This repository contains a Traefik middleware for authentication via Keycloak, with a local debug server to test it outside of Traefik.
traefik-auth-middleware/
|── auth_test.go # Unit tests
├── auth.go # Middleware code
├── go.mod
└── debug/
└── main.go # Local debug server
auth.go→ middleware used by Traefik.debug/main.go→ minimal HTTP server to test the middleware and view Keycloak responses.
Install tools and dev dependencies
mise install
mise run install_yaegimise run testmise run format
mise run lint- Run the server:
go run debug/.- The server listens on port
8080.
Using curl:
curl "http://localhost:8080?shop_name=test&api_key=secret"{
"message": "OK - middleware passed",
"token": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI..."
}If the request is malformed or authentication fails, the middleware returns an appropriate HTTP status code and an error message.
The middleware outputs JSON logs to standard output:
{
"level": "INFO",
"message": "Traefik-auth-middleware - Fetching auth token success for shop: test",
"plugin_name": "sw-auth-plugin"
}These logs allow you to track:
- The incoming request and its parameters
- The HTTP request to Keycloak
- Authentication success or failure
main.gois only used for local debugging.- When using Traefik, running this server is not necessary.
- IAM variables must be configured in the Traefik config or via
CreateConfig()for debugging.
- Ensure that the query params (
shop_nameandapi_key) are present. - Check that the JSON logs show the HTTP request to Keycloak and the
status code. - Using the debug server, you can directly see the Keycloak response in the HTTP response.
Middleware debug server started on :8080
{"level":"INFO","message":"Traefik-auth-middleware - Fetching auth token success for shop: test","plugin_name":"sw-auth-plugin"}
HTTP Response:
{
"message": "OK - middleware passed",
"token": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI..."
}