Merge remote-tracking branch 'origin/master' into enhanced_logging
This commit is contained in:
commit
45742d326d
@ -16,6 +16,8 @@
|
||||
- Implement two new flags to customize the logging format
|
||||
- `-standard-logging-format` Sets the format for standard logging
|
||||
- `-auth-logging-format` Sets the format for auth logging
|
||||
- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
|
||||
|
||||
|
||||
# v3.1.0
|
||||
|
||||
|
@ -220,6 +220,7 @@ Usage of oauth2_proxy:
|
||||
-logging-max-backups int: Maximum number of old log files to retain; 0 to disable (default 0)
|
||||
-logging-max-size int: Maximum size in megabytes of the log file before rotation (default 100)
|
||||
-login-url string: Authentication endpoint
|
||||
-oidc-issuer-url: the OpenID Connect issuer URL. ie: "https://accounts.google.com"
|
||||
-pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
|
||||
-pass-authorization-header: pass OIDC IDToken to upstream via Authorization Bearer header
|
||||
-pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
|
||||
@ -478,6 +479,10 @@ server {
|
||||
proxy_set_header X-User $user;
|
||||
proxy_set_header X-Email $email;
|
||||
|
||||
# if you enabled --pass-access-token, this will pass the token to the backend
|
||||
auth_request_set $token $upstream_http_x_auth_request_access_token;
|
||||
proxy_set_header X-Access-Token $token;
|
||||
|
||||
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
|
||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
|
1
configure
vendored
1
configure
vendored
@ -106,6 +106,7 @@ check_docker_version() {
|
||||
|
||||
check_go_env() {
|
||||
echo -n "Checking \$GOPATH... "
|
||||
GOPATH="$(go env GOPATH)"
|
||||
if [ -z "$GOPATH" ]; then
|
||||
printf "${RED}invalid${NC} - GOPATH not set\n"
|
||||
exit 1
|
||||
|
@ -887,6 +887,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
|
||||
if session.Email != "" {
|
||||
rw.Header().Set("X-Auth-Request-Email", session.Email)
|
||||
}
|
||||
if p.PassAccessToken && session.AccessToken != "" {
|
||||
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
|
||||
}
|
||||
}
|
||||
if p.PassAccessToken && session.AccessToken != "" {
|
||||
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
|
||||
|
Loading…
Reference in New Issue
Block a user