This is a brief proof of concept installation to protect a web-server (e.g. backend/frontend microservice) using a oauth2-proxy.
user --- nginx rev-proxy ---(auth request)--- oauth2-proxy --- IdP
|
(if auth success)
|
web-server
The rev-proxy does an auth request to the oauth2-proxy. If there is a valid cookie the oauth2-proxy will allow the request and the call is reversed to web-server (including the auth token incl. e.g. roles). If there is not yet a cookie the oauth2-proxy will redirect to the IdP (e.g. Keycloak) initiating a OIDC flow.