Giter Site home page Giter Site logo

openresty-keycloak-gateway's Introduction

Description

openresty-keycloak-gateway is a fully working example of a reverse proxy, that supports JWT authentication.

Technologies used:

  • Keycloak, provides authentication, authorization, user management, etc
  • OpenResty (with lua-resty-openidc module), web platform (like nginx)

Note that the reverse proxy needs to validate a JWT token in order to forward the request. In this case we need to provide an Authorization: Bearer bearer_token_here header.

Also in every request the gateway, replaces the Authorization with a X-Real-Name header to the request.

Original request

GET /api/v1/test HTTP/1.0
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Bearer bearer_token_here
Accept-Language: en-us

Forwarded request

GET /api/v1/test HTTP/1.0
Host: localhost
X-Real-IP: 172.17.0.1
X-Forwarded-For: 172.17.0.1
X-Forwarded-Proto: http
Connection: close
Accept: */*
User-Agent: Rested/2009 CFNetwork/1128.0.1 Darwin/19.6.0 (x86_64)
Accept-Language: en-us
Accept-Encoding: gzip, deflate
X-Real-Name: ewoJImZpcnN0X25hbWUiOiAidXNlciIsCgkidXVpZCI6ICIwYmM5MTMyNS0xNjk3LTRiNmQtYjRiZi01MGYxZmNmZGMzZWIiLAoJInJvbGVzIjogWyJST0xFX1RFU1RfMSIsICJST0xFX1RFU1RfMiJdLAoJImxhc3RfbmFtZSI6ICJ1c2VyIiwKCSJ1c2VybmFtZSI6ICJ1c2VyIiwKCSJlbWFpbCI6ICJ1c2VyQHRlc3QudGVzdCIKfQ==

X-Real-Name

Is a base64 encoded json object, which contains user information.

{
	"first_name": "user",
	"uuid": "0bc91325-1697-4b6d-b4bf-50f1fcfdc3eb",
	"roles": ["ROLE_TEST_1", "ROLE_TEST_2"],
	"last_name": "user",
	"username": "user",
	"email": "[email protected]"
}

Prerequisites

  • A working Keycloak identity server. See here.
  • A keycloak realm. See here
  • A keycloak client with Access type: public.
  • A simple http echo server (Optional)

Docker

Dockerfile

See Dockerfile

docker build

docker build -t authproxy .

docker run

docker run --name authproxy -d -it -p 8000:8000 -v $PWD/nginx.conf:/nginx.conf authproxy -c /nginx.conf

nginx.conf

See nginx.conf

Notes

keycloak

  • Change the client_id.
  • Change keycloak_base_url to locate your Keycloak server.

proxy_pass

In the location section, proxy_pass is used to forward request to another service. In this case we forward the request to a simple echo http server.

Test http server, for debug purposes

Note: in each request http-echo-server adds 2 sec timeout.

npm i -g http-echo-server

Links

https://eclipsesource.com/blogs/2018/01/11/authenticating-reverse-proxy-with-keycloak/

https://www.keycloak.org/docs/latest/getting_started/index.html

https://github.com/zmartzone/lua-resty-openidc

https://openresty.org/en/

https://jwt.io/

openresty-keycloak-gateway's People

Contributors

smyrgeorge avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.