search

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.49k stars 73 forks source link

OAuth transparent authentication in Caddy #356

Open ArjonBu opened 3 months ago

ArjonBu commented 3 months ago

I am trying to setup Caddy as a transparent reverse proxy with authentication, meaning that authentication to remote endpoints is done on Caddy. Users can access the Caddy virtual host with no authentication and then Caddy authenticates to the remote endpoint.

I am no expert in this but I am having a hard time understanding the docs and I am failing to setup proper config. All examples on docs refer to the case where the user is redirected to an authentication portal and then authenticates.

In my case, I do not want that. I want users to access the Caddy domain with no authentication and Caddy does authentication as a reverse proxy.

Is this use-case currently supported by this plugin? If so, can you please direct me to a docs link where I can try to get something working?

Thanks in advance

jmittermair commented 2 months ago

@ArjonBu Caddy functions as the authentication portal. So you would access the normal Caddy endpoint for your service with no authentication, like you stated, be redirected to the auth portal (still hosted by Caddy), sign in with your OAuth, and then be redirected automatically back to your original Caddy endpoint.

There's a Discord example here that's pretty clear cut: https://github.com/authcrunch/authcrunch.github.io/blob/c6d02968980595021863c223369f9f6cb31992b6/assets/conf/oauth/discord/Caddyfile