Reputation: 94
How to authenticate to oauth2-proxy via cURL or POSTMAN
I have my service set behind oauth2-proxy and I am using version 4.0.0.
I am trying to hit an API behind the service, but unfortunately, I always get a 403 forbidden error because of oauth2-proxy being in the way.
I am looking for a way to authenticate via g-suite using oauth2-proxy and generate a token that I can then use for the service.
Does oauth2-proxy support any kind of way to authenticate via cURL or POST call?
Upvotes: 4
Views: 1823
Answers (3)
Reputation: 628
You need to first :
- Make a request to be redirected to IDP authentication.
- Authenticate to your IDP.
- Request the token from the callback URL
- Then authenticate using the token. (Probably as a bearer token)
I hope this article helps you understand better how to authenticate with an IDP.
Upvotes: 0
Reputation: 89
For Azure Entra IdP, I faced a similar situation. Here I logged in using SSO in web-browser. Noted down the Bearer Token or _oauth2_proxy in cookies. And passed this in cUrl or Postman.
For Gsuite, I believe cookies with names similar to this __Secure-3PSID contains the value required for verifying ot OAuth Level, that this request is authenticated.
So note down these cookies values and pass it in cUrl or Postman, along with your normal request to respected service. Hopefully that solves your problem.
Upvotes: 0
Reputation: 29283
It feels to me that your deployment separation is not right. OAuth has a strong focus on separation of web and API concerns. The oauth2-proxy utility is a web client and should not be deployed in front of APIs since that can limit your options.
SUBOPTIMAL DEPLOYMENT
- API is hosted behind oauth2-proxy
- oauth2-proxy issues redirects to the browser
- Browser clients can handle redirects and users can login
- After a browser login oauth2-proxy issues a cookie
- oauth2-proxy translates cookies to tokens when JavaScript calls APIs
- Mobile apps or API test clients cannot call the API
OPTIMIZED DEPLOYMENT
- Web static content is hosted behind oauth2-proxy
- oauth2-proxy issues redirects to the browser
- Browser clients can handle redirects and users can login
- After a browser login oauth2-proxy issues a cookie
- oauth2-proxy translates cookies to tokens when JavaScript calls APIs
- APIs have their own internet entry points that require access tokens
- Mobile apps or API test clients can call APIs with an access token
If I'm misunderstanding anything, maybe clarify your question and post back.
Upvotes: 2
Related Questions
- How to get a Google OAuth 2 token for API testing
- OAuth 2.0 in php using curl
- Using Postman to access OAuth 2.0 Google APIs
- How to get Google OAuth 2.0 Access token directly using curl? (without using Google Libraries)
- get google Oauth2 access token using ONLY curl
- Using postman to get OAuth2 token using Google API
- How to perform OAuth 2.0 using the Curl CLI?
- postman: How to authenticate for my webapp which uses Google OAuth2?
- How obtain connect with OAuth 2 using Postman?
- oauth2.0 how to pass access token