Skip to content

Instantly share code, notes, and snippets.

@devansvd

devansvd/open-id-proxy.md

Created June 26, 2020 09:23
Show Gist options
  • Save devansvd/3e8b3e12deccbd51f8393ac96c288f40 to your computer and use it in GitHub Desktop.
Save devansvd/3e8b3e12deccbd51f8393ac96c288f40 to your computer and use it in GitHub Desktop.
Download ZIP
Protect open backends with Openid/oauth with louketo-openid-proxy
Raw
open-id-proxy.md

Protect open backends with Openid/oauth with louketo-openid-proxy

louketo-openid-proxy - https://github.com/louketo/louketo-proxy

Looks like client-id in the token aud is mandatory.

To add Keycloakadmin -> Client -> Mappers -> Create -> mapper type audience -> select client id

docker run --name louketo-openid-proxy -it -d \
  -p 8440:8440 quay.io/louketo/louketo-proxy \
  --listen :8440 \
  --upstream-url https://un-protected-backend:8443 \
  --discovery-url https://sso.keycloak.com/auth/realms/<realm name> \
  --client-id oauth-test-client \
  --client-secret ********

curl --location --request GET 'http://localhost:8440/routes' \
--header 'Authorization: Bearer ${token}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment