aboutsummaryrefslogtreecommitdiff

VPNAuth

OAuth2/OIDC Server recognizing users based on their IP.

The idea

The idea of VPNAuth is that you only need to log into your VPN and from then you get automatically logged into your apps as you get recognized with your static ip you get assigned from your VPN.

Set-up

I recommend to use the flake.nix to install the project on NixOS. VPNAuth will automatically generate the sqlite database and the config.json in the directory where the process runs from.

The Database

You need to apply the ef core migrations to create and update the database as VPNAuth needs it. The recommended way to do that is described here.

The Config

Here is an example config.json with explanations:

{
  "Users": [ // A list with the user objects.
    {
      "Username": "tim", // The username of the user.
      "Ips": [ // A list with the ips of the user as strings, the server uses them to recognize the user.
        "127.0.0.1"
      ]
    }
  ],
  "Apps": [ // A list with the app objects that the users can log into.
    {
      "ClientId": "test-app", // The client id of the app used in the OAuth2 flow.
      "RedirectUri": "http://127.0.0.1:8082/api/oauth2-redirect", // The user gets redirected to this uri when they accept or deny the login request.
      "Secret": "mysecret", // The app secret used in the OAuth2 flow.
      "AllowedUsers": ["tim"] // This key is OPTIONAL - when providden, only the users with their username as a string in that list can log into the app.
    }
  ]
}

(Remember that this config is invalid as the JSON standard does not allow comments.)

Endpoints

Uri Protocol Description Response status codes and their meaning
/auth OAuth Autorization request - initializes the authorization process /
/access-token OAuth Endpoint where client requests the access token with the issued code in PKCE challenge - 400: The form does not require required parameters
- 403: client secret or code challenge is wrong
- 404: invalid auth code
/user-info OIDC Endpoint where the client requests information about the user - 405: Request method is not GET or POST
- 400/401: invalid authorization header
- 403: invalid token or not all required scopes
- 204: User has not set any user information yet

You find out how to reach me here if you have any questions or feedback.

The OAuth2, PKCE and OIDC Protocols are not fully implemented!

generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 20:42:37 +0000