Validating an OAuth Token from HAProxy or Apache mod_proxy

Question

Validating an OAuth Token from HAProxy or Apache mod_proxy

I have a microservice deployed on 3 nodes, sitting behind a HAProxy load balancer inside the internal network. Services are protected using the OAuth2 APIS authorization server. Now I want to move HAProxy to DMZ. And I want to reject requests that do not have an authentication token in the header, and also check the authentication token by calling the OAuth REST API.

In HAProxy, I could not find a way to do this. There is option httpchkone that can be used to check your health. I am looking for a similar function that can be used to check each incoming request.

Can anybody help me talk about how to implement this using HAProxy or Apache mod_proxy?

+4

oauth oauth-2.0 mod-proxy haproxy

Ambal Oct 27 '15 at 18:07

source share

1 answer

Hans z. · Accepted Answer · 2015-10-27T19:34:15+0000

There is an Apache module mod_auth_openidcthat allows you to check OAuth 2.0 tokens on an authorization server, see https://github.com/pingidentity/mod_auth_openidc . This module can be combined with mod_proxy to achieve what you are looking for.

Validating an OAuth Token from HAProxy or Apache mod_proxy

More articles: