go-auth-proxy
Objective
Secure your web-api with AzureAd authentication. Created as Proof of Concept to compare against a NodeJs version. It validates the JWT token is:
- Valid untampered AzureAD token.
- Valid in its lifetime (exp and nbf claims)
- Issued by your AzureAD tenant (iss claim)
- Issued to your expected audience (aud claim)
CORS
By default the proxy allows all origins and the most common HTTP verbs. You can control the CORS configuration by editting cors.json. This file is in format cors.Config
Running in docker
docker run -ti --rm -p80:80 adrichem/go-auth-proxy:latest `
--upstream https://my-web-api.com `
--header-value my-secret-api-key `
--header-name Apikey `
--aud expected-value-for-aud-claim `
--iss expected-value-for-iss-claim
If you need to overrule the default cors configuration, you can volume map your own cors.json
onto /cors.json
of the container.
It achieves 12.000 token validations per second while consuming <50% CPU and <30 MB of RAM. Docker image size is <15 MB.
- Intel Core i7 3Ghz.
- 200 concurrent connections.
- Load generator running on same machine and competing for CPU time. Together they max out the CPU.