Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 31 2019 11:13
    matfiz commented #118
  • Jan 31 2019 11:13
    matfiz commented #118
  • Jan 31 2019 10:39
    magikstm commented #118
  • Jan 31 2019 10:20
    matfiz opened #118
  • Jan 31 2019 08:01
    JesusIslam commented #117
  • Jan 30 2019 03:34
    brianorc starred tarent/loginsrv
  • Jan 29 2019 18:21
    BlowaXD starred tarent/loginsrv
  • Jan 29 2019 16:20
    Antonito starred tarent/loginsrv
  • Jan 28 2019 20:55
    bs1180 starred tarent/loginsrv
  • Jan 28 2019 03:45
    nilium starred tarent/loginsrv
  • Jan 28 2019 00:28
    markbiria starred tarent/loginsrv
  • Jan 26 2019 22:47
    markbiria commented #117
  • Jan 26 2019 20:46
    magikstm commented #117
  • Jan 26 2019 20:05
    markbiria opened #117
  • Jan 25 2019 09:59
    smancke commented #116
  • Jan 25 2019 09:59

    smancke on master

    Fix issue 115 and a few other m… Merge pull request #116 from ma… (compare)

  • Jan 25 2019 09:59
    smancke closed #116
  • Jan 25 2019 09:59
    smancke closed #115
  • Jan 25 2019 00:06
    coveralls commented #116
  • Jan 24 2019 23:59
    magikstm opened #116
Matt 🐓
@mreider_twitter
Not sure what the issue is here...
prathamrakesh
@prathamrakesh
Hi, we just checked the loginsrv service and ran it through docker.
It ran as expected. We now wish to integrate it with our other microservices.
I understand there are two ways which you have shown
  1. simple login example which you gave. Here we can add our own user management code (through mysql) .
  2. httpupstream: we can call another service through http where username password will be sent. After it is sent, loginsrv will issue the jwt token.
    Please advice what is wrong in my understanding!
prathamrakesh
@prathamrakesh
@smancke is this community active?
Sebastian Mancke
@smancke
Hi @prathamrakesh,
yes, we actively are using it by our self (at snabble.io) and a lot of other users are also using it.
There are are 5 Auth backends currently supported. But no integration with mysql, so far.
So, what's your question?
prathamrakesh
@prathamrakesh
So I suppose in an active web app, httpupstream is the only way where users database is maintained and login is required through username and password.
If I want to maintain userdata in loginsrv itself then I can enhance the functionality in the simple login itself. Right?
Also, let me tell you this is the best piece of service in golang which takes care of maximum backends and is working out of the box. Its really appreciable.
prathamrakesh
@prathamrakesh
Also, I think active development in OSIAM has stoppped, right @smancke
Sebastian Mancke
@smancke
Yes, httpupstream seems to be a good choice for your purpose.
You should not use simple for anything else than testing, because the password is not encrypted. In case of maintaining the userdata in loginsrv itself I recommend Htpasswd with bcrypt encryption.
Thanks for the feedback! And yes: OSIAM as stopped active development.
prathamrakesh
@prathamrakesh
Thanks @smancke, I am not able to find one silly thing. Once the JWT token is given to the frontend (cookie or as data), the front end may then call another service. The wrapper at the other service should then call the loginsrv and will ask to authenticate the token. How would that happen, which function will the other service call ?
Sebastian Mancke
@smancke
No, the glue with JWT is, that you do not need the issuer of a token to validate it. A JWT token has a cryptographic signature. So the wrapper of the 'other' service can validate it on its own (using some JWT library out there), as long as both service share the crypto key.
prathamrakesh
@prathamrakesh
Yes thats correct. But that would mean sharing the crypto key with all services (I have around 10 microservices). What I think the best way would be that the 'other' service asks the loginsrv to validate it and send a say 200 response. How shall we manage that in loginsrv?
prathamrakesh
@prathamrakesh
@smancke
Sebastian Mancke
@smancke
There is no such endpoint at the moment.
prathamrakesh
@prathamrakesh
HI @samgaw
prathamrakesh
@prathamrakesh
i am using loginsrv services . i want to call the handler function from the custom function in program . how can i do that?
Sebastian Mancke
@smancke

I have released

 loginsrv v1.3.0

https://github.com/tarent/loginsrv/releases/tag/v1.3.0

  • ATTENTION: Added a config option to set the secure flag for cookies (default: -cookie-secure=true). If you run unsecure HTTP you have to set this option ot false!!!
  • Google OAuth provider now uses the google userinfo endpoint. No need to activate the google+ APIs anymore.
  • Added Gitlab OAuth Provider
  • The GET endpoint now returns the user info if the call accepts JSON
  • Default OAuth scopes for google and facebook provider. No need to configure them anymore.
  • Caddy-plugin: let upstream middleware (e.g. fastcgi and cgi) know about authenticated user
  • Caddy-plugin: fixed corner cases in handling of JWT_SECRET paramter for caddy
  • Add viewport meta tag to get proper scaling on mobile
tdorsey
@tdorsey
hi all. I'm using loginsrv and caddy to authenticate some backend services through a reverse proxy. In one of my apps, there are some ajax calls that are failing, and I'm not sure of my best path forward. Anyone able to comment on the best way to handle this?
magikstm
@magikstm
@tdorsey could you please share more details on the errors as well as your entire caddyfile? Is the website available online?
tdorsey
@tdorsey
wait one. The website is not public, unless you feel like oauthing to strange servers :)
https://pastebin.com/fD7fZQz7 has some irrelevant config edited for brevity
tdorsey
@tdorsey
generally speaking, unauthed users oauth through google to my centralized auth, which sets a jwt cookie on the root domain, and uses the query param redirect feature to fill the original request. This is working for other services, but one in particular makes ajax requests to the external address, not its base url (despite setting a baseurl and application root in the app). The ajax request doesn't have the jwt cookie, and (as expected when the cookie is missing) gets rejected. Then the app falls down
So far the only thing I've found that might work is stapling a Set-Cookie: Auth {jwt_token} Header to every request on the app's domain, but that feels like I'm working way too hard
magikstm
@magikstm

Is the "cookie_domain" appropriate for all subdomains used thorough the application?

With which browser do you have this issue? Did you try others?

tdorsey
@tdorsey
Yeah, it's a cross browser issue. The cookie is set on the root domain, everything is a sub domain under it, yes. I could work around it if the jwt plugin would take multiple "except /path" directives, but it doesn't seem to be able to do that
tdorsey
@tdorsey
ie, jwt { path / except /api }on the subdomain is fine, but jwt { path / except /api, /logs } is not
magikstm
@magikstm

Would this work?
jwt {
path /
except /api
except /logs
}

Multiple excepts can be used on multiple lines.

tdorsey
@tdorsey
Ahh.
That
S
That’s a workable solution for the moment* although it does leave those paths open, which is not ideal. Guess I’ll need to see whythe app does t respect the base url globally. Thanks for the help
Ghost
@ghost~5c5df0cfd73408ce4fb74609
Hey y'all! Thanks for an awesome product! This might not be the right place, so please redirect me if you know of a better place!
I'm trying to get Caddy, jwt and login to work together to authorize access to my reverse proxy setup, but I'm having difficulty (most likely due to my noobish ways). The browser's console clearly has my token and I've validated it at jwt.io containing relevant data.
My problem; I'm visiting home.domain.tld, and I'm redirected to auth.domain.tld. All good so far. But as soon as I've authenticated with Google, I'm returned to the login page asking me to login again. I'm not redirected back to the original home site with access to its data.
My Caddyfile is setup like this.
Anyone know what's wrong? Thanks in advance!
Ghost
@ghost~5c5df0cfd73408ce4fb74609
I just realised https://caddy.community/ might be a better place, posting there! Sorry for any inconvenience.
Michael Aldridge
@the-maldridge
I'm interested in using loginsrv as a library embedded in another system, but I need to be able to inject my own claims into the returned JWT. Is this practical?
Dimas Ahmad Eka Putra
@dimasahmad
Hello. Any plan to add Microsoft oauth support?
Michael Aldridge
@the-maldridge
@dimasahmad you're the first comment in this channel since me in February, loginsrv appears to be dead for all intents and purposes
Dimas Ahmad Eka Putra
@dimasahmad
@the-maldridge there's some activity on github tarent/loginsrv@5707da9
magikstm
@magikstm

Hello @dimasahmad there are no on-going work on adding Microsoft oauth (issue or PR).

I'm pretty sure a PR would be considered. A new issue may be fulfilled by someone else wishing to have this feature.

Dimas Ahmad Eka Putra
@dimasahmad
@magikstm How's the generic oauth provider? tarent/loginsrv#126
Also, I've noticed when using jwt I can't pass any websocket connection. Is it an expected behavior?
Guijun
@guijun
Hello, is it possible to get provider and uid after authrized ?
앤드류 | Andrew Zah
@andrew_zah_twitter
hi all, im trying to add a new oauth provider, but after StartFlow() is called, Authenticate() is not called. Does anyone know why this would be the case?
bleonard252
@bleonard252
How do you use the template? What should the file look like?
bleonard252
@bleonard252
I have made the template. It goes in login (not jwt, like I thought). template file.html
Said file.html: https://gist.github.com/bleonard252/67bec617280659924ec858eb16031cb0
Blas Rodriguez Irizar
@blasrodri
Hi :). I'm looking the functionality requested in this issue: tarent/loginsrv#132 I'd be happy to implement it. Can someone perhaps guide me on how to do it?
LЦҜΞ FILΞЩДLҜΞЯ
@claudemuller
Hi there. I'm trying to build a version of loginsrv that I've added to for my own custom needs and then add that as a plugin/middleware to Caddy running on a server.. I'm a Go n00b and unfortunately don't understand how to put all of this together?
kokleongchee
@kokleongchee
hi all, i just run the docker docker run -d -p 8080:8080 tarent/loginsrv -cookie-secure=false -jwt-secret my_secret -simple bob=secret
what is the default login id and password