radix-oauth-guard

Radix Oauth Guard

The Guard is a HTTP Server that responds to requests on http://localhost:8000/auth and authenticates the header Authorization: Bearer JWT against the configured ISSUER, AUDIENCE and authorizes the request agains a comma separated list of subjects.

How to use

This application is designed to use with Forward Auth, specifically for ingress-nginx, enable with this annotation:

metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-url: "http://oauth-guard.monitor.svc.cluster.local:8000/auth"

Configuration

Developing

You need Go installed. Linting is done by golangci-lint

Dependencies - go modules

Go modules are used for dependency management. See link for information how to add, upgrade and remove dependencies. E.g. To update radix-operator dependency:

Running locally

The following env vars are needed. Useful default values in brackets.

LOG_PRETTY=True ISSUER=https://issuer-url/ AUDIENCE=some-audience SUBJECTS=default,kubernetes,somename go run .

Validate code

Update version

We follow the semantic version as recommended by go.

Deployment

TODO

Pull request checking

Radix API makes use of GitHub Actions for build checking in every pull request to the main branch. Refer to the configuration file of the workflow for more details.

Contributing

Read our contributing guidelines


Security notification