snapshot of caddy with oauth security plugin

caddy/conf/auth.caddy

@@ -0,0 +1,42 @@
+(auth) {
+   order authenticate before respond
+   order authorize before reverse_proxy
+   security {
+           oauth identity provider google {
+                   realm google
+                   driver google
+                   client_id {$OAUTH_CLIENT_ID}
+                   client_secret {$OAUTH_CLIENT_SECRET}
+                   scopes openid email profile
+           }
+           authentication portal myportal {
+                   enable identity provider google
+                   cookie domain veenboer.xyz
+                   ui {
+                           links {
+                                   "My Identity" "/whoami" icon "las la-user"
+                           }
+                   }
+
+                   transform user {
+                           match realm google
+                           action add role authp/user
+                   }
+
+                   transform user {
+                           match realm google
+
+                           # Give this account admin role in the auth portal
+                           match email rik.veenboer@gmail.com
+                           action add role authp/admin
+                   }
+           }
+           authorization policy mypolicy {
+                   set auth url https://auth.rik.veenboer.xyz/oauth2/google
+                   allow roles authp/admin authp/user
+                   validate bearer header
+                   inject headers with claims
+           }
+   }
+
+ }