Warning: Like the shitty OSS person I am, I forgot to update this. This particular iteration is exploitable in a really basic way that I missed. I will update this with the updated version hopefully soon
While authing against our Google Apps domain has worked pretty well up until now, we really needed a way to auth against out Github organization. Not everyone who is accessing some of our protected development content has an email account in our Google Apps domain. They do, however, have access to our github org.
Sadly it seems that apache and nginx modules for doing oauth are lacking.
I was hoping to avoid the whole lua approach (and mod_authnz_external
was a no go from the start). However I realized that Brian Akins (@bakins) had done some fancy omnibus work that got me 90% of the way there.
From there it was a matter of patching up the omnibus repo to bring it to current versions as well as adding in a few additional components.