Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get values from callback URL in to the application #67

Open
rinshadka opened this issue May 24, 2022 · 0 comments
Open

Get values from callback URL in to the application #67

rinshadka opened this issue May 24, 2022 · 0 comments

Comments

@rinshadka
Copy link

Hi,

I have configured forward authentication keeping OIDC as a provider like below and the authentication process is working fine and landing to the URL -> http://nginx.local.com after successful authentication completed in Keycloak OIDC provider..

Note:- I have actually tried - thomseddon/traefik-forward-auth , not this particular project, But I guess the implementation is almost similar.

version: '3'
"networks":
  "network":
    "external":
      "name": "application"
services:
  nginx:
    image: nginx:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`nginx.local.com`)"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.http.routers.whoami.middlewares=traefik-forward-auth"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.trustForwardHeader=true"
    networks:
      - network

  traefik-forward-auth:
    image: thomseddon/traefik-forward-auth:2
    environment:
      - DEFAULT_PROVIDER=oidc
      - PROVIDERS_OIDC_ISSUER_URL=https://xxxxxx/auth/realms/xxxx
      - PROVIDERS_OIDC_CLIENT_ID=xxxxx
      - PROVIDERS_OIDC_CLIENT_SECRET=c0a7f708-cd2f-4c41-a6dc-xxxxxxx
      - PROVIDERS_OIDC_RESOURCE=
      # INSECURE_COOKIE is required if not using a https entrypoint
      - INSECURE_COOKIE=true
      - SECRET=random123
      - LOG_LEVEL=debug
    networks:
      - network

During the redirect process to URL -> nginx.local.com , I can see a callback URL also hitting nginx.local.com like below,

http://nginx.local.com/_oauth?state=3f3b9c183bff86f1b0651ecd5c4411da%3Aoidc%3Ahttp%3A%2F%2Fnginx.local.com%2F&session_state=6925685c-f2dd-4ca8-b2d0-7db97bdc4851&code=8a34dff2-0fda-40a9-861d-3bc640a5b93a.6925685c-f2dd-4ca8-b2d0-7db97bdc4851.xxxx

Also getting the cookie response like below,

{
	"Response Cookies": {
		"_forward_auth": {
			"domain": "nginx.local.com",
			"expires": "2022-05-20T18:50:34.000Z",
			"httpOnly": true,
			"path": "/",
			"value": "OJ2zDvO51zelaa_bgI5bVEXKqu4Tx0po58IH29Xcfc0=|1653072634|[email protected]"
		},
		"_forward_auth_csrf": {
			"domain": "nginx.local.com",
			"expires": "2022-05-20T05:50:33.000Z",
			"httpOnly": true,
			"path": "/",
			"value": ""
		}
	}
}


We needed the value of the code= parameter from the query string of the callback URL to our application. We then changed the URL_PATH to an actual file - login.html kept at http://nginx.local.com/login.html, but again its not hitting that file. I guess since I am using the default Overlay Mode, it wont hit the actual file and pass those details to that file.

Actually we wanted the value of the code= parameter from the query string of the callback URL to our application. What all are the possible methods to fetch that value to our application.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant