OAuth

Support for OAuth 2.0

GSLHTTPAvailable since: v1

Configuration

The base GSL type is #OAuthFilter

provider

string

The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.

client_id

string

The public identifier registered with the OAuth authorization server.

client_secret

string

The secret known only to the application and the authorization server.

server_name

string

The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.

server_insecure

boolean

Setting this to `true` specifies that you're application is _not_ protected by TLS; the redirect URL will then use `http` as the scheme instead of `https`. NOTE: this should _only_ be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent unencrypted over plain HTTP

session_secret

string

The secret known only to the application. This will be used to sign the user's session cookie.

domain

string

A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.

Example

Enable an OAuth provider as a part of a filter chain.

#gsl.OAuthFilter & {
  #options: {
    provider: "https://accounts.google.com"
    client_id: "234q2348uads8f9sdafds.apps.googleusercontent.com"
    client_secret: "very-secret-string"
    server_name: "oauth.yoursite.com"
    server_insecure:  false
    session_secret: "secret2"
    domain: "gmail.com"
  }
}