Search code examples
oauth-2.0google-oauthoauth2-proxy

How to authenticate to oauth2-proxy via cURL or POSTMAN

I have my service set behind oauth2-proxy and I am using version 4.0.0.

I am trying to hit an API behind the service, but unfortunately, I always get a 403 forbidden error because of oauth2-proxy being in the way.

I am looking for a way to authenticate via g-suite using oauth2-proxy and generate a token that I can then use for the service.

Does oauth2-proxy support any kind of way to authenticate via cURL or POST call?

Solution

  • It feels to me that your deployment separation is not right. OAuth has a strong focus on separation of web and API concerns. The oauth2-proxy utility is a web client and should not be deployed in front of APIs since that can limit your options.

    SUBOPTIMAL DEPLOYMENT

    • API is hosted behind oauth2-proxy
    • oauth2-proxy issues redirects to the browser
    • Browser clients can handle redirects and users can login
    • After a browser login oauth2-proxy issues a cookie
    • oauth2-proxy translates cookies to tokens when JavaScript calls APIs
    • Mobile apps or API test clients cannot call the API

    OPTIMIZED DEPLOYMENT

    • Web static content is hosted behind oauth2-proxy
    • oauth2-proxy issues redirects to the browser
    • Browser clients can handle redirects and users can login
    • After a browser login oauth2-proxy issues a cookie
    • oauth2-proxy translates cookies to tokens when JavaScript calls APIs
    • APIs have their own internet entry points that require access tokens
    • Mobile apps or API test clients can call APIs with an access token

    If I'm misunderstanding anything, maybe clarify your question and post back.