keycloak-http-auth

Validate auth and enforce ACLs for HTTP-based Keycloak token requests. Ideal for answering nginx auth requests.

Because this is meant for non-interactive use, failures only return 403.

On success, these http headers are returned:

REMOTE_USER: the posix.username or upn or preferred_username in the token (required)
X_UID: the posix.uid in the token (optional)
X_GID: the posix.gid in the token (optional)

UID and GID are useful for POSIX filesystem access, for example https://unix.stackexchange.com/a/489744.

Configuration

Primary configuration is via environment variables:

ISSUERS: the issuers, comma-separated
AUDIENCE: the audience
BASE_PATH: the base path of the server, before any authorized paths in the token

Name		Name	Last commit message	Last commit date
Latest commit History 29 Commits
.github/workflows		.github/workflows
integration_tests		integration_tests
keycloak_http_auth		keycloak_http_auth
nginx_config		nginx_config
resources		resources
tests		tests
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
Dockerfile_nginx		Dockerfile_nginx
LICENSE		LICENSE
README.md		README.md
requirements.txt		requirements.txt
setup.cfg		setup.cfg
setupenv.sh		setupenv.sh