Announcement
oauth2-proxy - OAuth2/OIDC Authentication Proxy
oauth2-proxy is a reverse proxy and authentication gateway that provides authentication via OAuth2, OpenID Connect, and various identity providers to protect web applications and APIs.
Project Introduction
Summary
oauth2-proxy is a crucial component for modern application architectures, enabling developers to easily add an authentication layer in front of any application, regardless of its original support for OAuth2 or OIDC standards. It simplifies security management by centralizing authentication.
Problem Solved
Existing applications often lack robust built-in authentication or need to integrate with a centralized identity management system. Building custom authentication for each service is time-consuming and error-prone. oauth2-proxy solves this by externalizing authentication into a dedicated layer.
Core Features
Multiple Identity Provider Support
Support for a wide range of OAuth2/OIDC identity providers including Google, Azure AD, GitHub, GitLab, Keycloak, and more.
Reverse Proxy Functionality
Acts as a reverse proxy, authenticating requests before forwarding them to the upstream application or service.
Session Management and Header Enrichment
Manages user sessions using cookies and can enrich upstream requests with authentication headers (e.g., user email, ID).
Authorization Capabilities
Provides fine-grained access control based on user email, groups, or directory membership.
Tech Stack
使用场景
oauth2-proxy can be deployed in various scenarios to secure applications and services:
场景一:保护内部应用或传统系统
Details
Place oauth2-proxy in front of internal dashboards, administration panels, or legacy applications that lack modern authentication mechanisms.
User Value
Add a layer of enterprise-grade authentication and single sign-on (SSO) to internal tools without requiring modifications to the original application.
场景二:微服务及云原生应用的安全网关
Details
Deploy alongside services in Kubernetes or other container orchestration platforms, often integrated with Ingress controllers or as a sidecar.
User Value
Provide a consistent, externalized authentication layer for microservices, simplifying service development and management while integrating with cloud identity providers.
场景三:API访问控制
Details
Secure APIs by requiring valid tokens/sessions managed by oauth2-proxy before forwarding requests to the API backend.
User Value
Ensure only authenticated and authorized users or services can access sensitive APIs, centralizing API security policy.
Recommended Projects
You might be interested in these projects
libusblibusb
libusb is a free, cross-platform library designed to allow user-space applications to access USB devices. It simplifies the process of communicating with USB hardware from your own software.
VictoriaMetricsVictoriaMetrics
VictoriaMetrics is a fast, cost-effective, and scalable monitoring solution and time series database designed for high-ingestion, long-term storage, and efficient querying of time series data. It is fully compatible with Prometheus metrics.
Vexa-aivexa
Vexa is a self-hosted, multi-user API designed to seamlessly integrate bots into Google Meet sessions, providing real-time audio transcription and searchable records.