Image Overview: oauth2-proxy
OAuth2 Proxy is a reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Download this Image
The image is available on cgr.dev:
docker pull cgr.dev/chainguard/oauth2-proxy:latest
Use It!
This section provides a brief overview of how you can use Chainguard’s oauth2-proxy Image to set up a proxy that can intercept a call to a specified endpoint. A complete end-to-end test would require a GitHub account (or an account with another OIDC Auth provider), a trusted domain, and an OAuth application; this example will be useful to test that the image works but it will not be able to verify authentication or properly redirect users.
Run the following command.
docker run --detach --name oidc-test -p 8080:8080 cgr.dev/chainguard/oauth2-proxy:latest \
--cookie-secure=false \
--cookie-secret=RYC2VBUYWQ6aenOkoN6jELQsrjtmwb23a7NdtrLI0ao= \
--upstream=file:///dev/null \
--http-address=0.0.0.0:8080 \
--redirect-url=http://localhost:8080/oauth2/callback \
--client-id=sample-id \
--client-secret=sample-secret \
--email-domain="*" \
--provider=github \
--scope=user:email
This docker command runs the oauth2-proxy Image while passing a number of configuration options to it. Most of these are sample values intended to get a working example proxy up and running. One particularly important option you should be aware of is the --redirect-url, which points to the OAuth application’s callback URL. In order to set up an example locally, this example uses http://localhost:8080 here.
Note that you can alternatively define these options in a configuration file or through environment variables. You can check out the OAuth2 Proxy Overview for more details on these options.
After running this command, navigate to http://localhost:8080 in your web browser. There, you’ll be presented with the OAuth2 Proxy sign-in screen.
Please refer to the official documentation for more information on how to work with OAuth2 Proxy.
Last updated: 2024-04-11 12:38