seperate proxy for rewriting openid config

2024-12-05 14:35:31 +01:00
parent 99de812ed5
commit 97d44d3d2f
5 changed files with 45 additions and 2 deletions
--- a/authentik/proxy/Dockerfile
+++ b/authentik/proxy/Dockerfile
@@ -0,0 +1,6 @@
+FROM python:3.12-slim
+WORKDIR /app
+RUN pip install --no-cache-dir flask gunicorn requests
+COPY app.py .
+EXPOSE 5000
+CMD ["gunicorn", "-w", "1", "-b", "0.0.0.0:5000", "app:app"]
--- a/authentik/proxy/app.py
+++ b/authentik/proxy/app.py
@@ -0,0 +1,24 @@
+import os
+import requests
+from flask import Flask, jsonify, request
+
+app = Flask(__name__)
+
+@app.route("/headers")
+def headers():
+    return jsonify(dict(request.headers))
+
+@app.route("/<provider>/.well-known/openid-configuration",)
+def openid(provider):
+    internal = os.environ.get('INTERNAL')
+    external = os.environ.get('EXTERNAL')
+    url = f'/application/o/{provider}/.well-known/openid-configuration'
+    response = requests.get(f'{internal}/{url}')
+    return jsonify({
+        k: v.replace(internal, external)
+            if isinstance(v, str) and (k != 'jwks_uri') else v
+            for k, v in response.json().items()
+        })
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000)