I am trying to set up a workflow of authentication to a new kubernetes cluster (Azure AKS) using oauth2-proxy (https://oauth2-proxy.github.io/oauth2-proxy/). My question is probably pretty dumb, but I am a bit confused.
Is there a way to test a flow like that without having already a valid TLS certificate to use https and a valid registered domain everywhere? Because for what I see in examples and tutorials everyone is referencing directly with https and registered domains both in Ingress and Oauth2 application (which in my case would be Azure AD App Registration). There is no way to just have a POC of the tool before buying domains and tls certificates?
Thank you very much!
I would recommend that you start by using proper TLS certificates, because some things don't work over HTTP like they used to do. For example some important cookies will be rejected if set/sent over HTTP.
This is due to the SameSite cookies security property: see:SameSite cookies
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging cookie problems