This is our identity aware proxy, which we've been using internally for a year.
The blog post explains our motivations behind creating it, and open-sourcing it. It's available today, under MIT license.
We'll be keeping an eye on the thread, and happy to follow up to any questions!
We know there is more to do there too (some of the feedback in this HN post has helped highlight areas we need to improve the docs) and we will be adding to the docs so over the next while.
We will also welcome PRs improving the docs!
there were a few reasons behind this.
- ease of migration was a big one, we had 100+ instances of bitly's oauth2_proxy, and were able to seamlessly migrate them to this, without any changes to the services being protected.
- ease of deployment was also important. Our solution doesn't have any datastore dependencies, and is stateless, so was straightforward to deploy into our PaaS ( https://tech.buzzfeed.com/deploy-with-haste-the-story-of-rig... ).
- when we built this, there were far fewer solutions than there are today. For example, Ory's Oathkeeper ( https://github.com/ory/oathkeeper) was released after we were already using sso internally at BuzzFeed.
thanks!
We also have a long term consulting arrangement with a widely respected security architect, and they helped review our design and implementation.
Additionally, BuzzFeed has a bug bounty program on hackerone (https://hackerone.com/buzzfeed), and have invited partipating researchers to report on any issues found. We’ve paid out bounties for a number of minor issues, which were addressed prior to open-sourcing.
Additionally, knowing that security is never done, we continue to make it eligible for bounties -- see https://github.com/buzzfeed/sso/blob/master/README.md#securi...
> In preparation for open sourcing we also engaged with Security Innovation, a widely respected agency who count Microsoft, Symantec, and Amazon as clients, to do a more in-depth, week long assessment, with full access to source code and design documents. This found no major issues, which gives us the confidence to open source sso today.
It’s one of our two standard languages - the other being Python - and whilst the vast majority of our services are Python, Golang is being used for growing and significant number too.
Touching on my first point, we have observed people enjoy writing Go apps, and it is a great fit particularly where performance and scalability are needed.
Therefore when engineers have moved to another team internally, they often will evangelize Golang to their new team members.
So we expect it to continue to grow and thrive here!
We were already using traefik as a proxy for our docker/swarm clusters and this is a single container drop in to add authentication to every traefik request.
It's still missing a few key features but it can get you started, we're testing the use of a single auth domain (so you don't have to add every internal service domain as a refirect_uri in Google - looks similar to how sso works) internally and we expect to release this shortly once finished.
Additionally, if you want an even lighter weight option, we also use, with great success, cloudflare's lua script on a few services we don't run with docker/traefik: https://github.com/cloudflare/nginx-google-oauth
For example, there's this task ( https://github.com/buzzfeed/sso/issues/9 ) to create a default provider without Google dependencies for test purposes.
We'd also welcome PRs adding other providers and believe any OAuth2 provider should be straight forward to add.
However google IAP requires that your infrastructure is all in Google cloud.
Whilst we do use GCP, most of BuzzFeed’s infra is in AWS, we needed a solution which worked for both.
