1. Output of caddy version
:
v2.6.1
2. How I run Caddy:
a. System environment:
docker
b. Command:
Paste command here.
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->
d. My complete Caddy config:
#### GOOGLE AUTH
{
https_port 443
#debug
order authenticate before respond
order authorize before basicauth
security {
oauth identity provider google {
realm google
driver google
client_id <hidden>
client_secret <hidden>
scopes openid email profile
}
authentication portal myportal {
crypto default token lifetime 3600
enable identity provider google
cookie domain sample.be
ui {
links {
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match realm google
exact match email limit.to.this.account@gmail.com
action add role authp/admin
}
transform user {
match realm google
block
}
}
authorization policy mypolicy {
set auth url https://auth.sample.be/oauth2/google
validate bearer header
inject headers with claims
acl rule {
comment allow users
match role authp/admin
allow stop log info
}
acl rule {
comment default deny
match any
deny log warn
}
}
}
}
3. The problem Iām having:
I am trying to limit the authentication only to my personal email.
All other users should get access denied. But i cannot figure out the ACLs for authentication.
For authorization, all is working fine.
4. Error messages and/or full log output:
Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.