Light Dark Auto

OAuth

The Grey Matter Proxy supports full OAuth 2.0 negotiation.

Filter Configuration Options

NameTypeDefaultDescription
provider

string

""

The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.

client_id

string

""

The public identifier registered with the OAuth authorization server.

client_secret

string

""

The secret known only to the application and the authorization server.

server_name

string

""

The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.

server_insecure

boolean

false

Setting this to true specifies that you're application is not protected by TLS; the redirect URL will then use http as the scheme instead of https. NOTE: this should only be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent unencrypted over plain HTTP.

session_secret

string

""

The secret known only to the application. This will be used to cryptographically sign the user's session cookie.

domain

string

""

A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.

Example

http_filters:
- name: gm.oauth
  config: 
    provider: https://accounts.google.com
    client_id: 234q2348uads8f9sdafds.apps.googleusercontent.com
    client_secret: secret
    server_name: oauth.yoursite.com
    server_insecure:  false
    session_secret: secret2
    domain: gmail.com