GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ncw → oauthproxy

ncw / oauthproxy

Licence: MIT license
This is an oauth2 proxy server

Programming Languages

go
31211 projects - #10 most used programming language

Labels

oauthoauth2proxy

Projects that are alternatives of or similar to oauthproxy

Express Starter
It's a hackathon-starter fork, but designed to use PostgreSQL by default (or MySQL)
Stars: ✭ 215 (+571.88%)
Mutual labels:  oauth, oauth2
Slack
[READ ONLY] Subtree split of the SocialiteProviders/Slack Provider (see SocialiteProviders/Providers)
Stars: ✭ 11 (-65.62%)
Mutual labels:  oauth, oauth2
Authlib
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Stars: ✭ 2,854 (+8818.75%)
Mutual labels:  oauth, oauth2
Twitch
[READ ONLY] Subtree split of the SocialiteProviders/Twitch Provider (see SocialiteProviders/Providers)
Stars: ✭ 20 (-37.5%)
Mutual labels:  oauth, oauth2
oauth2-server
A spec compliant, secure by default PHP OAuth 2.0 Server
Stars: ✭ 6,128 (+19050%)
Mutual labels:  oauth, oauth2
External Auth Server
easy auth for reverse proxies
Stars: ✭ 189 (+490.63%)
Mutual labels:  oauth, oauth2
Authing
🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.
Stars: ✭ 247 (+671.88%)
Mutual labels:  oauth, oauth2
Assent
Multi-provider framework in Elixir
Stars: ✭ 126 (+293.75%)
Mutual labels:  oauth, oauth2
IdentityServer4.PhoneNumberAuth
Sample passwordless phone number authentication using OAuth in ASP.NET Core 2.2
Stars: ✭ 83 (+159.38%)
Mutual labels:  oauth, oauth2
instagram-oauth-nodejs-server
Node.js server for Intagram-API OAuth purpose.
Stars: ✭ 12 (-62.5%)
Mutual labels:  oauth, oauth2
Portfolio Generator
HoxNox - Portfolios Made Easy, Generate portfolios in 3 easy steps
Stars: ✭ 166 (+418.75%)
Mutual labels:  oauth, oauth2
VKontakte
[READ ONLY] Subtree split of the SocialiteProviders/VKontakte Provider (see SocialiteProviders/Providers)
Stars: ✭ 82 (+156.25%)
Mutual labels:  oauth, oauth2
Ngx Oauth
OAuth 2.0 proxy for nginx written in Lua.
Stars: ✭ 146 (+356.25%)
Mutual labels:  oauth, oauth2
Oauthlib
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
Stars: ✭ 2,323 (+7159.38%)
Mutual labels:  oauth, oauth2
Fresh
🍋 A token refresh library for Dart.
Stars: ✭ 128 (+300%)
Mutual labels:  oauth, oauth2
Pow assent
Multi-provider authentication for your Pow enabled app
Stars: ✭ 236 (+637.5%)
Mutual labels:  oauth, oauth2
Fosite
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
Stars: ✭ 1,738 (+5331.25%)
Mutual labels:  oauth, oauth2
Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Stars: ✭ 11,884 (+37037.5%)
Mutual labels:  oauth, oauth2
sample-oauth2-client
Sample OAuth2 client using the GitHub API
Stars: ✭ 69 (+115.63%)
Mutual labels:  oauth, oauth2
lumen-oauth2
OAuth2 module for the Lumen PHP framework.
Stars: ✭ 29 (-9.37%)
Mutual labels:  oauth, oauth2
View All Similar Projects ➔

oauth2 proxy

This is an oauth2 proxy designed to run on Google Appengine. Its purpose is to allow users to connect to an oauth service while hiding the client ID and client secret for the service from the users.

It works by receiving connections and proxying them onwards. It changes any client ID and client secrets as it passes through into the secret version.

Authentication to this proxy is done with a different client ID and client secret. These must be correct for the proxy to use the secret credentials.

It doesn't store any data or credentials as they pass through the proxy.

It is designed to be compatible with any oauth2 application.

Installation

Follow the go appengine quickstart "before you begin" section.

You should now have a working gcloud tool at this point and a project created with appengine before continuing.

Install the go language. Make sure go is on your PATH by running go version.

Set GOPATH - this should be a specific one for this project.

export GOPATH=/tmp/go-appengine

Install the appengine support libraries

go get google.golang.org/appengine

Check out the code wherever you like

git clone https://github.com/ncw/oauthproxy.git
cd oauthproxy

Configuration

You need to create a file like this called oauthproxy-config.json (you can find this example in oauthproxy-config.json)

{
    "AuthURL" : "https://www.amazon.com/ap/oa",
    "TokenURL" : "https://api.amazon.com/auth/o2/token",
    "ClientID" : "Your Client ID goes here",
    "ClientSecret" : "Your Client secret goes here",
    "IncomingClientID" : "Client ID (username) your users should use",
    "IncomingClientSecret" : "Client Secret (password) your users should use",
    "Name" : "oauth2 proxy"
}

Note that ClientID and ClientSecret should be the ones for the service you are trying to use at AuthURL and TokenURL.

Whereas IncomingClientID and IncomingClientSecret should be made up by you to be as secure or not as you like. These are used for authentication to this service in place of a username and password.

Testing

Now try running the development version of this code.

dev_appserver.py app.yaml

Check this starts up, and you can visit the test app at http://localhost:8080/. This should show a simple page with the current time on.

Deploy

You are ready to deploy the app to Appengine now.

gcloud app deploy

Now visit the app to check it is working

gcloud app browse

It will take you to the index page of the app. Make a note of the URL it will be something like https://YOURPROJECT.appspot.com.

rclone configuration

First make sure your oauth credentials allow the redirect URL of http://127.0.0.1:53682/ as this is what rclone uses. If you don't set this then the authorization process will fail mysteriously.

Now you need to configure rclone to use the new oauth proxy. You'll need an up to date rclone 1.37 or an up to date beta of 1.36 to use the oauth proxy.

Create a new remote with rclone config. When filling out the details in the configurator note that:

  • client_id takes the value of IncomingClientID
  • client_secret takes the value of IncomingClientSecret
  • auth_url is the same as your appspot URL but with /auth on the end.
  • token_url is the same as your appspot URL but with /token on the end.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> acd
Type of storage to configure.
Choose a number from below, or type in your own value
 1 / Amazon Drive
   \ "amazon cloud drive"
 2 / Amazon S3 (also Dreamhost, Ceph, Minio)
   \ "s3"
 3 / Backblaze B2
   \ "b2"
 4 / Dropbox
   \ "dropbox"
 5 / Encrypt/Decrypt a remote
   \ "crypt"
 6 / FTP Connection
   \ "ftp"
 7 / Google Cloud Storage (this is not Google Drive)
   \ "google cloud storage"
 8 / Google Drive
   \ "drive"
 9 / Hubic
   \ "hubic"
10 / Local Disk
   \ "local"
11 / Microsoft OneDrive
   \ "onedrive"
12 / Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
   \ "swift"
13 / SSH/SFTP Connection
   \ "sftp"
14 / Yandex Disk
   \ "yandex"
Storage> 1
Amazon Application Client Id - required.
client_id> IncomingClientID
Amazon Application Client Secret - required.
client_secret> IncomingClientSecret
Auth server URL - leave blank to use Amazon's.
auth_url> https://YOURPROJECT.appspot.com/auth
Token server url - leave blank to use Amazon's.
token_url> https://YOURPROJECT.appspot.com/token
Remote config
Make sure your Redirect URL is set to "http://127.0.0.1:53682/" in your custom config.
Use auto config?
 * Say Y if not sure
 * Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[acd]
type = amazon cloud drive
client_id = IncomingClientID
client_secret = IncomingClientSecret
auth_url = https://YOURPROJECT.appspot.com/auth
token_url = https://YOURPROJECT.appspot.com/token
token = XXXX
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y

rclone should be ready to use - test with rclone lsd acd:.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].