Simple OIDC authentication

rucciva · August 27, 2022, 6:07am

1. Output of `caddy version`:

Not running yet

2. How I run Caddy:

Not running yet

a. System environment:

Linux + docker

b. Command:

Not running yet

c. Service/unit/compose file:

Not running yet

d. My complete Caddy config:

Not running yet

3. The problem I’m having:

Hi, all. What is the best way to achieve this scenario with caddy and its plugin ecosystem?

Check incoming request.
If not from certain IP, assert jwt from certain cookies
If JWT is valid, continue processing the request to the next handler and ignore next step.
If JWT is invalid, redirect to oidc provider authorization url.
Upon succesful login with oidc and after being redirected back to caddy, set certain cookies with oidc access token (JWT)
Redirect back to url visited in step 1

4. Error messages and/or full log output:

Not runnng yet

5. What I already tried:

Not running yet

6. Links to relevant resources:

francislavoie · August 27, 2022, 1:47pm

You’re probably looking for this plugin:

rucciva · August 28, 2022, 9:04am

Hi @francislavoie , thanks for the link. I’ve read the doc but i can’t figure out how to skip the built-in ui of the authenticate plugin. Do you happen to know how to do it?

francislavoie · August 28, 2022, 9:16am

Open an issue on the plugin’s repo to ask for help; the developer will be able to help more effectively than I can.

ajung · September 4, 2022, 12:10am

If you’re using caddy as a reverse proxy
add this between caddy and frontend/backends

works like a charm

Simple OIDC authentication

1. Output of caddy version:

2. How I run Caddy:

a. System environment:

b. Command:

c. Service/unit/compose file:

d. My complete Caddy config:

3. The problem I’m having:

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

1. Output of `caddy version`: