MORP is a multi-tenant OpenID Connect reverse proxy. With MORP you can protect web services and applications that do not support authentication on their own. MORP takes care of the OpenID Connect "dance" using common identity providers (e.g. Google, GitHub, Okta, and Keycloak).
Documentation can be found at https://jaconi-io.github.io/morp.
We strongly believe in open source to build great things on top established components and frameworks. Implementing OIDC and a high performance proxy is hard. We did not want to do it again as these are solved problems. We therefore created MORP on top of the excellent Java Spring Boot stack combining the following technologies with a thin layer of MORP "glue".
- Spring Cloud Gateway - for flexible, declarative routing and a high performance, reactive HTTP proxy
- Spring OAuth2 Client - for a mature integration with a wide range of identity providers
- Spring Security - for flexible request authentication and authorization
- Spring Native - for producing native Docker images with a small resource footprint and fast startup times
The project comes with a docker compose setup that runs Keycloak with a couple of test realms for an interactive
developer experience. You can optionally run Morp itself as part of the compose setup.
Bring up the setup via CLI:
# via CLI
cd compose
# if you want to run Morp locally in your IDE
docker compose -f docker-compose.yaml up -d
# if you want to run Morp as part of compose
docker compose up -dOnce this is up you will have a Keycloak running. You can access the UI via port 9000. Test credentials for the
admin user are admin/admin.
open http://localhost:9000/admin/master/consoleYou can then start MORP with a dedicated dev profile which allows logging in via the Keycloak as well as via Google or Okta:
./gradlew bootRun --args='--spring.profiles.active=dev'You can also start MORP from your favorite IDE.
For Google and Okta as well as integration tests we need additional credentials that can be put into a (git-ignored)
secret.properties file in the project root directory:
# Google
morp.oauth2-client.registration.google.client-id=...
morp.oauth2-client.registration.google.client-secret=...
# Okta
morp.oauth2-client.registration.okta.client-id=...
morp.oauth2-client.registration.okta.client-secret=...
test.okta.password=...This secret.properties file can also be created using the 1Password CLI: https://developer.1password.com/docs/cli.
After installing the CLI on your machine (https://developer.1password.com/docs/cli/get-started#install) and signing in (https://developer.1password.com/docs/cli/get-started#sign-in), the secret.properties file can be created using the follwing command:
op inject -i secret.properties.tpl -o secret.propertiesTo shut down the docker compose backend run the following:
# via CLI
docker compose down
# via gradle
./gradlew composeDown