This is a proxy that sits between an application that doesn't handle JWT and an authentication proxy. It decodes the JWT and sends the relevant information as HTTP headers.
It can be seen as a translation layer between JWT and classic Auth Proxy.
See the docs for details.
There's a build available on Docker Hub.
$ docker run vladvasiliu/aws-alb-oauth-proxy:latest http://upstream.url
For a quick help:
$ docker run vladvasiliu/aws-alb-oauth-proxy:latest -h
$ cd aws-alb-oauth-proxy/ $ pip install -r requirements.txt $ python aws_alb_oauth_proxy http://upstream.url
For a quick help:
$ python aws_alb_oauth_proxy -h
The use case is running Grafana behind an AWS Application Load Balancer with OpenID Connect authentication.
Grafana can do OIDC authentication itself, but cannot delegate it to a proxy nor handle JWT authentication. Work is in progress to implement this (see Grafana PR #15187)
This is implemented in Python 3.7 using asyncio and aiohttp.
This project use the Black code style.
Issues and pull requests may be submitted through GitHub.
This code is distributed under GPLv3. See LICENSE for the full text.