Traefik foward auth / dotnet core / identityserver


I've configured the forward authentication for traefik, but the end result isn't what i expected, it fowards the auth to my external idp and after the auth, the traefik container doesn't route back to the service that the middleware is configured to.

Traefik middleware:

- "traefik.http.middlewares.auth.forwardauth.address=http://docker.localhost/auth/jwt"
- "traefik.http.middlewares.auth.forwardauth.authResponseHeaders=X-Access-Token, X-Id-Token, X-Refresh-Token, X-Redirect-Url"

App middleware:

- "traefik.http.routers.apisample.middlewares=auth"

Auth service:

  [Authorize, HttpGet, Route("[action]")]
  public async Task<IActionResult> jwt()
      if (!User.Identity.IsAuthenticated)
          return Unauthorized("User is not authenticated");

      var authResult = await _authService.AuthenticateAsync(HttpContext, "oidc");
      var props = authResult.Properties;

          .Add("X-Access-Token", $"Bearer {props.GetTokenValue("access_token")}");
          .Add("X-Id-Token", $"Bearer {props.GetTokenValue("id_token")}");
          .Add("X-Refresh-Token", $"Bearer {props.GetTokenValue("refresh_token")}");

      return Ok("auth success"); // <-- http 200

P.S. The identity provider is the IdentityServer4

1 Like