Last active
August 29, 2019 02:49
-
-
Save EvanK/826553e05f82b6c9a3554df705ade911 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # configuring our local server for auth via Google | |
| OIDCRedirectURI /example/redirect_uri | |
| OIDCCryptoPassphrase some-big-fancy-secret-passphrase | |
| OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration | |
| # ensure the provider (Google in this case) gives us the user email | |
| OIDCScope "openid email" | |
| # credentials from the Google API console | |
| OIDCClientID 123456789012-somelonghashedid.apps.googleusercontent.com | |
| OIDCClientSecret shhh-another-secret | |
| # set our REMOTE_USER value to email (shows up in apache logs, so YMMV security-wise) | |
| OIDCRemoteUserClaim email | |
| <VirtualHost *:80> | |
| ServerName app.example.com | |
| DocumentRoot /var/www/app | |
| <Directory /var/www/app/> | |
| Options FollowSymLinks | |
| AllowOverride All | |
| Require all granted | |
| </Directory> | |
| <Location /> | |
| AuthType openid-connect | |
| <RequireAll> | |
| # only allow this one guy | |
| Require claim email~^(veryspecificuser@example.com)$ | |
| Require claim email_verified:true | |
| </RequireAll> | |
| </Location> | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment