caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard
verified publisher icon greenpau

question: caddy-security “oauth” directive unrecognized

Open Bermpje opened this issue 7 months ago • 1 comments

caddy-security “oauth” directive unrecognized

Overview

I built a custom Caddy binary using caddy-security but the oauth identity provider azure { … } block is still not being parsed. I’m opening this issue to understand whether I’m missing a build flag or mis-configuring something.

Dockerfile

# Stage 1: Build Caddy with Go 1.24.0 and caddy-security
FROM golang:1.24.0-alpine AS builder

ARG CADDY_VERSION=2.10.0
RUN apk add --no-cache git gcc musl-dev
RUN go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

# Build Caddy v2.10.0 with caddy-security core only
RUN xcaddy build v${CADDY_VERSION} \
    --output /usr/local/bin/caddy \
    --with github.com/greenpau/[email protected]

# Stage 2: Runtime image
FROM alpine:latest
RUN apk add --no-cache ca-certificates curl
COPY --from=builder /usr/local/bin/caddy /usr/bin/caddy

CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]

Caddyfile snippet

security {
    oauth identity provider azure {
        realm           azure
        driver          azure

        tenant_id      xxx
        client_id       yyy
        client_secret   zzz

        scopes          openid profile email offline_access
        enable id_token_cookie oidc_token
    }
}

Observed behavior

Error: adapting config using caddyfile: /etc/caddy/Caddyfile:2: unrecognized directive: oauth

Questions

  1. Should the OAuth2 provider submodule (github.com/greenpau/caddy-security/providers/authentication/oauth2) be added explicitly via --with, or is it bundled automatically with the core caddy-security module?
  2. Is the oauth identity provider azure { … } directive supposed to be recognized when only --with github.com/greenpau/caddy-security is used?
  3. Are there any changes to the provider naming (e.g. “azure” → “entra”) or other flags required to enable that directive?
  4. Am I missing any steps in the build or invocation that would activate the OAuth2 provider?

Any guidance or pointers to documentation would be greatly appreciated.

Bermpje avatar Jun 12 '25 00:06 Bermpje

@Bermpje , you are using outdated version. You should use latest. Currently 31.

Here is reference config: https://github.com/greenpau/caddy-security/issues/353

greenpau avatar Jun 12 '25 00:06 greenpau