File: README.md

package info (click to toggle)
libapache2-mod-oauth2 4.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 220 kB
  • sloc: ansic: 247; makefile: 31; sh: 2
file content (62 lines) | stat: -rw-r--r-- 3,026 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
[![Build Status](https://github.com/OpenIDC/mod_oauth2/actions/workflows/build.yml/badge.svg)](https://github.com/OpenIDC/mod_oauth2/actions/workflows/build.yml)

# mod_oauth2

A module for Apache HTTP Server 2.x that makes the Apache web server operate as a OAuth 2.0 Resource Server,
validating OAuth 2.0 access tokens and setting headers/environment variables based on the validation results.


## Quickstart

Reference Bearer Access Token validation using RFC7662 based introspection:
```apache
AuthType oauth2
OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs0&client_secret=2Federate
```

JWT Bearer Access Token validation using a set of JWKs published on a `jwks_uri`:
```apache
AuthType oauth2
OAuth2TokenVerify jwks_uri https://pingfed:9031/ext/one jwks_uri.ssl_verify=false
```

RFC 8705 Mutual TLS Certificate (optionally) Bound JWT Access Token validation with a known JWK
```apache
AuthType oauth2
OAuth2TokenVerify jwk "{\"kty\":\"RSA\",\"kid\":\"one\",\"use\":\"sig\",\"n\":\"12SBWV_4xU8sBEC2IXcakiDe3IrrUcnIHexfyHG11Kw-EsrZvOy6PrrcqfTr1GcecyWFzQvUr61DWESrZWq96vd08_iTIWIny8pU5dlCoC7FsHU_onUQI1m4gQ3jNr00KhH878vrBVdr_T-zuOYQQOBRMEyFG-I4nb91zO1n2gcpQHeabJw3JIC9g65FCpu8DSw8uXQ1hVfGUDZAK6iwncNZ1uqN4HhRGNevFXT7KVG0cNS8S3oF4AhHafFurheVxh714R2EseTVD_FfLn2QTlCss_73YIJjzn047yKmAx5a9zuun6FKiISnMupGnHShwVoaS695rDmFvj7mvDppMQ\",\"e\":\"AQAB\" }" type=mtls&mtls.policy=optional
SSLVerifyClient optional_no_ca
```

RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) validation using introspection (using liboauth > 1.5.2)
```apache
OAuth2TokenVerify introspect https://pingfed:9031/as/introspect.oauth2 introspect.ssl_verify=false&introspect.auth=client_secret_basic&client_id=rs_client&client_secret=2Federate&type=dpop
```

For a detailed overview of configuration options see the `oauth2.conf` Apache configuration file in this directory.

## Features

As provided by the [`liboauth2`](https://github.com/OpenIDC/liboauth2) dependency, including:
- per-directory configuration over per-virtual host
- flexible cache configuration per cached element type
- specify multiple token verification options, tried sequentially (allow for key/algo rollover)
- claims-based authorization capabilities see: https://github.com/OpenIDC/mod_oauth2/wiki#authorization
- etc.


## Support

#### Community Support
For generic questions, see the Wiki pages with Frequently Asked Questions at:  
  [https://github.com/OpenIDC/mod_oauth2/wiki](https://github.com/OpenIDC/mod_oauth2/wiki)  
Any questions/issues should go to issues tracker.

#### Commercial Services
For commercial Support contracts, Professional Services, Training and use-case specific support you can contact:  
  [sales@openidc.com](mailto:sales@openidc.com)  


Disclaimer
----------
*This software is open sourced by OpenIDC. For commercial support
you can contact [OpenIDC](https://www.openidc.com) as described above in the [Support](#support) section.*