Proksi
  • 🚀General
    • Getting started
    • Performance
    • Motivations
    • Specifications
  • 💾Installation
    • Docker
    • Single binary
  • 📚Configuration
    • HCL
      • Functions
    • YAML
    • ENV
    • Logging
    • Auto Reload
    • Daemon
    • Redis
  • 🔀Routing
    • Upstreams
    • Headers
  • 🧩Plugins
    • Request ID
    • Basic Auth
    • OAuth2
  • đŸ“Ŋī¸Use cases
    • Cache
    • Docker swarm
  • 🛩ī¸Contributing
    • Repository
  • Github
  • Crates.io
Powered by GitBook
On this page
  • Providers
  • Options
  • Validations
  • Usage

Was this helpful?

Edit on GitHub
  1. Plugins

OAuth2

Protects a route using a provider and the Oauth2 protocol

This plugin protects a given route by authenticating against a provider and a JWT token sent as an HTTP-only cookie for you particular domain.

Providers

  • github

  • workos

Options

Plugin options are always passed via the config key.

provider

One of the providers listed above

client_id

Client ID of your app in the provider of your choosing

client_secret

Client Secret of your app in the provider of your choosing

jwt_secret

The secret for the JWT token used in the generate HTTP-only cookie. Needs to be at least 64 chars.

validations

An list (array) of validations for your provider

Validations

The OAuth2 plugins allows you to define whether a given user can access the domain requested.

Email

To only allow access from specific emails:

# ... the rest of the plugin config from above
validations  = [
  { key = "email", values = ["email@gmail.com", "valid@yahoo.com"]
]

Username

To only allow access from specific usernames (depends on provider)

validations  = [
  { key = "username", values = ["user2021", "proksi"]
]

Combined

You can combine all validations together

validations  = [
  { key = "username", values = ["user2021", "proksi"],
  { key = "email", values = ["email@gmail.com", "valid@yahoo.com"]
]

Usage

A complete plugin definition looks like the following:

proksi.hcl
lets_encrypt {
    enabled = true
    email = "test@email.com"
}

routes = [{
    host = "website.com"
    
    upstreams = [{ ip = "localhost", port = 3000 }]
    
    plugins = [
        { name = "request_id" },
        
        { 
            name = "oauth2", 
            config = { 
                provider = "github"
                client_id = "lv1.98asd7h12h3"
                client_secret = "lvl2.91823hl1238d"
                # Generated using `openssl rand -hex 64`
                jwt_secret = "d1a86503f928b387dcde695176e02c9c6fb0a96f91f4436d2f724b312c4a1e7fc16d5f86bd37f4fe6267e628dca8a55f621f8e4f2f41725ff00cdfbb971b0384"
                validations = [
                    { key = "email", values = ["me@proksi.info"] }
                ]
            } 
        }
    ]
}]

PreviousBasic AuthNextCache

Last updated 10 months ago

Was this helpful?

🧩