OAuth

Grey Matter’s sidecar proxy supports full OAuth 2.0 negotiation.

Filter Configuration Options

Name	Type	Default	Description
provider	String	""	The url for the OpenID connect provider to use. This is used to determine the particular OAuth endpoints.
client_id	String	""	The public identifier registered with the OAuth authorization server.
client_secret	String	""	The secret known only to the application and the authorization server.
server_name	String	""	The host name of the application. When a user signs in through the OAuth provider, they will need to be redirected back to your application; this host name will be used during the redirect.
server_insecure	Boolean	false	Setting this to true specifies that you're application is not protected by TLS; the redirect URL will then use http as the scheme instead of https. NOTE: this should only be used for development, and with test users for which you don't mind leaking access: OAuth credentials will be sent un-encrypted over plain HTTP.
session_secret	String	""	The secret known only to the application. This will be used to cryptographically sign the user's session cookie.
domain	String	""	A regex describing the expected email domain(s) for authorized users. If this regex pattern does not match, the attempted login is forbidden.

Example

http_filters:
- name: gm.oauth
  config:
    provider: https://accounts.google.com
    client_id: 234q2348uads8f9sdafds.apps.googleusercontent.com
    client_secret: secret
    server_name: oauth.yoursite.com
    server_insecure:  false
    session_secret: secret2
    domain: gmail.com