npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

wordpress-oauth2-proxy

v1.1.0

Published

A reverse proxy using WP OAuth Server as an authentication scheme

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

logankoesterlogankoester

Keywords

wordpressreverseproxyauthenticationoauthdocker

Readme

Wordpress OAuth2 Proxy

A reverse proxy using WP OAuth Server as an authentication scheme.

You can use it to expose any internal service to your Wordpress users.

Usage

Install the Wordpress plugin

First, you need to install WP OAuth Server on your Wordpress site.

In WP-CLI...

$ wp plugin install --activate oauth2-provider

Create a new client

From your https://YOUR_WORDPRESS/wp-admin/options-general.php?page=wo_settings#clients page, click "Add New Client", and set the redirect URI to https://YOUR_SERVICE/auth/wordpress/callback, where YOUR_SERVICE is the public name of your wordpress-oauth2-proxy.

Copy the Client ID and Secret for the client from this page.

Configure the proxy

It is easiest to use Docker with Docker Compose, but if you prefer you can simply set the appropriate environment variables and run node index.js.

If you are not using Docker, you will need to install node and MongoDB (or get a hosted MongoDB database from Compose). The database is merely used to persist authenticated clients.

Copy docker-compose.example.yml into your project, and adjust the environment variables as appropriate, then run docker-compose up.

Variable | Explanation --------------------|------------ HOST | The external hostname for your service TARGET | The internal hostname of the service to expose through the authenticated proxy. Commonly a linked image. TARGET_SCHEME | "http" or "https" TARGET_PREPEND | A path to be prepended to every request through the proxy HTTP_PORT | Default: 80 HTTPS_PORT | Default: 443 HTTPS_FORCE | Enable to redirect all non-https requests KEY_FILE | Path to a TLS certificate key CERT_FILE | Path to a TLS certificate DB_URI | A MongoDB database (by default running in a linked container) SESSION_SECRET | Change this to any random string OAUTH_CLIENT_ID | The Client ID you created in Wordpress. OAUTH_CLIENT_SECRET | The Secret you created in Wordpress. OAUTH_URL | The SITEURL of the Wordpress instance. OAUTH_CALLBACK_URL | Prefix with the external URI of your service (such as a CNAME pointing to this Docker host). The /auth/wordpress/callback route is handled by wordpress-oauth2-proxy. SECRET_TOKEN_HEADER | Optionally accept a secret token on this header for unauthenticated requests ($SECRET_TOKEN) (for example, X-Gitlab-Token) SECRET_TOKEN | A secret token which must match $SECRET_TOKEN_HEADER if enabled and the request is not authenticated by oAuth.

Make sure that TARGET is not publicly accessible, or unauthenticated users can simply ignore your reverse proxy!

With the proxy up and running, open the site in your browser, and verify the login process.

You're done!

Hacking

You will need docker and docker-compose installed.

$ git clone [email protected]:logankoester/wordpress-oauth2-proxy.git
$ cd wordpress-oauth2-proxy
$ mv docker-compose.example.yml docker-compose.yml

# Modify docker-compose.yml for your environment...

$ docker-compose up

Author

Copyright (c) 2015 Logan Koester. Released under the MIT license. See LICENSE for details.