# OAuth2-Proxy Setup

## Pre-reads

{% embed url="<https://oauth2-proxy.github.io/oauth2-proxy/>" %}

## Pre-requisites <a href="#prerequisites" id="prerequisites"></a>

* DIGIT uses [golang](https://golang.org/doc/install#download) (required v1.13.3) automated scripts to deploy the builds onto Kubernetes - [Linux](https://golang.org/dl/go1.13.3.linux-amd64.tar.gz) or [Windows](https://golang.org/dl/go1.13.3.windows-amd64.msi) or [Mac](https://golang.org/dl/go1.13.3.darwin-amd64.pkg)
* All DIGIT services are packaged using helm charts[ ![](https://helm.sh/img/favicon-152.png)Installing Helm](https://helm.sh/docs/intro/install/)
* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) is a CLI to connect to the Kubernetes cluster from your machine
* [Install Visualstudio](https://code.visualstudio.com/download) IDE Code for better code/configuration editing capabilities
* Git
* [GitHub OAuth app](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)

## Oauth2-proxy Setup

* Clone the following [DIGIT-DevOps](https://github.com/egovernments/DIGIT-DevOps) repo (If not already done as part of Infra setup), you may need to [install git](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository-from-github/cloning-a-repository) and then run [git clone](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository-from-github/cloning-a-repository) on your machine.

  `git clone -b release https://github.com/egovernments/DIGIT-DevOps`
* `Add below configs into your environment file`

```
oauth2-proxy:
  config:
    configFile: |-
      email_domains = [ "*" ]
      github_org = "<github_org>"                     # Repalce with GitHub org name
      github_team = "<github_team>,<github_team>"     # Repalce with GitHub teams
      upstreams = [ "file:///dev/null" ]
```

* Create a GitHub OAuth app and add the below secrets into the environment secrets file
  * GitHub OAuth App Creation
    * Follow the [GitHub OAuth app](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
    * Homepage URL:- mentions your domain name eg. https\://\<your\_domain\_name>
    * Authorization callback URL:- https\://\<your\_domain\_name>/oauth2/callback

```
oauth2-proxy:   ## To work oauth2-proxy service, create and add your github OAuth Apps details
    clientID: qwgethjymnbv  
    clientSecret: 3a08079easd95696fd3baad5292
    cookieSecret: QVbnq0L96wtBg==   ## Any random hash value
```

* Deploy the oauth2-proxy via Jenkins deployment job or go land deployer

  ```
  cd DIGIT-DevOps/deploy-as-code/deployer
  go run main.go deploy -e <environment_name> 'oauth2-proxy'
  ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.digit.org/platform/guides/operations-guide/oauth2-proxy-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.