oauth2_proxy | reverse proxy that provides authentication | Authentication library
kandi X-RAY | oauth2_proxy Summary
kandi X-RAY | oauth2_proxy Summary
A reverse proxy that provides authentication with Google, Github or other provider
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of oauth2_proxy
oauth2_proxy Key Features
oauth2_proxy Examples and Code Snippets
Community Discussions
Trending Discussions on oauth2_proxy
QUESTION
I am trying to implement oauth2 proxy with Azure Active Directory. It seems the oauth2 proxy is able to communicate with Azure AD App, and even it authenticates most of the users from organization, but for few Users we are not able to authenticate users.
Oauth2_proxy logs say the following: (internally after authentication the requests goes on this endpoint to get the user's details: https://graph.windows.net/me?api-version=1.6, but for few users the response looks like this:
{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"{reqID}","date":"2020-08-18T15:18:33"}}
Errors:
- Permission Denied: "" is unauthorized
- ErrorPage 403 Permission Denied Invalid Account
Any inputs would be helpful!
PS. Tried to select all the permissions in azure active directory app, but didn't work.
...ANSWER
Answered 2020-Aug-19 at 10:25You need to log in to the Azure portal as an administrator, then find App registrations> select your application> API permissions, and grant administrator consent to the Graph permissions you added.
By the way, starting on June 30, 2020, Microsoft will officially no longer add any new features to the Azure AD Graph API. It is recommended that you upgrade your application to use Microsoft Graph API instead of Azure AD Graph API to access Azure Active Directory resources.
QUESTION
I am running an app in a kubernetes service on Azure and have had it set up with an NGINX ingress controller and a public IP address with a FQDN. This was all working fine.
I then wanted to add security through using the oauth2-proxy for third party sign-in. I would like to keep my setup to one ingress-controller and one oauth2_proxy per namespace, with multiple apps running together. As Azure does not support the use of sub-domains for this I have been using paths to route to the correct app. I've seen examples, like this, on how to use one oauth2_proxy for multiple sub-domains but is it possible to get it working with multiple paths instead?
Setup
This is the current working setup with only one app, located on root /. I would like to switch to an app specific path and the ability to run multiple apps on different paths. eg. /my-app, /another-app etc.
oauth2-proxy-config.yaml
...ANSWER
Answered 2020-Apr-05 at 21:44Sure, it's doable with multiple ingress paths inside single Ingress resource definition, please check this working example:
QUESTION
I want to use Azure Active Directory as an external oauth2 provider to protect my services on the ingress level. In the past, I used basic ouath and everything worked like expected. But nginx provides the extern ouath methode which sounds much more confortable!
For that I created an SP:
...ANSWER
Answered 2020-Jan-16 at 15:48So you need another ingress for the oAuth deployment as well. here's how my setup looks like:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install oauth2_proxy
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
