I have a nginx server serving protected resources. The last thing I want to do is manage password reset requests, so I was looking at Login with Google.
They have examples for PHP, Java, JavaScript etc., but not for Apache or nginx. How can I configure nginx to swap out basic authentication with the Login with Google functionality?
Some proxied systems behind depend on the %REMOTE_USER% variable, so I need that one preserved. Help is appreciated.
Update To clarify: I have a set of services (a tomcat, a node.js, a couchdb, a vert.x, some python) that sit behind the web server, that might or might not authorize a user to interact with them. They all have in common, that they can receive identity information from the web tier.
So what I do in the web tier: specify - "authenticated users only" (which is a authorization setting, I "reuse" to trigger the authentication mechanism).
Once the user is authenticated, that identity information is passed on. For an example with basic authentication and CouchDB, check this blog entry. I can do the same in nginx, but the task here is to burden someone else with keeping a password secret using identities established with an outside provider.
Maybe you could run the oauth2_proxy in front of your web app.
While you can theoretically implement OAuth on the webserver level (example: http://chairnerd.seatgeek.com/oauth-support-for-nginx-with-lua/), it's generally a pretty bad idea. There are examples for server-side languages because that's where you should implement it - in your code, not your server.