Google oAuth on V2

animosity22 · November 20, 2020, 2:26am

1. Caddy version (`caddy version`):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

caddy run --config /opt/caddy/Caddyfile

a. System environment:

Ubuntu 20.04

d. My complete Caddyfile or JSON config:

apps.host.us {
    route /auth* {
        auth_portal {
            path /auth
            backends {
                google_oauth2_backend {
                    method oauth2
                    realm google
                    provider google
                    client_id {$GOOGLE_CLIENT_ID}
                    client_secret {$GOOGLE_CLIENT_SECRET}
                    scopes openid email profile

                    user user@host.us add role verified
                }
            }
            jwt {
                token_name access_token
                token_secret {$JWT_SECRET}
                token_issuer {$JWT_ISSUER}
                token_lifetime 604800
            }
                }
     }

    route /tautulli* {
        jwt
        reverse_proxy /tautulli* localhost:8181
    }

3. The problem I’m having:

I’m trying to setup Google oAuth and make all my sites underneath prompt for login as I used to have setup in v1 but can’t quite seem to piece together the new plugins as I’m sure I’m missing something simple.

4. Error messages and/or full log output:

Internal Server Error

greenpau · November 20, 2020, 3:25am

@animosity22, the issue with your configuration is that you did not configure jwt plugin.

   route /tautulli* {
       jwt
       reverse_proxy /tautulli* localhost:8181
   }

Should be:

    route /tautulli* {
        jwt {
          primary yes
          trusted_tokens {
            static_secret {
              token_name access_token
              token_secret {$JWT_SECRET}
            }
          }
          auth_url /auth
          allow roles verified
        }
        reverse_proxy /tautulli* localhost:8181
    }

see example here caddy-auth-portal/Caddyfile at 85389dc996c3f60a033304a018385a88976f26c5 · greenpau/caddy-auth-portal · GitHub

francislavoie · November 20, 2020, 3:35am

Another minor note, you can omit the matcher on reverse_proxy, because it’s already been matched by the one on route:

reverse_proxy localhost:8181

animosity22 · November 20, 2020, 4:07am

Thanks, I missed the jwt part as that I was focusing on the Google Auth part

Appreciate the fix as that worked flawlessly and I can move over to v2!

greenpau · November 20, 2020, 4:19am

@animosity22, great! I would appreciate some stars on portal and jwt repositories and some praise about how great Caddy is and how great is the authentication portal ;-))) i am being serious

animosity22 · November 20, 2020, 4:34am

Done and done

system · December 20, 2020, 2:26am

This topic was automatically closed after 30 days. New replies are no longer allowed.