heimdall icon indicating copy to clipboard operation
heimdall copied to clipboard
verified publisher icon dadrus

Implement oidc client functionality

Open dadrus opened this issue 3 years ago • 0 comments

This would allow usage of heimdall without additional infrastructure components, like oauth2-proxy or lua-resty-openidc in environments where the oidc protocol is "misused" in a sense, that the oidc client and the resource server/relying party build the same application and oidc is used to get information about the authenticated user only, so only the id token is relevant.

In such 1st party scenarios, an auth proxy is used to drive the authorization code grant flow if no authentication information is present in the downstream request and ensures the user is authenticated. Currently, heimdall does only support the second part (and actually goes far beyond it)

Having that functionality in place would make heimdall a full fledged identity aware proxy

Requires #97

The plan is to implement OAuth for browser-based apps.

dadrus avatar Aug 17 '22 20:08 dadrus