auth0-proxy

command module

v0.0.0-...-22740ca Latest Latest Go to latest Published: Aug 1, 2018 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/quintilesims/auth0-proxy

Links

Open Source Insights

README ¶

Layer0 Auth0 Proxy

Sometimes, you want to put a sensitive web application behind a login wall. Sometimes, you don't want to write the authentication logic yourself. In this repository, we provide a proxy application that authenticates through Auth0 and can be easily inserted into any Terraform deployment.

NOTE: The Auth0 Proxy requires the layer0-terraform-provider binary for Layer0 v0.10.4+. You can find appropriate downloads at http://layer0.ims.io/releases/.

Usage

An Example

Let's discuss what a possible deployment might look like.

A Layer0 environment in which all of the following resources will live.
A sensitive application deployed to AWS.
A private load balancer that sits in front of the sensitive application.
The auth0-proxy application, also deployed to AWS.
A public load balancer that sits in front of the auth0-proxy application.

If we hand-wave away the specifics of the sensitive application (the "myapp" service in the coming example), a sample Terraform deployment of this whole system might look like this:

# main.tf

provider "layer0" {
  endpoint        = "${var.endpoint}"
  token           = "${var.token}"
  skip_ssl_verify = true
}

resource "layer0_environment" "demo" {
  name = "demo"
}

resource "layer0_load_balancer" "myapp" {
  name        = "myapp"
  environment = "${layer0_environment.demo.id}"
  private     = true

  port {
    host_port      = 80
    container_port = 80
    protocol       = "http"
  }
}

resource "layer0_service" "myapp" {
  name          = "myapp"
  environment   = "${layer0_environment.demo.id}"
  load_balancer = "${layer0_load_balancer.myapp.id}"
  # and any other values that myapp needs
}

# Here's what we do in order to add the auth0-proxy:
module "auth0" {
  source                  = "github.com/quintilesims/auth0-proxy//terraform"
  auth0_domain            = "SOME AUTH0 DOMAIN"
  auth0_client_id         = "AUTH0 CLIENT ID"
  auth0_client_secret     = "AUTH0 CLIENT SECRET"
  auth0_redirect_uri      = "https://${module.auth0.load_balancer_url}"
  layer0_environment_id   = "${layer0_environment.demo.id}"
  proxy_load_balancer_url = "${layer0_load_balancer.myapp.url}"
  ssl_certificate         = "NAME OF AN SSL CERTIFICATE"
}

output "auth0_proxy_load_balancer_url" {
  value = "https://${module.auth0.load_balancer_url}"
}

Now, all traffic should access the sensitive application by using the value of the auth0_proxy_load_balancer_url output.

Required Parameters

There are eight paramters that must be supplied to the Auth0 Proxy module.

Note: The Auth0 Proxy requires a configured Auth0 client that is responsible for authenticating users. Several of the parameters that the Auth0 Proxy module requires come from this client.

source - The location of the terraform files for the Auth0 Proxy module. This will probably always be "github.com/quintilesims/auth0-proxy//terraform".
auth0_domain - The domain you will use for Auth0 authentication.
auth0_client_id - The ID of the Auth0 client to be used for authentication.
auth0_client_secret - The secret string of the Auth0 client to be used for authentication.
auth0_redirect_uri - The location to which Auth0 should redirect after authentication. Unless you have a custom domain, this should be the URL of the Auth0 Proxy's load balancer. (You can get that programmatically: "https://${module.auth0.load_balancer_url}".) NOTE: This must contain the protocol, and must match a URL specified in the Auth0 client's allowed callback URLs.
layer0_environment_id - The ID of the Layer0 environment in which to deploy the Auth0 Proxy module. This should be the same environment in which the sensitive application is deployed.
proxy_load_balancer_url - The location to which authenticated traffic should be directed. In other words, the private load balancer that sits in front of the sensitive application. NOTE: This must NOT include the protocol (i.e. "http://").
ssl_certificate_name - The Auth0 Proxy communicates over https, so you must supply an SSL certificate. While testing, you can use the default certificate that the Layer0 instance creates ("l0-YOUR_LAYER0_PREFIX_HERE-api"). For production services, it's strongly recommended that you create and use a different certificate.

There are a few other variables with default values that can be overridden in the Auth0 module. You can find them at the top of the terraform/layer0.tf file.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
proxy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL