From 0925b88d17527dc11ce1ff57ae29b59ca430d33a Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Tue, 22 Jan 2019 11:36:52 +0000 Subject: [PATCH] Update documentation and changelog --- CHANGELOG.md | 5 +++++ README.md | 2 ++ 2 files changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd6332c..83c4e2c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## Changes since v3.0.0 +- [#14](https://github.com/pusher/oauth2_proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) + - Implement `pass-authorization-header` and `set-authorization-header` flags + - Implement token refreshing in OIDC provider + - Split cookies larger than 4k limit into multiple cookies + - Implement token validation in OIDC provider - [#21](https://github.com/pusher/oauth2_proxy/pull/21) Docker Improvement (@yaegashi) - Move Docker base image from debian to alpine - Install ca-certificates in docker image diff --git a/README.md b/README.md index c44d519..910a671 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,7 @@ Usage of oauth2_proxy: -https-address string: : to listen on for HTTPS clients (default ":443") -login-url string: Authentication endpoint -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header + -pass-authorization-header: pass OIDC IDToken to upstream via Authorization Bearer header -pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true) -pass-host-header: pass the request Host Header to upstream (default true) -pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true) @@ -225,6 +226,7 @@ Usage of oauth2_proxy: -resource string: The resource that is protected (Azure AD only) -scope string: OAuth scope specification -set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode) + -set-authorization-header: set Authorization Bearer response header (useful in Nginx auth_request mode) -signature-key string: GAP-Signature request signature key (algorithm:secretkey) -skip-auth-preflight: will skip authentication for OPTIONS requests -skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)