Light Dark Auto

OAuth

The greymatter.io Proxy supports full OAuth 2.0 negotiation.

Filter Configuration Options

  • provider(String, default: "") - The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.
  • client_id(String, default: "") - The public identifier registered with the OAuth authorization server.
  • client_secret(String, default: "") - The secret known only to the application and the authorization server.
  • server_name(String, default: "") - The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.
  • server_insecure(Boolean, default: false) - Setting this to true specifies that you're application is not protected by TLS; the redirect URL will then use http as the scheme instead of https. NOTE: this should only be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent unencrypted over plain HTTP.
  • session_secret(String, default: "") - The secret known only to the application. This will be used to cryptographically sign the user's session cookie.
  • domain(String, default: "") - A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.

Example

http_filters:
- name: gm.oauth
  config: 
    provider: https://accounts.google.com
    client_id: 234q2348uads8f9sdafds.apps.googleusercontent.com
    client_secret: secret
    server_name: oauth.yoursite.com
    server_insecure:  false
    session_secret: secret2
    domain: gmail.com