oidc-at-home

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
LICENSE
LICENSE
 
 
README
README
 
 
config.ru
config.ru
 
 
simple.ru
simple.ru
 
 

Repository files navigation

# If a ruby oidc-provider were leftovers in your freezer

This is not safe at any speed

## oauth2-proxy k8s container/service

```
apiVersion: v1
kind: StatefulSet
metadata:
  name: ...
spec:
  template:
    spec:
      terminationGracePeriodSeconds: 5
      securityContext:
        runAsUser: 1000
        runAsGroup: 0
        fsGroup: 1
      containers:
      - name: "oauth2-proxy"
        env:
        - name: OAUTH2_PROXY_PROVIDER
          value: "oidc"
        - name: OAUTH2_PROXY_CLIENT_ID
          value: "minimal-client"
        - name: OAUTH2_PROXY_CLIENT_SECRET
          value: "..."
        - name: OAUTH2_PROXY_REDIRECT_URL
          value: "https://oauth2-proxy.localhost:4180/oauth2/callback"
        - name: OAUTH2_PROXY_OIDC_ISSUER_URL # OAUTH2_PROXY_OIDC_ISSUER_URL
          value: "http://oidc-at-home.localhost:9292"
        - name: OAUTH2_PROXY_SKIP_OIDC_DISCOVERY
          value: "true"
        - name: OAUTH2_PROXY_LOGIN_URL
          value: "https://oidc-at-home.localhost:9292/authorize"
        - name: OAUTH2_PROXY_REDEEM_URL
          value: "http://172.17.0.1:9292/token"
        - name: OAUTH2_PROXY_OIDC_JWKS_URL
          value: "http://172.17.0.1:9292/jwks.json"
        - name: OAUTH2_PROXY_PROFILE_URL
          value: "http://172.17.0.1:9292/userinfo"
        - name: OAUTH2_PROXY_VALIDATE_URL
          value: "https://oidc-at-home.localhost:9292/validate"
        - name: OAUTH2_PROXY_COOKIE_SECRET
          value: "..."
        - name: OAUTH2_PROXY_EMAIL_DOMAINS
          value: "*"
        - name: OAUTH2_PROXY_UPSTREAMS
          value: "http://172.17.0.1:5601"
        - name: OAUTH2_PROXY_HTTP_ADDRESS
          value: "0.0.0.0:4180" # This matches this container
        - name: OAUTH2_PROXY_SKIP_PROVIDER_BUTTON
          value: "true"
        image: quay.io/oauth2-proxy/oauth2-proxy:latest
        args: ["--standard-logging=true", "--auth-logging=true", "--request-logging=true", "--set-xauthrequest=true"]
        imagePullPolicy: "IfNotPresent"
        ports:
        - name: oauth2-proxy
          containerPort: 4180
          protocol: TCP


kind: Service
metadata:
  name: ...
spec:
  ports:
  - name: oauth2-proxy
    port: 4180
    protocol: TCP
    targetPort: oauth2-proxy
  selector:
    app: ...
  type: LoadBalancer

```

About

The simple ruby based OIDC provider leftover in your freezer

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages