diff --git a/cmd/haproxy-spoe-auth/main.go b/cmd/haproxy-spoe-auth/main.go index 009653f..2ff15dd 100644 --- a/cmd/haproxy-spoe-auth/main.go +++ b/cmd/haproxy-spoe-auth/main.go @@ -67,6 +67,7 @@ func main() { OAuth2AuthenticatorOptions: auth.OAuth2AuthenticatorOptions{ RedirectCallbackPath: viper.GetString("oidc.oauth2_callback_path"), LogoutPath: viper.GetString("oidc.oauth2_logout_path"), + HealthCheckPath: viper.GetString("oidc.oauth2_healthcheck_path"), CallbackAddr: viper.GetString("oidc.callback_addr"), CookieName: viper.GetString("oidc.cookie_name"), CookieSecure: viper.GetBool("oidc.cookie_secure"), diff --git a/internal/auth/authenticator_oidc.go b/internal/auth/authenticator_oidc.go index c469d45..a6fc4f6 100644 --- a/internal/auth/authenticator_oidc.go +++ b/internal/auth/authenticator_oidc.go @@ -38,6 +38,7 @@ type OAuth2AuthenticatorOptions struct { Endpoints oauth2.Endpoint RedirectCallbackPath string LogoutPath string + HealthCheckPath string // This is used to sign the redirection URL SignatureSecret string @@ -106,6 +107,7 @@ func NewOIDCAuthenticator(options OIDCAuthenticatorOptions) *OIDCAuthenticator { go func() { http.HandleFunc(options.RedirectCallbackPath, oa.handleOAuth2Callback(tmpl, errorTmpl)) http.HandleFunc(options.LogoutPath, oa.handleOAuth2Logout()) + http.HandleFunc(options.HealthCheckPath, handleHealthCheck) logrus.Infof("OIDC API is exposed on %s", options.CallbackAddr) http.ListenAndServe(options.CallbackAddr, nil) }() @@ -113,6 +115,10 @@ func NewOIDCAuthenticator(options OIDCAuthenticatorOptions) *OIDCAuthenticator { return oa } +func handleHealthCheck(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("OK")) +} + func (oa *OIDCAuthenticator) withOAuth2Config(domain string, callback func(c oauth2.Config) error) error { clientConfig, err := oa.options.ClientsStore.GetClient(domain) if err != nil { diff --git a/resources/configuration/config.yml b/resources/configuration/config.yml index 339fa3e..315c476 100644 --- a/resources/configuration/config.yml +++ b/resources/configuration/config.yml @@ -26,6 +26,8 @@ oidc: oauth2_callback_path: /oauth2/callback # The path to the logout endpoint to redirect the user to. oauth2_logout_path: /oauth2/logout + # The path the oidc client uses for a healthcheck + oauth2_healthcheck_path: /health # The SPOE agent will open a dedicated port for the HTTP server handling the callback. This is the address the server listens on callback_addr: ":5000"