Jwt, auth-portal and picture url

1. Caddy version (caddy version):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

iocage jail in freebsd 12.2-RELEASE-p2

b. Command:

caddy run -adapter caddyfile -config /usr/local/www/caddy

c. Service/unit/compose file:

not setup as a system service (yet)

d. My complete Caddyfile or JSON config:

{
  debug
  order jwt first
}

(encoding) {
  encode gzip zstd
}

(dns) {
  tls {
    dns cloudflare xxx
  }
}

(primary-auth) {
  jwt {
    primary yes
    auth_url https://auth.xxx.xxx/oauth2/google
    trusted_tokens {
      static_secret {
        token_name access_token
        token_secret xxx
      }
    }
    allow roles superuser
  }
}

(auth) {
  jwt {
    auth_url https://auth.xxx.xxx/oauth2/google
    trusted_tokens {
      static_secret {
        token_name access_token
        token_secret xxx
      }
    }
    allow roles superuser
  }
}

auth.xxx.xxx {
  import dns
  import encoding
  route {
    auth_portal {
      path /
      cookie_domain xxx.xxx
      backends {
        google_oauth2_backend {
          method oauth2
          realm google
          provider google
          client_id xxx
          client_secret xxx
          scopes email openid
          user "@xxx.xxx$" regex add role superuser
        }
      }
      jwt {
        token_name access_token
        token_secret xxx
      }
      ui {
        links {
          "Plex" https://plex.xxx.xxx
        }
      }
    }
  }

  route /version* {
    respond * "1.0.0" 200
  }

  route {
    redir https://{hostport} 302
  }
}

plex.xxx.xxx {
  import auth
  import dns
  import encoding
  reverse_proxy http://plex.xxx:32400
}

proxy.xxx.xxx {
  import primary-auth
  import dns
  import encoding
  file_server
  root * <path>
}

3. The problem I’m having:

I was previously using the jwt and auth plugins for Caddy v1 and they eventually worked really well, when I got the configuration right in the end. Now I’m trying to switch to Caddy v2.
One of the things I got through the authorization framework in v1 was an URL to the user’s profile picture as part of the jwt. Now when using jwt and auth portal, I’m not getting that information. Is there a configuration part somewhere I’ve missed to get this information through?

I’m also interested to know if there’re any major issues with the configuration I’m using. I’m completely new to Caddy v2 but used v1 a bit.

4. Error messages and/or full log output:

No real output as much as missing information in the jwt.

5. What I already tried:

I’ve tried looking the github pages for jwt and auth portal to get a better understanding about the claims and such, but I’m not getting much wiser. Since this isn’t really my forte, I’m probably not even using the correct vocabulary. I’m hopefully making myself understood, anyway.

This is being discussed here https://github.com/greenpau/caddy-auth-jwt/issues/49

2 Likes

Yeah, sorry, I forgot I actually posted here :confused:

This topic was automatically closed after 30 days. New replies are no longer allowed.