MORP is a multi-tenant OpenID Connect reverse proxy. With MORP you can protect web services and applications that do not support authentication on their own. MORP takes care of the OpenID Connect "dance" using common identity providers (e.g. Google, GitHub, Okta, and Keycloak).
Documentation can be found at https://jaconi-io.github.io/morp.
We strongly believe in open source to build great things on top established components and frameworks. Implementing OIDC and a high performance proxy is hard. We did not want to do it again as these are solved problems. We therefore created MORP on top of the excellent Java Spring Boot stack combining the following technologies with a thin layer of MORP "glue".
The project comes with a docker compose
setup that runs Keycloak with a couple of test realms for an interactive
developer experience. You can optionally run Morp itself as part of the compose setup.
Bring up the setup via CLI:
# via CLI
cd compose
# if you want to run Morp locally in your IDE
docker compose -f docker-compose.yaml up -d
# if you want to run Morp as part of compose
docker compose up -d
Once this is up you will have a Keycloak running. You can access the UI via port 9000
. Test credentials for the
admin user are admin/admin
.
open http://localhost:9000/admin/master/console
You can then start MORP with a dedicated dev
profile which allows logging in via the Keycloak as well as via Google or Okta:
./gradlew bootRun --args='--spring.profiles.active=dev'
You can also start MORP from your favorite IDE.
For Google and Okta as well as integration tests we need additional credentials that can be put into a (git-ignored)
secret.properties
file in the project root directory:
# Google
morp.oauth2-client.registration.google.client-id=...
morp.oauth2-client.registration.google.client-secret=...
# Okta
morp.oauth2-client.registration.okta.client-id=...
morp.oauth2-client.registration.okta.client-secret=...
test.okta.password=...
This secret.properties
file can also be created using the 1Password CLI: https://developer.1password.com/docs/cli.
After installing the CLI on your machine (https://developer.1password.com/docs/cli/get-started#install) and signing in (https://developer.1password.com/docs/cli/get-started#sign-in), the secret.properties
file can be created using the follwing command:
op inject -i secret.properties.tpl -o secret.properties
To shut down the docker compose
backend run the following:
# via CLI
docker compose down
# via gradle
./gradlew composeDown