Skip to content
This repository was archived by the owner on Mar 25, 2024. It is now read-only.

j0rsa/github-oauth-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github
.github
 
 
doc
doc
 
 
docker
docker
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Github OAuth Authentication service

This is a simple service to authenticate users via Github OAuth and use it as an authentication middleware in a bundle with Traefik

Traefik setup

Docker Cloud Automated build Docker Cloud Build Status

CodeFactor

Flow

Flow diagram ref

Register

  1. Start creating new oauth app
  2. Write your homepage and authorized callback URL
  3. click register application
  4. Copy client ID and client Secret

Endpoints

Method URL Description
GET /health Healthcheck which returns Code 200
GET /auth/login Redirect to login page with required scopes for provided client id
POST /auth/token Get JWT token by passing user code { "code": "<code>"} after auth on https://github.com/login/oauth/authorize?scope=user%3Aread,user%3Aemail&client_id=...
GET /auth/check Checks the token and returns code 200 with Headers: X-Auth-Id with user id, X-Auth-User with user name and X-Github-Token with github oauth user token
POST /auth/refresh Refresh token with a new one by passing the old valid one { "token": "eyJhbGciOiJIUz..." }

Environment variables

Variable Default value Description
RUST_LOG info defines the log level of app
BIND_ADDRESS 0.0.0.0 Address of web server to listen connections
BIND_PORT 8080 Port of web server to listen connections
JWT_SECRET -- JWT HS256 Secret Key
JWT_ISS "" iss (issuer): Issuer of the JWT
JWT_AUD "" aud (audience): Recipient for which the JWT is intended
JWT_EXP_DAYS 30 exp (expiration time): Time in days after which the JWT expires
JWT_NBF_DAYS 0 nbf (not before time): Time in days before which the JWT must not be accepted for processing
JWT_LEEWAY_SEC 0 leeway (in seconds) to the exp, iat and nbf validation to account for clock skew
GH_CLIENT_ID "" Github oAuth App client id
GH_CLIENT_SECRET "" Github oAuth App client secret
GH_CODE_REDIRECT "" Redirect page after login
GH_SCOPE "user:read,user:email" Github Scope to request

*Bold variables are required to specify

Build

Build release locally

cargo build --release

Build release in docker and prepare an image

docker build -t j0rsa/github-oauth-service .

ref: https://shaneutt.com/blog/rust-fast-small-docker-image-builds/

ref: https://medium.com/@gdiener/how-to-build-a-smaller-docker-image-76779e18d48a

Troubleshooting

Inspect image filesystem

docker run --rm -it <image name or id> sh

Test run

docker run --rm -it github-oauth-service

About

hub.docker.com/r/j0rsa/gh-auth

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages