Google oAuth on V2

1. Caddy version (caddy version):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

caddy run --config /opt/caddy/Caddyfile

a. System environment:

Ubuntu 20.04

d. My complete Caddyfile or JSON config:

apps.host.us {
    route /auth* {
        auth_portal {
            path /auth
            backends {
                google_oauth2_backend {
                    method oauth2
                    realm google
                    provider google
                    client_id {$GOOGLE_CLIENT_ID}
                    client_secret {$GOOGLE_CLIENT_SECRET}
                    scopes openid email profile

                    user user@host.us add role verified
                }
            }
            jwt {
                token_name access_token
                token_secret {$JWT_SECRET}
                token_issuer {$JWT_ISSUER}
                token_lifetime 604800
            }
                }
     }

    route /tautulli* {
        jwt
        reverse_proxy /tautulli* localhost:8181
    }

3. The problem I’m having:

I’m trying to setup Google oAuth and make all my sites underneath prompt for login as I used to have setup in v1 but can’t quite seem to piece together the new plugins as I’m sure I’m missing something simple.

4. Error messages and/or full log output:

Internal Server Error

@animosity22, the issue with your configuration is that you did not configure jwt plugin.

   route /tautulli* {
       jwt
       reverse_proxy /tautulli* localhost:8181
   }

Should be:

    route /tautulli* {
        jwt {
          primary yes
          trusted_tokens {
            static_secret {
              token_name access_token
              token_secret {$JWT_SECRET}
            }
          }
          auth_url /auth
          allow roles verified
        }
        reverse_proxy /tautulli* localhost:8181
    }

see example here https://github.com/greenpau/caddy-auth-portal/blob/85389dc996c3f60a033304a018385a88976f26c5/assets/conf/local/Caddyfile#L95-L114

2 Likes

Another minor note, you can omit the matcher on reverse_proxy, because it’s already been matched by the one on route:

reverse_proxy localhost:8181
1 Like

Thanks, I missed the jwt part as that I was focusing on the Google Auth part :frowning:

Appreciate the fix as that worked flawlessly and I can move over to v2!

2 Likes

@animosity22, great! I would appreciate some stars on portal and jwt repositories :wink: and some praise about how great Caddy is and how great is the authentication portal ;-))) i am being serious :wink:

1 Like

Done and done :slight_smile:

2 Likes