Grey Matter Documentation

The Grey Matter Proxy supports full OAuth 2.0 negotiation.

Filter Configuration Options

Name	Type	Default	Description
`provider`	`string`	`""`	The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.
`client_id`	`string`	`""`	The public identifier registered with the OAuth authorization server.
`client_secret`	`string`	`""`	The secret known only to the application and the authorization server.
`server_name`	`string`	`""`	The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.
`server_insecure`	`boolean`	`false`	Setting this to `true` specifies that you're application is not protected by TLS; the redirect URL will then use `http` as the scheme instead of `https`. NOTE: this should only be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent unencrypted over plain HTTP.
`session_secret`	`string`	`""`	The secret known only to the application. This will be used to cryptographically sign the user's session cookie.
`domain`	`string`	`""`	A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.

Example

http_filters:
- name: gm.oauth
  config: 
    provider: https://accounts.google.com
    client_id: 234q2348uads8f9sdafds.apps.googleusercontent.com
    client_secret: secret
    server_name: oauth.yoursite.com
    server_insecure:  false
    session_secret: secret2
    domain: gmail.com