Mark option to skip verified email check as insecure
This commit is contained in:
parent
018a25be04
commit
39b6a42d43
@ -81,7 +81,7 @@ type Options struct {
|
|||||||
// potential overrides.
|
// potential overrides.
|
||||||
Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
|
Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
|
||||||
OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
|
OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
|
||||||
OIDCAllowUnverifiedEmail bool `flag:"oidc-allow-unverified-email" cfg:"oidc_allow_unverified_email" env:"OAUTH2_PROXY_OIDC_ALLOW_UNVERIFIED_EMAIL"`
|
InsecureOIDCAllowUnverifiedEmail bool `flag:"insecure-oidc-allow-unverified-email" cfg:"insecure_oidc_allow_unverified_email" env:"OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL"`
|
||||||
SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"`
|
SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"`
|
||||||
OIDCJwksURL string `flag:"oidc-jwks-url" cfg:"oidc_jwks_url" env:"OAUTH2_OIDC_JWKS_URL"`
|
OIDCJwksURL string `flag:"oidc-jwks-url" cfg:"oidc_jwks_url" env:"OAUTH2_OIDC_JWKS_URL"`
|
||||||
LoginURL string `flag:"login-url" cfg:"login_url" env:"OAUTH2_PROXY_LOGIN_URL"`
|
LoginURL string `flag:"login-url" cfg:"login_url" env:"OAUTH2_PROXY_LOGIN_URL"`
|
||||||
@ -157,7 +157,7 @@ func NewOptions() *Options {
|
|||||||
SetAuthorization: false,
|
SetAuthorization: false,
|
||||||
PassAuthorization: false,
|
PassAuthorization: false,
|
||||||
ApprovalPrompt: "force",
|
ApprovalPrompt: "force",
|
||||||
OIDCAllowUnverifiedEmail: false,
|
InsecureOIDCAllowUnverifiedEmail: false,
|
||||||
SkipOIDCDiscovery: false,
|
SkipOIDCDiscovery: false,
|
||||||
LoggingFilename: "",
|
LoggingFilename: "",
|
||||||
LoggingMaxSize: 100,
|
LoggingMaxSize: 100,
|
||||||
@ -399,7 +399,7 @@ func parseProviderInfo(o *Options, msgs []string) []string {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
case *providers.OIDCProvider:
|
case *providers.OIDCProvider:
|
||||||
p.AllowUnverifiedEmail = o.OIDCAllowUnverifiedEmail
|
p.AllowUnverifiedEmail = o.InsecureOIDCAllowUnverifiedEmail
|
||||||
if o.oidcVerifier == nil {
|
if o.oidcVerifier == nil {
|
||||||
msgs = append(msgs, "oidc provider requires an oidc issuer URL")
|
msgs = append(msgs, "oidc provider requires an oidc issuer URL")
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user