go-auth-proxy

command module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2023 License: MIT Imports: 15 Imported by: 0

README

go-auth-proxy

SonarCloud

Quality Gate Status Bugs Code Smells Vulnerabilities

Objective

Secure your web-api with AzureAd authentication. Created as Proof of Concept to compare against a NodeJs version. It validates the JWT token is:

  1. Valid untampered AzureAD token.
  2. Valid in its lifetime (exp and nbf claims)
  3. Issued by your AzureAD tenant (iss claim)
  4. Issued to your expected audience (aud claim)

CORS

By default the proxy allows all origins and the most common HTTP verbs. You can control the CORS configuration by editting cors.json. This file is in format cors.Config

Running in docker

docker run -ti --rm -p80:80 adrichem/go-auth-proxy:latest `
    --upstream https://my-web-api.com `
    --header-value my-secret-api-key `
    --header-name Apikey `
    --aud expected-value-for-aud-claim `
    --iss expected-value-for-iss-claim

If you need to overrule the default cors configuration, you can volume map your own cors.json onto /cors.json of the container.

Very rough performance measurement

It achieves 12.000 token validations per second while consuming <50% CPU and <30 MB of RAM. Docker image size is <15 MB.

  1. Intel Core i7 3Ghz.
  2. 200 concurrent connections.
  3. Load generator running on same machine and competing for CPU time. Together they max out the CPU.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
CorsConfig
claimsSelector
jwtAuthenticationMiddleware
proxy
test/ginTestContext
tokenextractor
verifyaudience
verifyissuer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.