This is a simple example demonstrating how to use Traefik with OIDC authentication using the traefik-oidc plugin.
- Traefik Proxy: Traefik with SSL self-signed certificates.
- OIDC Authentication: Using the
github.com/lukaszraczylo/traefikoidcplugin - Whoami Service: Simple upstream service protected by OIDC authentication
- Environment Configuration: All OIDC settings loaded from
.envfile
Edit the .env file and replace the placeholder values with your actual OIDC provider details:
# Example for Auth0
OIDC_PROVIDER_URL=https://your-tenant.auth0.com
OIDC_CLIENT_ID=your-auth0-client-id
OIDC_CLIENT_SECRET=your-auth0-client-secret
# Example for Keycloak
OIDC_PROVIDER_URL=https://your-keycloak.com/auth/realms/your-realm
OIDC_CLIENT_ID=your-keycloak-client-id
OIDC_CLIENT_SECRET=your-keycloak-client-secret
# Example for Google
OIDC_PROVIDER_URL=https://accounts.google.com
OIDC_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
OIDC_CLIENT_SECRET=your-google-client-secretIn your OIDC provider settings, make sure to configure the following redirect URIs:
https://localhost/oauth2/callbackhttps://localhost/oauth2/logout
Generate a 32-character encryption key for session encryption:
openssl rand -hex 16Update the OIDC_SESSION_ENCRYPTION_KEY in your .env file with this value.
docker-compose up -d- Open your browser and navigate to
https://localhost/ - You will be redirected to your OIDC provider for authentication
- After successful login, you'll be redirected back and see the whoami service response
- Application:
https://localhost/(protected by OIDC) - OIDC Callback:
https://localhost/oauth2/callback - Logout:
https://localhost/oauth2/logout
The OIDC plugin supports various configuration options:
providerURL: Your OIDC provider URLclientID: Your OIDC client IDclientSecret: Your OIDC client secretcallbackURL: OAuth2 callback pathlogoutURL: OAuth2 logout pathpostLogoutRedirectURI: Where to redirect after logoutsessionEncryptionKey: Key for encrypting session datascopes: OIDC scopes to requestforceHTTPS: Force HTTPS for secure communication
To stop and remove all containers:
docker-compose down -v