Access token forwarding through nginx auth request (#68)

* Access token forwarding through nginx auth request

Related to #420.

(cherry picked from commit b138872bea)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>

* Improved documentation for auth request token

(cherry picked from commit 6fab314f72)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>

* Update README.md

Example should set header as `X-Access-Token`

Co-Authored-By: davidholsgrove <davidholsgrove@users.noreply.github.com>

* Update Changelog to reference https://github.com/pusher/oauth2_proxy/pull/68

* Fix Changelog message location
This commit is contained in:
David Holsgrove 2019-02-22 17:49:57 +10:00 committed by Joel Speed
parent c83335324e
commit 2280b42f59
3 changed files with 9 additions and 0 deletions

View File

@ -2,6 +2,8 @@
## Changes since v3.1.0 ## Changes since v3.1.0
- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
# v3.1.0 # v3.1.0
## Release highlights ## Release highlights

View File

@ -425,6 +425,10 @@ server {
proxy_set_header X-User $user; proxy_set_header X-User $user;
proxy_set_header X-Email $email; proxy_set_header X-Email $email;
# if you enabled --pass-access-token, this will pass the token to the backend
auth_request_set $token $upstream_http_x_auth_request_access_token;
proxy_set_header X-Access-Token $token;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request # if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie; add_header Set-Cookie $auth_cookie;

View File

@ -880,6 +880,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
if session.Email != "" { if session.Email != "" {
rw.Header().Set("X-Auth-Request-Email", session.Email) rw.Header().Set("X-Auth-Request-Email", session.Email)
} }
if p.PassAccessToken && session.AccessToken != "" {
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
}
} }
if p.PassAccessToken && session.AccessToken != "" { if p.PassAccessToken && session.AccessToken != "" {
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken} req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}