[PR #1666] [MERGED] [Feature] OIDC Authentication #4430

New issue

Closed

opened 2026-05-05 14:41:58 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 14:41:58 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/fatedier/frp/pull/1666
Author: @GuyLewin
Created: 2/19/2020
Status: ✅ Merged
Merged: 3/1/2020
Merged by: @fatedier

Base: dev ← Head: feature/oidc-auth

📝 Commits (10+)

72626ac feat: add multiple authentication methods, token and oidc. token is the current token comparison, and oidc generates oidc token using client-credentials flow. in addition - add ping verification using the same method
99c13cd fix(heartbeats): dont consider a heartbeat if verification failed
e70c229 docs: add authentication method to README.md
a7fbe82 test(auth): add authentication test (currently only for token)
e563f1c style(auth): rename ProviderConsumer to SetterVerifier since that's the new naming convention for auth
10bcd8d chore: update go.sum
739cdd2 chore: update vendor and go.sum
a85b52d style: check for err not being null, dont strip return
5544e5f style: export shared logic from SetLogin and SetPing to a common generateAccessToken() method in oidc.go
4877c78 feat: authenticate NewWorkConn messages, similar to ping

📊 Changes

190 files changed (+47570 additions, -61 deletions)

View changed files

📝 README.md (+39 -1)
📝 client/control.go (+27 -2)
📝 client/service.go (+20 -13)
📝 cmd/frpc/sub/root.go (+5 -1)
📝 cmd/frps/root.go (+5 -1)
📝 go.mod (+4 -0)
📝 go.sum (+30 -0)
➕ models/auth/auth.go (+151 -0)
➕ models/auth/oidc.go (+255 -0)
➕ models/auth/token.go (+120 -0)
📝 models/config/client_common.go (+5 -9)
📝 models/config/server_common.go (+5 -7)
📝 models/consts/consts.go (+4 -0)
📝 models/msg/msg.go (+7 -1)
📝 server/control.go (+16 -2)
📝 server/proxy/proxy.go (+1 -0)
📝 server/service.go (+21 -8)
➕ tests/ci/auth_test.go (+72 -0)
➕ vendor/github.com/coreos/go-oidc/.gitignore (+2 -0)
➕ vendor/github.com/coreos/go-oidc/.travis.yml (+16 -0)

...and 80 more files

📄 Description

Perform OIDC authentication (configurable to be instead of current token authentication) between frpc and frps. Authentication can be performed on login message and ping messages.
This is implemented by a new auth plugin system.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fatedier/frp/pull/1666 **Author:** [@GuyLewin](https://github.com/GuyLewin) **Created:** 2/19/2020 **Status:** ✅ Merged **Merged:** 3/1/2020 **Merged by:** [@fatedier](https://github.com/fatedier) **Base:** `dev` ← **Head:** `feature/oidc-auth` --- ### 📝 Commits (10+) - [`72626ac`](https://github.com/fatedier/frp/commit/72626ac2b89a2e84e52a7759c35f261f35ea0f13) feat: add multiple authentication methods, token and oidc. token is the current token comparison, and oidc generates oidc token using client-credentials flow. in addition - add ping verification using the same method - [`99c13cd`](https://github.com/fatedier/frp/commit/99c13cdb0cedb321e7dda575b004e8855f266e70) fix(heartbeats): dont consider a heartbeat if verification failed - [`e70c229`](https://github.com/fatedier/frp/commit/e70c229454f083da36bbb5e58f0b75144a82ac77) docs: add authentication method to README.md - [`a7fbe82`](https://github.com/fatedier/frp/commit/a7fbe82ea9e6c7d7eeecc842728e386f281207d4) test(auth): add authentication test (currently only for token) - [`e563f1c`](https://github.com/fatedier/frp/commit/e563f1cff9b59c1fac4b0032bf895fd15bcca0ec) style(auth): rename ProviderConsumer to SetterVerifier since that's the new naming convention for auth - [`10bcd8d`](https://github.com/fatedier/frp/commit/10bcd8dbcea5ec542141978b155214303cb3f703) chore: update go.sum - [`739cdd2`](https://github.com/fatedier/frp/commit/739cdd2bff234763b25fc6381735f8b13fd8af24) chore: update vendor and go.sum - [`a85b52d`](https://github.com/fatedier/frp/commit/a85b52d8e6c69d5e8a508b993dc687255c66f477) style: check for err not being null, dont strip return - [`5544e5f`](https://github.com/fatedier/frp/commit/5544e5f7d58d45670f0e703bf952c4fc7fcd5302) style: export shared logic from SetLogin and SetPing to a common generateAccessToken() method in oidc.go - [`4877c78`](https://github.com/fatedier/frp/commit/4877c78312f9441d71e1bab4edf34b44e92bfa6b) feat: authenticate NewWorkConn messages, similar to ping ### 📊 Changes **190 files changed** (+47570 additions, -61 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+39 -1) 📝 `client/control.go` (+27 -2) 📝 `client/service.go` (+20 -13) 📝 `cmd/frpc/sub/root.go` (+5 -1) 📝 `cmd/frps/root.go` (+5 -1) 📝 `go.mod` (+4 -0) 📝 `go.sum` (+30 -0) ➕ `models/auth/auth.go` (+151 -0) ➕ `models/auth/oidc.go` (+255 -0) ➕ `models/auth/token.go` (+120 -0) 📝 `models/config/client_common.go` (+5 -9) 📝 `models/config/server_common.go` (+5 -7) 📝 `models/consts/consts.go` (+4 -0) 📝 `models/msg/msg.go` (+7 -1) 📝 `server/control.go` (+16 -2) 📝 `server/proxy/proxy.go` (+1 -0) 📝 `server/service.go` (+21 -8) ➕ `tests/ci/auth_test.go` (+72 -0) ➕ `vendor/github.com/coreos/go-oidc/.gitignore` (+2 -0) ➕ `vendor/github.com/coreos/go-oidc/.travis.yml` (+16 -0) _...and 80 more files_ </details> ### 📄 Description Perform OIDC authentication (configurable to be instead of current token authentication) between frpc and frps. Authentication can be performed on login message and ping messages. This is implemented by a new auth plugin system. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>