Add a flag to set the value of "approval_prompt".

By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
This commit is contained in:
Ed Bardsley 2015-07-25 16:27:49 -07:00
parent 5ff8aa3581
commit 33045a792b
5 changed files with 26 additions and 16 deletions

View File

@ -94,6 +94,7 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
```
Usage of oauth2_proxy:
-approval_prompt="force": Oauth approval_prompt
-authenticated-emails-file="": authenticate against emails via file (one per line)
-client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
-client-secret="": the OAuth Client Secret

View File

@ -63,6 +63,7 @@ func main() {
flagSet.String("profile-url", "", "Profile access endpoint")
flagSet.String("validate-url", "", "Access token validation endpoint")
flagSet.String("scope", "", "Oauth scope specification")
flagSet.String("approval-prompt", "force", "Oauth approval_prompt")
flagSet.Parse(os.Args[1:])

View File

@ -46,12 +46,13 @@ type Options struct {
// These options allow for other providers besides Google, with
// potential overrides.
Provider string `flag:"provider" cfg:"provider"`
LoginUrl string `flag:"login-url" cfg:"login_url"`
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"`
Provider string `flag:"provider" cfg:"provider"`
LoginUrl string `flag:"login-url" cfg:"login_url"`
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"`
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"`
RequestLogging bool `flag:"request-logging" cfg:"request_logging"`
@ -76,6 +77,7 @@ func NewOptions() *Options {
PassBasicAuth: true,
PassAccessToken: false,
PassHostHeader: true,
ApprovalPrompt: "force",
RequestLogging: true,
}
}
@ -165,7 +167,12 @@ func (o *Options) Validate() error {
}
func parseProviderInfo(o *Options, msgs []string) []string {
p := &providers.ProviderData{Scope: o.Scope, ClientID: o.ClientID, ClientSecret: o.ClientSecret}
p := &providers.ProviderData{
Scope: o.Scope,
ClientID: o.ClientID,
ClientSecret: o.ClientSecret,
ApprovalPrompt: o.ApprovalPrompt,
}
p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs)
p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs)
p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs)

View File

@ -5,14 +5,15 @@ import (
)
type ProviderData struct {
ProviderName string
ClientID string
ClientSecret string
LoginUrl *url.URL
RedeemUrl *url.URL
ProfileUrl *url.URL
ValidateUrl *url.URL
Scope string
ProviderName string
ClientID string
ClientSecret string
LoginUrl *url.URL
RedeemUrl *url.URL
ProfileUrl *url.URL
ValidateUrl *url.URL
Scope string
ApprovalPrompt string
}
func (p *ProviderData) Data() *ProviderData { return p }

View File

@ -80,7 +80,7 @@ func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
a = *p.LoginUrl
params, _ := url.ParseQuery(a.RawQuery)
params.Set("redirect_uri", redirectURI)
params.Set("approval_prompt", "force")
params.Set("approval_prompt", p.ApprovalPrompt)
params.Add("scope", p.Scope)
params.Set("client_id", p.ClientID)
params.Set("response_type", "code")