Authorization Middleware for Caddy
This middleware implements an authorization layer for Caddy based one OpenID Connect. You can learn more about using JWT in your application at jwt.io. It validates tokens against an external identity provider like Auth0, Google Identify Platform or Azure Identity. Note that this middleware is limited to verify that the provided token is valid and does not provide any features beyond that.
This middleware uses the Go Openid middleware that was written for the Go http server.
To set up the middleware you need to declare a openidauth block and provide
information about the token issuer, client ids and which paths to protect:
openidauth {
issuer [issuer]
clientid [clientid1]
clientid [clientid2]
path [path1]
path [path2]
}
Issuer and at least one path and at least one client id is mandatory.
Here is a full example configuration:
openidauth {
issuer https://accounts.google.com
clientid 407408718192.apps.googleusercontent.com
path /protected/
}
There are two ways to pass the token for validation: (1) in the
Authorization header and (2) as a URL query parameter. The middleware will
look in those places in the order listed and return 401 if it can't find
any token.
| Method | Format |
|---|---|
| Authorization Header | Authorization: Bearer <token> |
| URL Query Parameter | /protected?access_token=<token> |
If no token is provided and the resource is protected the middleware will insert a header: WWW-Authenticate: Bearer
To enable this plugin run go get github.com/vizrt/openidauth and import it run run.go
import _ "github.com/vizrt/openidauth"
You also need to insert a directive into plugin.go, eg before "jwt":
...
"mime",
"openidauth", // github.com/vizrt/openidauth
"jwt", // github.com/BTBurke/caddy-jwt
...