https://sso.konst.fish is an OAuth2 Proxy which authorizes any member of the shoal-konst-fish GitHub Org.
Architecture
flowchart TD
A[Web] --> ing(Ingress)
subgraph OAuth2 Flow
ing -->|1| sso[sso.konst.fish]
sso -->|2| gh{{GitHub IdP}}
gh -->|3| sso
sso -->|4| ing
end
ing -->|5| srv(Service)
Usage
Add the following annotations to an ingress to use the proxy. All request made to the ingress will be secured by the proxy. The headers X-Auth-Request-Email
, X-Auth-Request-Groups
& X-Auth-Request-User
are passed to the application, which can be used to identify and assign appropriate access levels to the user.