-
-
Notifications
You must be signed in to change notification settings - Fork 27
Home
GitHub Action edited this page May 31, 2024
·
10 revisions
Welcome to the openvpn-auth-oauth2 wiki!
You can find a demo of the plugin in action here
sequenceDiagram
OpenVPN Client->>+OpenVPN Server: connect
OpenVPN Server->>+openvpn-auth-oauth2: ">CLIENT:CONNECT"
openvpn-auth-oauth2-->>-OpenVPN Server: "WEBAUTH:https://openvpn.example.com"
OpenVPN Server-->>-OpenVPN Client: "WEBAUTH:https://openvpn.example.com"
Note over OpenVPN Client,Browser: The OpenVPN client opens a browser on the machine
Browser->>+openvpn-auth-oauth2: connect https://openvpn.example.com
openvpn-auth-oauth2->>+OAuth2 Provider: redirects
actor User
Note over OAuth2 Provider,User: User enter credentials
OAuth2 Provider-->>-openvpn-auth-oauth2: Login Successful
Note over openvpn-auth-oauth2: Store refresh token, if provided
openvpn-auth-oauth2-->>-Browser: Login Successful
openvpn-auth-oauth2->>OpenVPN Server: client-auth
Note over OpenVPN Client,OpenVPN Server: connection established
OpenVPN Client->>+OpenVPN Server: Session refresh (reneg-sec)
OpenVPN Server->>+openvpn-auth-oauth2: ">CLIENT:REAUTH"
alt has refresh token
openvpn-auth-oauth2->>+OAuth2 Provider: "Non-interactive login via refresh token"
OAuth2 Provider-->>-openvpn-auth-oauth2: Login Successful
else has no refresh token
Note over openvpn-auth-oauth2,OAuth2 Provider: Traditional login, see above
end
Note over openvpn-auth-oauth2: Store new refresh token, if provided
openvpn-auth-oauth2->>OpenVPN Server: client-auth
Note over OpenVPN Client,OpenVPN Server: connection refreshed
This wiki is synced with the docs folder from the code repository! To improve the wiki, create a pull request against the code repository with the suggested changes.