shinyproxy-operator icon indicating copy to clipboard operation
shinyproxy-operator copied to clipboard
verified publisher icon openanalytics

Using ShinyProxy API (OAUTH2) with Authentication: None

Open Lukeesec opened this issue 3 months ago • 0 comments

I have a public deployment of ShinyProxy running, with authentication: None and the oauth2 configuration added. Though when I attempt to use the API with a valid token I get a forbidden.

curl -k -H "Authorization: Bearer $TOKEN"
https://public.example.com/api/proxyspec {"status":"fail","data":"forbidden"}%

  proxy:
    admin-groups:
    - SHINYPROXYADMINS
    authentication: none
    container-backend: kubernetes
    hide-navbar: "false"
    kubernetes:
      internal-networking: true
      namespace: public-shinyproxy
    oauth2:
      jwks-url: https://auth.example.com/.well-known/jwks.json
      resource-id: https://apps.example.com/shinyproxy-api
      roles-claim: https://example.com/roles
      username-attribute: sub
    port: 8080
    same-site-cookie: None
    specs:
  server:
    forward-headers-strategy: native
    frame-options: disable
    secure-cookies: "true"

I have tested this with authentication: saml and all works as expected.

Lukeesec avatar Oct 29 '25 17:10 Lukeesec