Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth - custom redirect_url for proxys #1318

Open
ghost opened this issue Nov 27, 2023 · 1 comment
Open

OAuth - custom redirect_url for proxys #1318

ghost opened this issue Nov 27, 2023 · 1 comment

Comments

@ghost
Copy link

ghost commented Nov 27, 2023

Is your feature request related to a problem? Please describe.
When connecting a proxy inbetween the user and the application this occurrs. As the app has a internal dns entry and a public dns entries the proxy handels the forwarding. The used proxy is Application Proxy by Microsoft.
https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy

This proxy puts a "layer on top" of Thruk and provides a secure way to access apps via the microsoft datacenter and OAuth2 preconfigured by microsoft. After this layer the OAuth2 via Thruk can be configured. However this needs the external dns entry, but thruk only takes the loginpage url which is the internal proxy url. Therefore we need to modify thruk to include the option to modify this entry to custom.
The error is this:

grafik

Something like this is the workflow of application proxy.

User -> Public DNS Entry -> OAuth via Microsoft (DDOS etc.) -> Login via Microsoft -> App proxy internal url -> Thruk -> Login via OAuth2 by Thruk -> UI

Describe the solution you'd like
Add to OAuth.pm & Documentation the following.
Adds a read from the config file to read the parameter redirect_url this redirect url can be configured inside the application with microsoft.

Line 60 to 67

        my $res = $ua->post($auth->{'token_url'}, {
                                    client_id       => $auth->{'client_id'},
                                    client_secret   => $auth->{'client_secret'},
                                    code            => $code,
                                    redirect_uri    => $auth->{'redirect_url'},
                                    state           => $state,
                                    grant_type      => 'authorization_code',
        });

Line 150 to 156

    my $oauth_login_url = Thruk::Utils::Filter::uri_with($c, {
                                    client_id       => $auth->{'client_id'},
                                    scope           => $auth->{'scopes'},
                                    state           => $state,
                                    response_type   => 'code',
                                    redirect_uri    => $auth->{'redirect_url'},
                            }, 1, $auth->{'auth_url'}, 1);

Describe alternatives you've considered
There are no alternatives to make oauth2 work with azure application proxy and the native thruk oauth plugin.

Additional context
See above.
@ghost
Copy link
Author

ghost commented Feb 5, 2024

push

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants