Add a flag to set the value of "approval_prompt".

By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
This commit is contained in:
Ed Bardsley 2015-07-25 16:27:49 -07:00
parent 5ff8aa3581
commit 33045a792b
5 changed files with 26 additions and 16 deletions

View File

@ -94,6 +94,7 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
``` ```
Usage of oauth2_proxy: Usage of oauth2_proxy:
-approval_prompt="force": Oauth approval_prompt
-authenticated-emails-file="": authenticate against emails via file (one per line) -authenticated-emails-file="": authenticate against emails via file (one per line)
-client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com" -client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
-client-secret="": the OAuth Client Secret -client-secret="": the OAuth Client Secret

View File

@ -63,6 +63,7 @@ func main() {
flagSet.String("profile-url", "", "Profile access endpoint") flagSet.String("profile-url", "", "Profile access endpoint")
flagSet.String("validate-url", "", "Access token validation endpoint") flagSet.String("validate-url", "", "Access token validation endpoint")
flagSet.String("scope", "", "Oauth scope specification") flagSet.String("scope", "", "Oauth scope specification")
flagSet.String("approval-prompt", "force", "Oauth approval_prompt")
flagSet.Parse(os.Args[1:]) flagSet.Parse(os.Args[1:])

View File

@ -46,12 +46,13 @@ type Options struct {
// These options allow for other providers besides Google, with // These options allow for other providers besides Google, with
// potential overrides. // potential overrides.
Provider string `flag:"provider" cfg:"provider"` Provider string `flag:"provider" cfg:"provider"`
LoginUrl string `flag:"login-url" cfg:"login_url"` LoginUrl string `flag:"login-url" cfg:"login_url"`
RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"` RedeemUrl string `flag:"redeem-url" cfg:"redeem_url"`
ProfileUrl string `flag:"profile-url" cfg:"profile_url"` ProfileUrl string `flag:"profile-url" cfg:"profile_url"`
ValidateUrl string `flag:"validate-url" cfg:"validate_url"` ValidateUrl string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"` Scope string `flag:"scope" cfg:"scope"`
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"`
RequestLogging bool `flag:"request-logging" cfg:"request_logging"` RequestLogging bool `flag:"request-logging" cfg:"request_logging"`
@ -76,6 +77,7 @@ func NewOptions() *Options {
PassBasicAuth: true, PassBasicAuth: true,
PassAccessToken: false, PassAccessToken: false,
PassHostHeader: true, PassHostHeader: true,
ApprovalPrompt: "force",
RequestLogging: true, RequestLogging: true,
} }
} }
@ -165,7 +167,12 @@ func (o *Options) Validate() error {
} }
func parseProviderInfo(o *Options, msgs []string) []string { func parseProviderInfo(o *Options, msgs []string) []string {
p := &providers.ProviderData{Scope: o.Scope, ClientID: o.ClientID, ClientSecret: o.ClientSecret} p := &providers.ProviderData{
Scope: o.Scope,
ClientID: o.ClientID,
ClientSecret: o.ClientSecret,
ApprovalPrompt: o.ApprovalPrompt,
}
p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs) p.LoginUrl, msgs = parseUrl(o.LoginUrl, "login", msgs)
p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs) p.RedeemUrl, msgs = parseUrl(o.RedeemUrl, "redeem", msgs)
p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs) p.ProfileUrl, msgs = parseUrl(o.ProfileUrl, "profile", msgs)

View File

@ -5,14 +5,15 @@ import (
) )
type ProviderData struct { type ProviderData struct {
ProviderName string ProviderName string
ClientID string ClientID string
ClientSecret string ClientSecret string
LoginUrl *url.URL LoginUrl *url.URL
RedeemUrl *url.URL RedeemUrl *url.URL
ProfileUrl *url.URL ProfileUrl *url.URL
ValidateUrl *url.URL ValidateUrl *url.URL
Scope string Scope string
ApprovalPrompt string
} }
func (p *ProviderData) Data() *ProviderData { return p } func (p *ProviderData) Data() *ProviderData { return p }

View File

@ -80,7 +80,7 @@ func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
a = *p.LoginUrl a = *p.LoginUrl
params, _ := url.ParseQuery(a.RawQuery) params, _ := url.ParseQuery(a.RawQuery)
params.Set("redirect_uri", redirectURI) params.Set("redirect_uri", redirectURI)
params.Set("approval_prompt", "force") params.Set("approval_prompt", p.ApprovalPrompt)
params.Add("scope", p.Scope) params.Add("scope", p.Scope)
params.Set("client_id", p.ClientID) params.Set("client_id", p.ClientID)
params.Set("response_type", "code") params.Set("response_type", "code")