Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth - custom redirect_url for proxys #1318

Open
oxygen50 opened this issue Nov 27, 2023 · 1 comment
Open

OAuth - custom redirect_url for proxys #1318

oxygen50 opened this issue Nov 27, 2023 · 1 comment

Comments

@oxygen50
Copy link

Is your feature request related to a problem? Please describe.
When connecting a proxy inbetween the user and the application this occurrs. As the app has a internal dns entry and a public dns entries the proxy handels the forwarding. The used proxy is Application Proxy by Microsoft.
https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy

This proxy puts a "layer on top" of Thruk and provides a secure way to access apps via the microsoft datacenter and OAuth2 preconfigured by microsoft. After this layer the OAuth2 via Thruk can be configured. However this needs the external dns entry, but thruk only takes the loginpage url which is the internal proxy url. Therefore we need to modify thruk to include the option to modify this entry to custom.
The error is this:

grafik

Something like this is the workflow of application proxy.

User -> Public DNS Entry -> OAuth via Microsoft (DDOS etc.) -> Login via Microsoft -> App proxy internal url -> Thruk -> Login via OAuth2 by Thruk -> UI

Describe the solution you'd like
Add to OAuth.pm & Documentation the following.
Adds a read from the config file to read the parameter redirect_url this redirect url can be configured inside the application with microsoft.

Line 60 to 67

        my $res = $ua->post($auth->{'token_url'}, {
                                    client_id       => $auth->{'client_id'},
                                    client_secret   => $auth->{'client_secret'},
                                    code            => $code,
                                    redirect_uri    => $auth->{'redirect_url'},
                                    state           => $state,
                                    grant_type      => 'authorization_code',
        });

Line 150 to 156

    my $oauth_login_url = Thruk::Utils::Filter::uri_with($c, {
                                    client_id       => $auth->{'client_id'},
                                    scope           => $auth->{'scopes'},
                                    state           => $state,
                                    response_type   => 'code',
                                    redirect_uri    => $auth->{'redirect_url'},
                            }, 1, $auth->{'auth_url'}, 1);

Describe alternatives you've considered
There are no alternatives to make oauth2 work with azure application proxy and the native thruk oauth plugin.

Additional context
See above.
@oxygen50
Copy link
Author

oxygen50 commented Feb 5, 2024

push

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oxygen50