oauth_reverse_proxy
Advanced tools
oauth_reverse_proxy is an authenticating service proxy that fronts any web server and enforces that callers present the correct OAuth credentials.
npm install oauth_reverse_proxy
oauth_reverse_proxy works by establishing a proxy that runs on the same server as your application. All client traffic for a given service is routed to the proxy's inbound port, and the expectation is that you will configure your application to only allow traffic from localhost. In this way, only authenticated requests will reach your application.
A few key features and design principles:
oauth_reverse_proxy. The test/clients directory has sample code in 9 languages.oauth_reverse_proxy either in front of or behind nginx. A single instance of oauth_reverse_proxy can bind a separate proxy to any number of inbound ports.oauth_reverse_proxy supports regex-based whitelists, so you can configure an un-authenticated path through to only those routes.Zero-legged OAuth 1.0a is built on the assumption that a service provider can securely share a consumer key / consumer secret pair with a client. The creation of these credentials is outside the scope of oauth_reverse_proxy. This project assumes that key issuance will be performed out-of-band. Just, please, don't use post-its.
oauth_reverse_proxy looks for configuration files in either the location specified in the OAUTH_REVERSE_PROXY_CONFIG_PATH environment variable. Each json file in that directory will be treated as the description of a proxy to run. Config files are only loaded on start. Invalid proxy config files are ignored and logged; they do not cause a total failure of oauth_reverse_proxy.
{
"service_name": "jobsservice",
"from_port": 8008,
"to_port": 8080,
"oauth_secret_dir": "./test/keys/8008/8080/",
"required_uris": [
"/getProducts","/uploads","/multipart","/chunked","/compressed","/job","/live","/health","/transactions"
],
"required_hosts": [ "localhost", "::1" ]
}
FAQs
An OAuth 1.0a authenticating proxy and reverse proxy to add authentication to APIs
The npm package oauth_reverse_proxy receives a total of 5 weekly downloads. As such, oauth_reverse_proxy popularity was classified as not popular.
We found that oauth_reverse_proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.