Skip to content

Commit

Permalink
Merge pull request #18 from R0Wi/feature/support_pkce
Browse files Browse the repository at this point in the history
Add PKCE support
  • Loading branch information
bjorges authored Nov 7, 2022
2 parents 9b5150b + 30d9ecc commit fea266c
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ MAINTAINER Hans Kristian Flaatten <hans.flaatten@evry.com>
ENV \
SESSION_VERSION=2.22 \
HTTP_VERSION=0.12 \
OPENIDC_VERSION=1.6.1 \
OPENIDC_VERSION=1.7.3 \
JWT_VERSION=0.2.0 \
HMAC_VERSION=989f601acbe74dee71c1a48f3e140a427f2d03ae

Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ environment variables is used in this image:
* `OID_DISCOVERY`: OpenID provider well-known discovery URL
* `OID_CLIENT_ID`: OpenID Client ID
* `OID_CLIENT_SECRET`: OpenID Client Secret
* `OID_USE_PKCE`: Enable PKCE (`true` or `false`, default is `false`)
* `OIDC_AUTH_METHOD`: OpenID Connect authentication method (`client_secret_basic` or `client_secret_post`)
* `OIDC_RENEW_ACCESS_TOKEN_ON_EXPIRY`: Enable silent renew of access token (`true` or `false`)

Expand Down
1 change: 1 addition & 0 deletions docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ services:
- OID_DISCOVERY=http://192.168.99.100:8080/auth/realms/master/.well-known/openid-configuration
- OID_CLIENT_ID=proxy
- OID_CLIENT_SECRET=dee59d02-b1a9-455a-bd3c-38d2e060bf0f
- OID_USE_PKCE=true

- PROXY_HOST=192.168.99.100
- PROXY_PORT=8383
Expand Down
1 change: 1 addition & 0 deletions nginx/conf/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ env OID_DISCOVERY;
env OID_CLIENT_ID;
env OID_CLIENT_SECRET;
env OID_REDIRECT_PATH;
env OID_USE_PKCE;
env OIDC_AUTH_SCOPE;
env OIDC_AUTH_METHOD;
env OIDC_RENEW_ACCESS_TOKEN_ON_EXPIRY;
Expand Down
2 changes: 2 additions & 0 deletions nginx/lua/auth.lua
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ local opts = {
renew_access_token_on_expiry = os.getenv("OIDC_RENEW_ACCESS_TOKEN_ON_EXPIRY") ~= "false" and os.getenv("OIDC_RENEW_ACCESS_TOKEN_ON_EXPIERY") ~= "false",
scope = os.getenv("OIDC_AUTH_SCOPE") or "openid",
iat_slack = 600,
use_pkce = os.getenv("OID_USE_PKCE") == "true"
}

-- call authenticate for OpenID Connect user authentication
Expand All @@ -22,6 +23,7 @@ ngx.log(ngx.INFO,
", session.data.authenticated=", session.data.authenticated,
", opts.force_reauthorize=", opts.force_reauthorize,
", opts.renew_access_token_on_expiry=", opts.renew_access_token_on_expiry,
", opts.use_pkce=", opts.use_pkce,
", try_to_renew=", try_to_renew,
", token_expired=", token_expired
)
Expand Down

0 comments on commit fea266c

Please sign in to comment.