Categorygithub.com/J4NS-R/traefik-oauth-upstream
modulepackage
1.0.3
Repository: https://github.com/j4ns-r/traefik-oauth-upstream.git
Documentation: pkg.go.dev

# README

Upstream OAuth - Traefik Middleare

This middleware adds OAuth headers to your requests so that for the upstream (service) the request is
OAuth-authenticated. Using other middleware layers you can configure any kind of downstream (client) authentication (E.g., Basic Auth) or leave it open to the internet! (not recommended)

After the client has signed in, tokens are kept cached and are automatically refreshed.

Typical flow

sequenceDiagram
  participant B as Downstream client
  participant O as OAuth Provider
  participant P as Traefik OAuth Plugin
  participant U as Upstream server

  alt First ever request
    B->>P: Plain request
    P->>B: 302
    B->>O: Auth request
    O->>B: Success redirect
    B->>+P: OAuth callback
    Note right of P: Token & refresh token stored
    P->>-B: Redirect back to original request
  end

  alt Token still valid
    B->>+P: Plain request
    Note right of P: Bearer token added
    P->>-U: Authorised request
    U->>P: Response
    P->>B: Response
  end

  alt Token expired
    B->>P: Plain request
    P->>O: Refresh token
    O->>+P: Refreshed tokens
    Note right of P: Tokens updated and bearer added
    P->>-U: Authorised request
    U->>P: Response
    P->>B: Response
  end
  

Config

You can set up different upstream OAuths by configuring different middlewares, or you can configure one middleware and reuse it with multiple routers/services.

Config example

Development

This repo is GitPod friendly.

# Functions

CalcRefreshTimestamp - calculate at what point the token should be refreshed.
CreateConfig - creates the default plugin configuration.
LoadTokenData - load token info from a file.
New created a new Demo plugin.
Persist a token to a file.
TokenDataExists - figures out whether token data exists on disk.

# Constants

nolint:revive,stylecheck.
nolint:revive,stylecheck,gosec // Filename is hardcoded, but not the contents.

# Structs

Config - the plugin configuration.
OauthUpstream - information about upstream OAuth.