Warning This repo is no longer maintained. It's now a package within Nexodus
go-oidc-agent is a small binary designed to act as a Backend-For-Frontend, handling the OIDC authentication on behalf of the frontend app.
It is heavily influenced by oauth-agent-node-express with the following notable differences:
- It's written in Go
- The session storage (used for tokens) is swappable so it can use encrypted cookies, memcached etc...
- It acts as a proxy for request from the frontend the configured backend API, adding the necessary authentication credentials.
There are also some omissions, which will need addressing before this can be used in production.
- CSRF Token Support
There is a working example in the examples directory.
To use this you must first add 3 domains to your /etc/hosts.
auth.widgetcorp.local- The Auth Serverwidgets.local- Your Frontendapi.widgets.local- Backend For Frontend
To start the example, run docker compose up -d.
Note Podman Compatibility This will work on podman-compose also, but you will need to.
- Install the latest development version
- Add the following to your
containers.conffile[containers] base_hosts_file="none
You can then browse to http://widgets.local:8080, which will redirect you to the login page.
The login page will call the backend to find the login URL, and then redirect you to http://auth.widgetcorp.local where you can login with admin@widgetcorp.com and the password admin.
On successful login, you're redirected back to the frontend. The frontend sends the received code to the backend where it's exchanged for a token that can be used to access the API. This token is stored in an encrypted cookie.
Once you're fully authenticated, the frontend may then call the /api enpdoint of the backend. This proxies requests to the apiserver with the credentials from the securecookie injected.