Skip to content
/ mod_oauth2 Public
forked from OpenIDC/mod_oauth2

OAuth 2.x Resource Server module for the Apache HTTPd web server

License

Apache-2.0 license
0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

scommerot/mod_oauth2

BranchesTags
 
 

Repository files navigation

Build Status

mod_oauth2

A module for Apache HTTP Server 2.x that makes the Apache web server operate as a OAuth 2.0 Resource Server, validating OAuth 2.0 access tokens and setting headers/environment variables based on the validation results.

Quickstart

Reference Bearer Access Token validation using RFC7662 based introspection:

AuthType oauth2
OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs0&client_secret=2Federate

JWT Bearer Access Token validation using a set of JWKs published on a jwks_uri:

AuthType oauth2
OAuth2TokenVerify jwks_uri https://pingfed:9031/ext/one jwks_uri.ssl_verify=false

RFC 8705 Mutual TLS Certificate (optionally) Bound JWT Access Token validation with a known JWK

AuthType oauth2
OAuth2TokenVerify jwk "{\"kty\":\"RSA\",\"kid\":\"one\",\"use\":\"sig\",\"n\":\"12SBWV_4xU8sBEC2IXcakiDe3IrrUcnIHexfyHG11Kw-EsrZvOy6PrrcqfTr1GcecyWFzQvUr61DWESrZWq96vd08_iTIWIny8pU5dlCoC7FsHU_onUQI1m4gQ3jNr00KhH878vrBVdr_T-zuOYQQOBRMEyFG-I4nb91zO1n2gcpQHeabJw3JIC9g65FCpu8DSw8uXQ1hVfGUDZAK6iwncNZ1uqN4HhRGNevFXT7KVG0cNS8S3oF4AhHafFurheVxh714R2EseTVD_FfLn2QTlCss_73YIJjzn047yKmAx5a9zuun6FKiISnMupGnHShwVoaS695rDmFvj7mvDppMQ\",\"e\":\"AQAB\" }" type=mtls&mtls.policy=optional
SSLVerifyClient optional_no_ca

RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) validation using introspection (using liboauth > 1.5.2)

OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs_client&client_secret=2Federate&type=dpop

For a detailed overview of configuration options see the oauth2.conf Apache configuration file in this directory.

Features

As provided by the liboauth2 dependency, including:

  • per-directory configuration over per-virtual host
  • flexible cache configuration per cached element type
  • specify multiple token verification options, tried sequentially (allow for key/algo rollover)
  • claims-based authorization capabilities see: https://github.com/OpenIDC/mod_oauth2/wiki#authorization
  • etc.

Support

Community Support

For generic questions, see the Wiki pages with Frequently Asked Questions at:
https://github.com/OpenIDC/mod_oauth2/wiki
Any questions/issues should go to issues tracker.

Commercial Services

For commercial Support contracts, Professional Services, Training and use-case specific support you can contact:
[email protected]

Disclaimer

This software is open sourced by OpenIDC. For commercial support you can contact OpenIDC as described above in the Support section.

About

OAuth 2.x Resource Server module for the Apache HTTPd web server

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • M4 52.5%
  • C 43.1%
  • Makefile 4.2%
  • Shell 0.2%