jwt-auth-proxy

module

v1.3.1 Latest Latest Go to latest Published: Feb 15, 2024 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/na4ma4/jwt-auth-proxy

Links

Open Source Insights

README ¶

jwt-auth-proxy

Authentication proxy that uses JWT tokens (and supports specified legacy authentication), written entirely in Go.

Usage

docker secret create token-ca.pem artifacts/certs/ca.pem

docker network create --driver overlay public

docker service create --name whoami \
    --network public \
    containous/whoami:latest

docker service create --name auth-proxy \
    --publish 8080:80/tcp \
    --network public \
    --env "AUDIENCE=tls-web-client-auth" \
    --env "BACKEND_URL=http://whoami/" \
    --env "REMOVE_AUTH_HEADER=true" \
    --env "PASS_HOST_HEADER=true" \
    --env 'LEGACY_USERS=bob:$2a$15$rp1JcY2nEghqsFLMolfEmuAZ92FfzANcrR0y0C6VAea7fVPnsQJC2 alice:$2a$15$xaX4rqP9lLOy/HKpCnz4y.mp2LYjzg8KYkmWwGp2/xYO2WCSHs.6i' \
    --secret "source=token-ca.pem,target=ca.pem" \
    gcr.io/na4ma4/jwt-auth-proxy:latest

Then browse to http://localhost:8080/ to test.

Working examples:

TEST_AUTH_TOKEN="$(docker run --rm -v "$(pwd)/artifacts:/artifacts" gcr.io/na4ma4/jwt-auth-proxy:latest mktoken anne)"

curl 'http://localhost:8080/'
curl -u 'bob:builder' 'http://localhost:8080/'
curl -u 'alice:also-a-builder' 'http://localhost:8080/'
curl -u "token:${TEST_AUTH_TOKEN}" 'http://localhost:8080/'
curl -u "${TEST_AUTH_TOKEN}:" 'http://localhost:8080/'

Logs

$ docker service logs auth-proxy
auth-proxy.1.9v21dc2z6vlk@docker-desktop    | 10.0.0.2 - - [22/Jul/2021:05:04:27 +0000] "GET / HTTP/1.1" 401 13 "" "curl/7.64.1"
auth-proxy.1.9v21dc2z6vlk@docker-desktop    | 10.0.0.2 - bob [22/Jul/2021:05:04:27 +0000] "GET / HTTP/1.1" 200 237 "" "curl/7.64.1"
auth-proxy.1.9v21dc2z6vlk@docker-desktop    | 10.0.0.2 - alice [22/Jul/2021:05:04:29 +0000] "GET / HTTP/1.1" 200 239 "" "curl/7.64.1"
auth-proxy.1.9v21dc2z6vlk@docker-desktop    | 10.0.0.2 - anne [22/Jul/2021:05:04:32 +0000] "GET / HTTP/1.1" 200 238 "" "curl/7.64.1"
auth-proxy.1.9v21dc2z6vlk@docker-desktop    | 10.0.0.2 - anne [22/Jul/2021:05:04:32 +0000] "GET / HTTP/1.1" 200 238 "" "curl/7.64.1"

Directories ¶

Path	Synopsis
cmd
jwt-auth-proxy
internal
httpauth Package httpauth handles HTTP Basic authentication with supplied authentication functions	Package httpauth handles HTTP Basic authentication with supplied authentication functions
jwtauth Package jwtauth is an authentication function to be used by the httpauth package	Package jwtauth is an authentication function to be used by the httpauth package
legacy Package legacy provides an authentication function that will validate against a list of user:pass or user:bcrypt details	Package legacy provides an authentication function that will validate against a list of user:pass or user:bcrypt details
logformat Package logformat is a http handler wrapper for providing Apache CLF output.	Package logformat is a http handler wrapper for providing Apache CLF output.
mainconfig Package mainconfig contains the configuration defaults that span the admin client, the server and the client.	Package mainconfig contains the configuration defaults that span the admin client, the server and the client.
proxy Package proxy is the core proxy for the application	Package proxy is the core proxy for the application

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL