Access token forwarding through nginx auth request (#68)
* Access token forwarding through nginx auth request Related to #420. (cherry picked from commitb138872bea
) Signed-off-by: David Holsgrove <david.holsgrove@biarri.com> * Improved documentation for auth request token (cherry picked from commit6fab314f72
) Signed-off-by: David Holsgrove <david.holsgrove@biarri.com> * Update README.md Example should set header as `X-Access-Token` Co-Authored-By: davidholsgrove <davidholsgrove@users.noreply.github.com> * Update Changelog to reference https://github.com/pusher/oauth2_proxy/pull/68 * Fix Changelog message location
This commit is contained in:
parent
c83335324e
commit
2280b42f59
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
## Changes since v3.1.0
|
## Changes since v3.1.0
|
||||||
|
|
||||||
|
- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
|
||||||
|
|
||||||
# v3.1.0
|
# v3.1.0
|
||||||
|
|
||||||
## Release highlights
|
## Release highlights
|
||||||
|
@ -425,6 +425,10 @@ server {
|
|||||||
proxy_set_header X-User $user;
|
proxy_set_header X-User $user;
|
||||||
proxy_set_header X-Email $email;
|
proxy_set_header X-Email $email;
|
||||||
|
|
||||||
|
# if you enabled --pass-access-token, this will pass the token to the backend
|
||||||
|
auth_request_set $token $upstream_http_x_auth_request_access_token;
|
||||||
|
proxy_set_header X-Access-Token $token;
|
||||||
|
|
||||||
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
|
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
|
||||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||||
add_header Set-Cookie $auth_cookie;
|
add_header Set-Cookie $auth_cookie;
|
||||||
|
@ -880,6 +880,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
|
|||||||
if session.Email != "" {
|
if session.Email != "" {
|
||||||
rw.Header().Set("X-Auth-Request-Email", session.Email)
|
rw.Header().Set("X-Auth-Request-Email", session.Email)
|
||||||
}
|
}
|
||||||
|
if p.PassAccessToken && session.AccessToken != "" {
|
||||||
|
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if p.PassAccessToken && session.AccessToken != "" {
|
if p.PassAccessToken && session.AccessToken != "" {
|
||||||
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
|
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
|
||||||
|
Loading…
Reference in New Issue
Block a user