Skip to content

How to get Vouch Proxy to work with homegrown local OAuth service #144

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
How to get Vouch Proxy to work with homegrown local OAuth service#144
Labels
enhancementhelp wantedquestion
@redm123

Description

@redm123
redm123
opened on Aug 19, 2019

Hi

I'm trying to get vouch-proxy to work with some homegrown local OAuth service. Went through the docs a couple of times, looked through reports here, tried this and that. But no success so far. Meanwhile I'm starting to think that either I'm missing the obvious or my use case/our OAuth service is (currently) simply not supported.

See vouch config, nginx config, logs at https://hasteb.in/ivepiwev.yaml

Some identifiers used:
local homegrown Oauth service: api.foobar.com
Vouch proxy: vouch.example.com
Protected web application: myapp.example.com
client_id: <MY_CLIENT_ID>
client_secret: <MY_CLIENT_SECRET>

I first tried with "oidc" provider, but that dies with
2019-08-15T15:00:15.743Z ERROR http: panic serving 172.17.0.2:56372: interface conversion: interface {} is nil, not string
see hasteb.in:198

Maybe because our OAuth service does not really have a "userinfo" endpoint...? (I used something else instead, but I'm not sure vouch-proxy ever tries to call it)

Then I tried "adfs" provider (whatever that is, read it in some ticket here). This seems to get me a little further.

First problem was that it always put the cookie into vouch.example.com domain, and of course it got not sent when accessing myapp.example.com again, getting in an endless validation loop. Not sure if there is something wrong in my config in the first place, but I was eventually able to fix that by forcing the domain to example.com.

But now it fails with no Username found in jwt. Well, yea... there is none... not sure where this is should come from...

The only thing that delivers something like a user name here is the /token endpoint. But it seems never called by vouch-proxy. And even if, would it return me the data inside?? What it returns looks something like this:

{ "access_token":"fffffffffffff", "token_type":"Bearer", "refresh_token":"xxxxxxxxxxxxxxxx", "expires_in":3600, "account_key":"6666666666666", "account_type":"", "email":"[email protected]", "firstName":"Foo", "lastName":"Bar", "hello_key":"1234567890", "version":"3" }

Any help appreciated :)

Thanks

Michael

Metadata

Assignees

No one assigned

    Labels

    enhancementhelp wantedquestion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions