Proof of Concept

Client IP Propagation

Demonstrating real client IP propagation through a reverse proxy (simulating Akamai) to Okta and into JWT claims for the downstream application.

Sign in with Okta

Authentication Flow

  1. Click → redirects to epepbac.duckdns.org (nginx proxy)
  2. Nginx forwards to Okta with True-Client-IP header
  3. Okta authenticates you, resolves your real IP via trusted proxy
  4. Okta redirects back here with client_ip in the JWT