search

IvanJosipovic / OIDC-Guard

OpenID Connect (OIDC) & OAuth 2 API Server used to secure Kubernetes Ingress
MIT License
16 stars 0 forks source link

[Q&A] Is it possible to specify multiple issueer #222

Open thiner opened 4 months ago

thiner commented 4 months ago

I want my API to support selected auth providers. Is there a way oidc-guard can support this feature?

IvanJosipovic commented 4 months ago

Multiple issuers can be specified in the helm values, see https://github.com/IvanJosipovic/OIDC-Guard/blob/e5a112259146910c206725105c98f7a7d513b825/charts/oidc-guard/values.yaml#L112

Alternatively, if you want to control the issuer per API, disable the issuer validation in the helm values, https://github.com/IvanJosipovic/OIDC-Guard/blob/e5a112259146910c206725105c98f7a7d513b825/charts/oidc-guard/values.yaml#L109

then you can do it in the external auth call:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress
  annotations:
    nginx.ingress.kubernetes.io/auth-url: https://oidc-guard.company.com/auth?iss=myissuer
    nginx.ingress.kubernetes.io/auth-signin: https://oidc-guard.company.com/signin
spec:
thiner commented 4 months ago

Thanks for your answer. Is there anyway we can set the values as an env in the deployment.yaml or configma? OK, I found a way to have the configuration in config map.

thiner commented 4 months ago

Now, another problem popping up. How can I set multiple JWKSUrl? Each issuer has its own JWKSUrl, but the values.yaml accepts string rather than array value.