Add a flag to set the value of "approval_prompt".
By setting this to "force", certain providers, like Google, will interject an additional prompt on every new session. With other values, like "auto", this prompt is not forced upon the user.
This commit is contained in:
parent
5ff8aa3581
commit
33045a792b
@ -94,6 +94,7 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
|
||||
|
||||
```
|
||||
Usage of oauth2_proxy:
|
||||
-approval_prompt="force": Oauth approval_prompt
|
||||
-authenticated-emails-file="": authenticate against emails via file (one per line)
|
||||
-client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
|
||||
-client-secret="": the OAuth Client Secret
|
||||
|
1
main.go
1
main.go
@ -63,6 +63,7 @@ func main() {
|
||||
flagSet.String("profile-url", "", "Profile access endpoint")
|
||||
flagSet.String("validate-url", "", "Access token validation endpoint")
|
||||
flagSet.String("scope", "", "Oauth scope specification")
|
||||
flagSet.String("approval-prompt", "force", "Oauth approval_prompt")
|
||||
|
||||
flagSet.Parse(os.Args[1:])
|
||||
|
||||
|
21
options.go
21
options.go
@ -46,12 +46,13 @@ type Options struct {
|
||||
|
||||
// These options allow for other providers besides Google, with
|
||||
// potential overrides.
|
||||
Provider string `flag:"provider" cfg:"provider"`
|
||||
LoginUrl string `flag:"login-url" cfg:"login_url"`
|
||||
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
|
||||
ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
|
||||
ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
|
||||
Scope string `flag:"scope" cfg:"scope"`
|
||||
Provider string `flag:"provider" cfg:"provider"`
|
||||
LoginUrl string `flag:"login-url" cfg:"login_url"`
|
||||
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
|
||||
ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
|
||||
ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
|
||||
Scope string `flag:"scope" cfg:"scope"`
|
||||
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"`
|
||||
|
||||
RequestLogging bool `flag:"request-logging" cfg:"request_logging"`
|
||||
|
||||
@ -76,6 +77,7 @@ func NewOptions() *Options {
|
||||
PassBasicAuth: true,
|
||||
PassAccessToken: false,
|
||||
PassHostHeader: true,
|
||||
ApprovalPrompt: "force",
|
||||
RequestLogging: true,
|
||||
}
|
||||
}
|
||||
@ -165,7 +167,12 @@ func (o *Options) Validate() error {
|
||||
}
|
||||
|
||||
func parseProviderInfo(o *Options, msgs []string) []string {
|
||||
p := &providers.ProviderData{Scope: o.Scope, ClientID: o.ClientID, ClientSecret: o.ClientSecret}
|
||||
p := &providers.ProviderData{
|
||||
Scope: o.Scope,
|
||||
ClientID: o.ClientID,
|
||||
ClientSecret: o.ClientSecret,
|
||||
ApprovalPrompt: o.ApprovalPrompt,
|
||||
}
|
||||
p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs)
|
||||
p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs)
|
||||
p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs)
|
||||
|
@ -5,14 +5,15 @@ import (
|
||||
)
|
||||
|
||||
type ProviderData struct {
|
||||
ProviderName string
|
||||
ClientID string
|
||||
ClientSecret string
|
||||
LoginUrl *url.URL
|
||||
RedeemUrl *url.URL
|
||||
ProfileUrl *url.URL
|
||||
ValidateUrl *url.URL
|
||||
Scope string
|
||||
ProviderName string
|
||||
ClientID string
|
||||
ClientSecret string
|
||||
LoginUrl *url.URL
|
||||
RedeemUrl *url.URL
|
||||
ProfileUrl *url.URL
|
||||
ValidateUrl *url.URL
|
||||
Scope string
|
||||
ApprovalPrompt string
|
||||
}
|
||||
|
||||
func (p *ProviderData) Data() *ProviderData { return p }
|
||||
|
@ -80,7 +80,7 @@ func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
|
||||
a = *p.LoginUrl
|
||||
params, _ := url.ParseQuery(a.RawQuery)
|
||||
params.Set("redirect_uri", redirectURI)
|
||||
params.Set("approval_prompt", "force")
|
||||
params.Set("approval_prompt", p.ApprovalPrompt)
|
||||
params.Add("scope", p.Scope)
|
||||
params.Set("client_id", p.ClientID)
|
||||
params.Set("response_type", "code")
|
||||
|
Loading…
Reference in New Issue
Block a user