The greymatter.io Proxy supports full OAuth 2.0 negotiation.
Filter Configuration Options
provider(String, default: "")- The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.client_id(String, default: "")- The public identifier registered with the OAuth authorization server.client_secret(String, default: "")- The secret known only to the application and the authorization server.server_name(String, default: "")- The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.server_insecure(Boolean, default: false)- Setting this totruespecifies that you're application is not protected by TLS; the redirect URL will then usehttpas the scheme instead ofhttps. NOTE: this should only be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent unencrypted over plain HTTP.session_secret(String, default: "")- The secret known only to the application. This will be used to cryptographically sign the user's session cookie.domain(String, default: "")- A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.
Example
http_filters:
- name: gm.oauth
config:
provider: https://accounts.google.com
client_id: 234q2348uads8f9sdafds.apps.googleusercontent.com
client_secret: secret
server_name: oauth.yoursite.com
server_insecure: false
session_secret: secret2
domain: gmail.com