43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
(auth) {
|
|
order authenticate before respond
|
|
order authorize before reverse_proxy
|
|
security {
|
|
oauth identity provider google {
|
|
realm google
|
|
driver google
|
|
client_id {$OAUTH_CLIENT_ID}
|
|
client_secret {$OAUTH_CLIENT_SECRET}
|
|
scopes openid email profile
|
|
}
|
|
authentication portal myportal {
|
|
enable identity provider google
|
|
cookie domain veenboer.xyz
|
|
ui {
|
|
links {
|
|
"My Identity" "/whoami" icon "las la-user"
|
|
}
|
|
}
|
|
|
|
transform user {
|
|
match realm google
|
|
action add role authp/user
|
|
}
|
|
|
|
transform user {
|
|
match realm google
|
|
|
|
# Give this account admin role in the auth portal
|
|
match email rik.veenboer@gmail.com
|
|
action add role authp/admin
|
|
}
|
|
}
|
|
authorization policy mypolicy {
|
|
set auth url https://auth.rik.veenboer.xyz/oauth2/google
|
|
allow roles authp/admin authp/user
|
|
validate bearer header
|
|
inject headers with claims
|
|
}
|
|
}
|
|
|
|
}
|