Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorization Code Flow ExtAuth tutorial #1315

Open
4 tasks
barchw opened this issue Sep 25, 2024 · 0 comments
Open
4 tasks

Authorization Code Flow ExtAuth tutorial #1315

barchw opened this issue Sep 25, 2024 · 0 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@barchw
Copy link
Contributor

barchw commented Sep 25, 2024

Description
Write down a tutorial describing how to set oauth2-proxy + extAuth to expose a workload with the Authorization Code OAuth2.0 flow. Tutorial should allow automated access to secured endpoint using redirects when accessing from a browser.
It might also include additional security considerations, for example JWT claim based authorization.

Reasons

  • Authorization Code flow is the most secure out of user facing OAuth2.0 flows
  • APIGateway support for authentication and authorization with OIDC complaint authorization servers (SAP CIS, GitHub, etc.)

DoD:

  • Provide tutorial.
  • Tutorial links to previous tutorials.
  • Authentication only flow (no additional JWT restrictions)
  • Authentication + authorization flow (extAuth + JWT restrictions)

Attachments

  • Configuration for oauth2-proxy for Authorization Code flow is described in Goat internal knowledge-hub
@barchw barchw added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 25, 2024
@barchw barchw changed the title Authorisation Code Flow ExtAuth tutorial Authorization Code Flow ExtAuth tutorial Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

1 participant