OAuth

Grey Matter’s sidecar proxy supports full OAuth 2.0 negotiation.

Filter Configuration Options

Name

Type

Default

Description

provider

String

""

The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.

client_id

String

""

The public identifier registered with the OAuth authorization server.

client_secret

String

""

The secret known only to the application and the authorization server.

server_name

String

""

The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.

server_insecure

Boolean

false

Setting this to true specifies that you're application is not protected by TLS; the redirect URL will then use http as the scheme instead of https. NOTE: this should only be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent un-encrypted over plain HTTP.

session_secret

String

""

The secret known only to the application. This will be used to cryptographically sign the user's session cookie.

domain

String

""

A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.

Example

http_filters:
- name: gm.oauth
config:
provider: https://accounts.google.com
client_id: 234q2348uads8f9sdafds.apps.googleusercontent.com
client_secret: secret
server_name: oauth.yoursite.com
server_insecure: false
session_secret: secret2
domain: gmail.com