OAuth2 Proxy for Single-Sign-On with Nginx

This application implements a generic OAuth2 client for easy integration of NGINX into an OAuth2-based Single-Sign-On system. It is bound to a single OAuth2 server (urls defined in config) and -- apart from a session cookie -- stateless. OAuth2 client id, secret and redirect URI are passed from the integrating NGINX to the proxy in HTTP headers.

The following data about the authenticated user is returned by the /auth endpoint as HTTP headers:

• OAUTH-USER-ID: (usually numeric) unique user id
• OAUTH-USER-NAME: display name
• OAUTH-USER-NICKNAME: unique user name (for urls, @-handles, ...)
• OAUTH-USER-EMAIL: email address
• OAUTH-USER-GROUPS: comma-separated list of group names

See testapp for an example setup.