Rather than directly fetching and verifying OAuth assertions, assume
that the app is running behind an authenticating proxy, and trust
headers that are set by the proxy.
- add config support for an "authbackend" directive, supporting either
"oauth" or "proxy" as values; the "proxy" setting selects our new codepath
- add initProxyAuth and proxyAuthMiddleware methods to the Handler struct
- rename authMiddleWare to oAuthMiddleware in the Handler struct
- construct a faked auth.JWTClaims object when in proxy mode
- update Handler.handleAuthCheck() to return useful info in proxy mode
- add a fallback user icon for proxy mode
- implement check for proxy mode in index.js
See for example and reference:
https://cloud.google.com/iap/docs/identity-howtohttps://cloud.google.com/beyondcorp/
memory