Stack Overflow
Stack Overflow

Questions tagged [oauth2-proxy]

64 questions
7
votes
1 answer

What is proper design for authentication in kubernetes using nginx-ingress and keycloak

Goal I want to use keycloak as oauth/oidc provider for my minikube cluster. Problem I am confused with the available documentation. According to this documentation ngnix-ingress can handle external authentication with…
Ivan
  • 340
  • 3
  • 14
6
votes
1 answer

Why invalid_grant error with "Session doesn’t have required client"?

I have an app connected via oauth2-proxy to Keycloak and generally everything runs fine. Just sometimes I see the following error in the oauth2-proxy logfiles: unable to redeem refresh token: failed to get token: oauth2: cannot fetch token: 400 Bad…
lathspell
  • 3,040
  • 1
  • 30
  • 49
6
votes
4 answers

How can I debug oauth2_proxy when connecting to Azure B2C?

I'm new to Kubernetes, and I've been learning about Ingress. I'm quite impressed by the idea of handling TLS certificates and authentication at the point of Ingress. I've added a simple static file server, and added cert-manager, so I basically have…
Mark Rabjohn
  • 1,643
  • 14
  • 30
5
votes
2 answers

Keycloak, oauth2-proxy and nginx.ingress.kubernetes

I have a problem with authentication kubernetes webapp via oauth2-proxy/keycloak. You don't know what's wrong Webapp (test-app.domain.com) oauth2-proxy (oauth2-proxy.domain.com) keycloak (keycloak-test.domain.com) Those three app runs…
Breed
  • 51
  • 1
  • 2
5
votes
1 answer

Oauth2_proxy with Keycloak : getting "invalid_token" with /userinfo API

I am trying Keycloak for the first time and using Keycoak as provider with oauth2_proxy (https://github.com/oauth2-proxy/oauth2-proxy/blob/v5.1.1/providers/keycloak.go) to achieve user authentication via LDAP. I have followed all steps inside…
Sumit Jindal
  • 363
  • 1
  • 7
  • 17
3
votes
1 answer

oauth2-proxy userInfo API returns too little data. how to get more granual user data?

I have integrated oauth2-proxy with AWS Cognito leveraging Istio as described in jetstack's article, all is running in K8S. Now I am looking for an approach to get users' data and other attributes like gender, phone_number, or even get…
Vasyl Herman
  • 414
  • 2
  • 11
3
votes
1 answer

Why am I getting a CSRF 403 from OAuth2 Proxy when running on GKE but not locally?

I have a simple setup that is using OAuth2 Proxy to handle authentication. It works fine locally using minikube but when I try to use GKE when the oauth callback happens I get a 403 status and the the following message... Login Failed: Unable to…
Jackie
  • 21,969
  • 32
  • 147
  • 289
2
votes
1 answer

Analyzing oAuth2 client credential flow with oAuth2-proxy, Keycloak / oAuth2-proxy logging

My application running on Kubernetes (AKS) has a working standard oAuth2 authentication flow, which I added using oAuth2-proxy and Keycloak. The password Credentials grant type / standard flow via the Browser is working fine. After the redirect to…
rob2universe
  • 7,059
  • 39
  • 54
2
votes
0 answers

How to authenticate to oauth2-proxy via cURL or POSTMAN

I have my service set behind oauth2-proxy and I am using version 4.0.0. I am trying to hit an API behind the service, but unfortunately, I always get a 403 forbidden error because of oauth2-proxy being in the way. I am looking for a way to…
jipot
  • 304
  • 3
  • 13
  • 34
2
votes
1 answer

oauth2-proxy returns a white webpage with "Found" link instead of the provider authentication page

I am using oauth2-proxy (v7.2.0) for authentication NB: i use traefik v2 to redirect the requests to oauth2-proxy which is deployed via helm chart. below, the options used to configure my oauth2-proxy extraArgs: provider: "gitlab" redirect-url:…
Abderrahmane
  • 385
  • 2
  • 3
  • 14
2
votes
1 answer

oauth2_proxy for basic auth login

I'm trying to setup an OAuth2 authorizatin in front of my ELK installation. I'm using oauth2_proxy. The idea is to use Google as SSO, extract the username from the SSO challenge, set this username as basic auth (with a fixed password) to log into…
Gianluca
  • 2,379
  • 3
  • 25
  • 41
2
votes
1 answer

How to authenticate against AAD (Azure Active Directory) with oauth2_proxy and obtain Access Token

I'm trying to authenticate against AAD (Azure Active Directory) with oauth2_proxy used in Kubernetes to obtain Access Token. First of all, I'm struggling to get the correct authentication flow to work. Second, after being redirected to my…
Lukasz Dynowski
  • 11,169
  • 9
  • 81
  • 124
2
votes
1 answer

Oauth2-Proxy do not pass X-Auth-Request-Groups header

I'm using Azure B2C for authenticate my users. For authentication piece I have oauth2-proxy running in kubernetes cluster. Oauth2-Proxy is running behind ingress-nginx and it's passing most of required headers but I do not get X-Auth-Request-Groups…
kosmit
  • 621
  • 2
  • 7
  • 23
2
votes
1 answer

What is the purpose of oauth2 proxy sidecar?

Could you please provide explanation for what reason oauth2-proxy as sidecar can be used? For example an architecture where every pod in k8s has this sidecar, which proxies to Keycloack.
xeLL
  • 487
  • 2
  • 9
  • 24
1
vote
1 answer

oauth2-proxy helm kubernetes: ERROR: Failed to initialise OAuth2 Proxy: invalid provider verifier options: missing required setting: issuer-url

I had oauth2-proxy running on my Kubernetes cluster which I deployed using Helm via ArtifactHUB > Helm > OAuth2 Proxy chart. I just upgraded oauth2-proxy from v7.1.3 to v7.4.0 with its chart from 4.2.2 to 6.16.1 and started seeing the following…
Abdullah Khawer
  • 4,461
  • 4
  • 29
  • 66
1
2 3 4 5