Public Repository

Last pushed: 5 months ago
Short Description
Stateless OpenID Connect Identity Provider backed by Google Auth and G Suite.
Full Description

CorpAuth

Stateless OpenID Connect Identity Provider backed by Google Auth and G Suite.

Why OpenID Connect?

OpenID Connect 1.0 is an authentication layer on top of the solid OAuth 2.0 authorization protocol.

It provides:

  • Authentication (using authorization for authN purposes)
  • Basic profile information about user (which enables authZ as well)
  • Custom claims for ID Token.
    • perms with list of all Google leaf permissions that user is member of.
    • teams with list of all Google teams user is member of.

Validated using https://openid.net/certification

Usage

Usage described as example k8s deployment:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: <name>
  namespace: <namespace>
  labels:
    k8s-app: <label>
spec:
  replicas: <replicas>
  template:
    spec:
      containers:
      - name: <name>
        args:
        - "serve"
        - "/etc/corp-auth/conf/server.yaml"
        image: bplotka/corpauth:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: httpt
          protocol: TCP
        volumeMounts:
         < .. keys >
          - mountPath: /etc/corp-auth/conf/
            name: corpauth-config
            readOnly: true
        readinessProbe:
          httpGet:
            path: /_healthz
            port: 80
      restartPolicy: Always
      volumes:
    < .. secrets>
      # Config map with CorpAuth configuration.
      - name: corpauth-config
        configMap:
          name: config-corpauth
          items:
          - key: server.yaml
            path: server.yaml
Docker Pull Command
Owner
bplotka

Comments (0)