Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Support multiple auth-host's #115

Open
hexeth opened this issue Apr 24, 2020 · 8 comments · May be fixed by #302
Open

Feature request: Support multiple auth-host's #115

hexeth opened this issue Apr 24, 2020 · 8 comments · May be fixed by #302
Labels
enhancement New feature or request

Comments

@hexeth
Copy link

hexeth commented Apr 24, 2020

I've been using your app for some time in auth_host mode for subdomains without any troubles, but am really struggling to add a second domain to the list. Once I add a second domain to cookie_domain everything seems to break down. Would you be able to provide an example of the correct way to set up ouath for more than one tld?
@starcraft66
Copy link

I was about to open an issue, I am experiencing similar troubles. I have been using AUTH_HOST for a long time with subdomains but today I added a new top level domain and the oauth consent screen is redirecting to the wrong auth endpoint on my new domain instead of the one at AUTH_HOST.

@thomseddon
Copy link
Owner

At the moment there isn's support for multiple auth-host's. I will leave this open as a feature request, I think it makes sense and shouldn't be hard to implement.

@starcraft66 because cookies aren't shared across domains, by design traefik-forward-auth will fallback to using the domain of the original request if it can't use an auth-host. I would suggest adding any new domains that don't fall under your auth-host to your provider for now - in the future we will support multiple auth-hosts

@thomseddon thomseddon changed the title Example request: Multiple top-level domains Feature request: Support multiple auth-host's Apr 30, 2020
@thomseddon thomseddon added the enhancement New feature or request label Apr 30, 2020
@thomseddon thomseddon mentioned this issue Oct 8, 2020
Closed
@adyanth
Copy link

adyanth commented Feb 18, 2022
edited

I would suggest adding any new domains that don't fall under your auth-host to your provider for now.

This is not a solution for me because I have traefik listening on both my public and private domains. Since all endpoints (30+ of them) are listening on both, I would need to add every single endpoint on my IdP which is the same level of effort needed that AUTH_HOST solves for one domain.

Is there work going on for this? If not, I can whip up a PR

Looks like this is where stuff should change:

traefik-forward-auth/internal/auth.go

Line 147 in c4317b7

func useAuthDomain(r *http.Request) (bool, string) {

traefik-forward-auth/internal/auth.go

Line 140 in c4317b7

return fmt.Sprintf("%s://%s%s", p, config.AuthHost, config.Path)

@adyanth adyanth linked a pull request Feb 18, 2022 that will close this issue
Open
@LukeEvansTech
Copy link

@adyanth thanks for the hard work on this one as I'm using it in the same scenario with both public/private domains and the PR is greatly appreciated. Looking forward to testing it out.

@adyanth
Copy link

adyanth commented Mar 10, 2022

I can add test cases and push it out, I was waiting for @thomseddon to check if the implementation is okay.

I am waiting to use it as well :)

@adyanth
Copy link

adyanth commented Mar 12, 2022

Added the test cases too, waiting for the PR to be accepted. @thomseddon can you have a look at this?

@adyanth
Copy link

adyanth commented Mar 17, 2022

I am currently using it successfully with no changes other than adding another AUTH_HOST (comma separated, exactly like COOKIE_DOMAIN) in my cluster.

Here is a copy of the PR for people eager to use it: https://hub.docker.com/r/adyanth/traefik-forward-auth/tags

Just use adyanth/traefik-forward-auth:2 instead of thomseddon/traefik-forward-auth:2 for now. Remember to change it back once this PR is merged since I do not plan on maintaining that fork. I just needed this to work :)

@nakermann1973
Copy link

nakermann1973 commented Jun 30, 2023
edited

Thank you - I hope this gets merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Multiple AUTH_HOST support adyanth/traefik-forward-auth
6 participants
@thomseddon @starcraft66 @hexeth @LukeEvansTech @adyanth @nakermann1973