Support for oauth2-proxy frontend?

[anannaya]

https://github.com/oauth2-proxy/oauth2-proxy is widely used in many projects , Which intern sets some header along Authorization bearer token , Can the homer be supported with id_token ?

[github-actions[bot]]

Your report is appreciated. Please star this repository to motivate its developers! :star:

[lmangani]

Homer already supports oauth2

https://github.com/sipcapture/homer-app/blob/master/etc/webapp_config.json#L149

[anannaya]

@adubovikov Oauth2-proxy supports Adding the Authorization Berear header So all the Oauth2 processing done at the oauth2-proxy . If Authorization header is set then direct login to homer UI .

func RouteUserApis(acc *echo.Group, session *gorm.DB, ldapClient *ldap.LDAPClient, httpAuth *httpauth.Client) {
    // initialize service of user
    userService := service.UserService{ServiceConfig: service.ServiceConfig{Session: session}, LdapClient: ldapClient, HttpAuth: httpAuth}
    // initialize user controller
    urc := controllerv1.UserController{
        UserService: &userService,
    }

    // user login
    acc.POST("/auth", urc.LoginUser)

    //list of auths
    acc.GET("/auth/type/list", urc.GetAuthTypeList)

    //Oauth2 Request
    acc.GET("/oauth2/redirect/:provider", urc.RedirecToSericeAuth)

    //Oauth2 Request
    acc.GET("/oauth2/auth/:provider", urc.AuthSericeRequest)

    //Oauth2 Token Ex-Change
    acc.POST("/oauth2/token", urc.Oauth2TokenExchange)
}

[adubovikov]

as I understood it correct, this oauth2-proxy needs only in case if your application doesn't support SSO, which is not our case, because homer-app has full support oauth2. I will open the ticket open, but this is a feature request which VERY specific for your scenario. Feel free make a PR to implement this feature.

[anannaya]

@adubovikov Not example there are some apps like grafana,kiali supports Header based login is and roles are assigned. But in out case homer just need to process the Authorization bearer header and login. For example

    auth.proxy:
      auto_assign_org_role: Editor
      auto_sign_up: true
      enabled: true
      header_name: X-Auth-Request-Email

[adubovikov]

Homer supports JWT :-) and the JWT is exactly inside Authorization: Bearer header. So, if you will describe your scenario with more details, probably we can give you a good advice

[anannaya]

We basically has front-ended all the 3rd party apps with oauth2-proxy , So Homer web-ui just need to process the Authorization header(JWT id_token) if exists then login . Homer UI should not show login page .

[adubovikov]

@anannaya I don't think it will be easy to do, because we have own format of JWT token with custom structure. All external JWT tocken will be rejected.. As a workaround you can implement http_auth call back and validate your JWT on your extrnal server and return user object back.

[adubovikov]

since this request is a special request, will close it for now