Warning This repo is no longer maintained. It's now a package within Nexodus

go-oidc-agent is a small binary designed to act as a Backend-For-Frontend, handling the OIDC authentication on behalf of the frontend app.

It is heavily influenced by oauth-agent-node-express with the following notable differences:

1. It's written in Go
2. The session storage (used for tokens) is swappable so it can use encrypted cookies, memcached etc...
3. It acts as a proxy for request from the frontend the configured backend API, adding the necessary authentication credentials.

There are also some omissions, which will need addressing before this can be used in production.

1. CSRF Token Support

There is a working example in the examples directory. To use this you must first add 3 domains to your /etc/hosts.

• auth.widgetcorp.local - The Auth Server
• widgets.local - Your Frontend
• api.widgets.local - Backend For Frontend

To start the example, run docker compose up -d.

Note Podman Compatibility This will work on podman-compose also, but you will need to.

• Install the latest development version
• Add the following to your containers.conf file

[containers]
base_hosts_file="none

You can then browse to http://widgets.local:8080, which will redirect you to the login page.

The login page will call the backend to find the login URL, and then redirect you to http://auth.widgetcorp.local where you can login with [email protected] and the password admin.

On successful login, you're redirected back to the frontend. The frontend sends the received code to the backend where it's exchanged for a token that can be used to access the API. This token is stored in an encrypted cookie.

Once you're fully authenticated, the frontend may then call the /api enpdoint of the backend. This proxies requests to the apiserver with the credentials from the securecookie injected.