[thomseddon]

We took a slightly different approach to solving a similar problem: https://github.com/thomseddon/traefik-forward-auth

We were already using traefik as a proxy for our docker/swarm clusters and this is a single container drop in to add authentication to every traefik request.

It's still missing a few key features but it can get you started, we're testing the use of a single auth domain (so you don't have to add every internal service domain as a refirect_uri in Google - looks similar to how sso works) internally and we expect to release this shortly once finished.

Additionally, if you want an even lighter weight option, we also use, with great success, cloudflare's lua script on a few services we don't run with docker/traefik: https://github.com/cloudflare/nginx-google-oauth