This middleware adds OAuth headers to your requests so that for the upstream (service) the request is
OAuth-authenticated. Using other middleware layers you can configure any kind of downstream (client) authentication
(E.g., Basic Auth) or leave it open to the
internet! (not recommended)
After the client has signed in, tokens are kept cached and are automatically refreshed.
sequenceDiagramparticipant B as Downstream clientparticipant O as OAuth Providerparticipant P as Traefik OAuth Pluginparticipant U as Upstream serveralt First ever requestB->>P: Plain requestP->>B: 302B->>O: Auth requestO->>B: Success redirectB->>+P: OAuth callbackNote right of P: Token & refresh token storedP->>-B: Redirect back to original requestendalt Token still validB->>+P: Plain requestNote right of P: Bearer token addedP->>-U: Authorised requestU->>P: ResponseP->>B: Responseendalt Token expiredB->>P: Plain requestP->>O: Refresh tokenO->>+P: Refreshed tokensNote right of P: Tokens updated and bearer addedP->>-U: Authorised requestU->>P: ResponseP->>B: Responseend
You can set up different upstream OAuths by configuring different middlewares, or you can configure one middleware and reuse it with multiple routers/services.
This repo is GitPod friendly.