Whoami example how to secure an app, that doesn't have it's own auth #123
Description
Hi,
I moving from Ingress to GW Api and found this great plugin as a replacement for Oauth2 Proxy. At least I thought it is :)
I'm trying to secure the "whoami"-Traefik-App . Just as a starter.
- I put the plugin in the values.yaml
- I configured Oauth-Client in Google Console
- Created a Middleware
- Created a HTTPRoute that uses the middleware
When I call the https://whoami.fooo.bar I'm being redirected to the Google Auth dialog. Fine.
The problem is, that when the callback is being called I get a 404
https://whoami.fooo.bar/oauth2/callback?state=d616c39b-04d9-4c91-882a-361402d2b06d -> delivers 404
Maybe I understand something wrong, but shouldn't the /oauth2/callback be handled by the plugin?
Here my resources:
apiVersion: "traefik.io/v1alpha1"
kind: Middleware
metadata:
name: oidc-auth
namespace: whoami-gw
spec:
plugin:
traefikoidc:
providerURL: https://accounts.google.com
clientID: xxx
clientSecret: xxx
callbackURL: /oauth2/callback
sessionEncryptionKey:
and
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: whoami
namespace: whoami-gw
spec:
hostnames:
- whoami.fooo.bar
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
sectionName: websecure
rules:
- backendRefs:
- group: ""
kind: Service
name: whoami
namespace: whoami-gw
port: 80
weight: 1
filters:
- extensionRef:
group: traefik.io
kind: Middleware
name: oidc-auth
type: ExtensionRef
matches:
- path:
type: Exact
value: /