AlexK/proxy-oidc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
proxy-oidc/README.md
Alexandre KIENTZ 7071452e66 first commit
2025-12-03 20:54:35 +01:00

1.7 KiB
Raw Blame History

Auth Proxy

Simple Express proxy that requires a login screen before forwarding requests to an upstream site.

Usage

  1. Create a config.json (or copy config.example.json) in the project root and configure one or more hosts. Each host can have an oidc section to point to a Keycloak/OpenID Provider.

Example config.json (copy from config.example.json and edit):

[ ... ]
  1. Set environment variables in a .env file (optional):
PORT=3000
SESSION_SECRET=change-me
  1. Install and run:
npm install
npm start
  1. Open http://localhost:3000 — if a host requires OIDC you'll be redirected to Keycloak for login. After a successful OIDC flow the proxy stores tokens in the session and forwards requests to the configured upstream.

Notes

  • For OIDC hosts you must create a Keycloak client (confidential) with an appropriate redirect URI matching the host redirect_uri (e.g. http://localhost:3000/callback/app1).
  • This is a demo scaffold: replace the simple in-memory USERS store, hard-coded session handling, and consider using a persistent session store and HTTPS in production.
  • The proxy injects Authorization: Bearer <access_token> when available and X-Forwarded-User with the authenticated username.

Admin web UI

  • There is a minimal admin interface at http://localhost:3000/admin to manage hosts (create/edit/delete) and reload OIDC clients.
  • Default admin credentials are read from environment variables ADMIN_USER / ADMIN_PASS (defaults to admin/admin).
  • When you save hosts in the admin UI they are persisted to config.json in the project root.

Security notes

  • Protect the admin UI behind strong credentials and run the proxy with HTTPS in production.