Skip to content
This repository has been archived by the owner on Feb 22, 2023. It is now read-only.

Authentication and Authorization with OKTA for a Envoy Global Rate limiting service

License

Notifications You must be signed in to change notification settings

andreaangiolillo/rate-limiting-oidc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Rate Limiting OIDC

This example shows you how to use Golang to login to your application with an Okta Hosted Login page. The login is achieved through the authorization code flow, where the user is redirected to the Okta-Hosted login page. After the user authenticates they are redirected back to the application with an access code that is then exchanged for an access token.

This repository uses https://github.com/okta/samples-golang as a starting point.

ezgif com-gif-maker (1)

Authentication and Authorisation

This POC uses Okta OIDC to perform authentication and casbin to perform RBAC Authorisation using the user's globalGroups.

These are the allowed groups:

  • "10gen-cloud": The user inside this group is an Admin
  • "10gen-cloud-rate-limiting-read-only": The user inside this group has read-only access to their profile

Prerequisites

Before running this sample, you will need the following:

  • A valid user on mongodb-qa.oktapreview.com
  • An Okta Application, configured for Web mode. This is done from the Okta Console and you can find instructions here. When following the wizard, use the default properties

Running This Example

git clone git@github.com:andreaangiolillo/rate-limiting-oidc.git
cd rate-limiting-oidc

Then install dependencies:

make setup

You also need to gather the following information from the Okta Developer Console:

  • Client ID and Client Secret - These can be found on the "General" tab of the Web application that you created earlier in the Okta Developer Console.
  • Issuer - This is the URL of the authorization server that will perform authentication. We use https://mongodb-qa.oktapreview.com/oauth2/default.

Now that you have the information that you need, you can fill .env with them or defining the env variables CLIENT_ID, CLIENT_SECRET and ISSUER.

CLIENT_ID={clientId}
CLIENT_SECRET={clientSecret}
ISSUER=https://mongodb-qa.oktapreview.com/oauth2/default

Start the app server:

go run main.go

Now navigate to http://localhost:8080 in your browser.

If you see a home page that prompts you to login, then things are working! Clicking the Log in button will redirect you to the Okta hosted sign-in page.

You can login with the same account that you created when signing up for mongodb-qa.oktapreview.com, or you can use a known username and password from your Okta Directory.

Note: If you are currently using your Developer Console, you already have a Single Sign-On (SSO) session for your Org. You will be automatically logged into your application as the same user that is using the Developer Console.
You may want to use an incognito tab to test the flow from a blank slate.

Useful Resources

About

Authentication and Authorization with OKTA for a Envoy Global Rate limiting service

Resources

License

Stars

Watchers

Forks

Packages

No packages published