Sproxy is a proxy server (independent of the backend) for authenticating users using Google OAuth2. It safely authenticates the user and passes requests to the backend with authentication information (email address, name, origin, etc.). It also has the ability to implement simple individual and group based authorization for endpoints, however, I do not intend to use this feature as authorization for the debates website will be dependent on the database (users are also members of the database).
Sproxy is the only solution I have found that authenticates through a proxy rather than integrating with the app itself. This has the benefits of simplifying the app, making it language agnostic and allowing one instance to be used for more than one app.
- see also the README on Sproxy's GitHub page
- Clone Sproxy from GitHub
git clone https://github.com/zalora/sproxy.git
- Install external dependencies
- Add
dev.zalora.comto/etc/hostssudo echo "127.0.2.1 dev.zalora.com" >> /etc/hosts
- Set up a project in the Google Developer Console
- APIs & auth
- Credentials
- Create new Client ID
- Use https://dev.zalora.com as Authorized JavaScript origins
- Use https://dev.zalora.com/sproxy/oauth2callback as Authorized redirect URI
- Make and edit a copy of the configuration file
cp config/sproxy.yml.example config/sproxy.yml- Add Client ID to
config/sproxy.yml - Add Client Secret to
config/client_secret
- Create the Sproxy database
createdb sproxy && psql sproxy < sproxy.sql && psql sproxy < example/privileges.sql
- Install Sproxy
cabal sandbox initcabal installcabal build