Merge remote-tracking branch 'origin/master' into enhanced_logging

This commit is contained in:
MisterWil 2019-02-26 08:27:06 -08:00
commit 45742d326d
4 changed files with 11 additions and 0 deletions

View File

@ -16,6 +16,8 @@
- Implement two new flags to customize the logging format - Implement two new flags to customize the logging format
- `-standard-logging-format` Sets the format for standard logging - `-standard-logging-format` Sets the format for standard logging
- `-auth-logging-format` Sets the format for auth logging - `-auth-logging-format` Sets the format for auth logging
- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
# v3.1.0 # v3.1.0

View File

@ -220,6 +220,7 @@ Usage of oauth2_proxy:
-logging-max-backups int: Maximum number of old log files to retain; 0 to disable (default 0) -logging-max-backups int: Maximum number of old log files to retain; 0 to disable (default 0)
-logging-max-size int: Maximum size in megabytes of the log file before rotation (default 100) -logging-max-size int: Maximum size in megabytes of the log file before rotation (default 100)
-login-url string: Authentication endpoint -login-url string: Authentication endpoint
-oidc-issuer-url: the OpenID Connect issuer URL. ie: "https://accounts.google.com"
-pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
-pass-authorization-header: pass OIDC IDToken to upstream via Authorization Bearer header -pass-authorization-header: pass OIDC IDToken to upstream via Authorization Bearer header
-pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true) -pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
@ -478,6 +479,10 @@ server {
proxy_set_header X-User $user; proxy_set_header X-User $user;
proxy_set_header X-Email $email; proxy_set_header X-Email $email;
# if you enabled --pass-access-token, this will pass the token to the backend
auth_request_set $token $upstream_http_x_auth_request_access_token;
proxy_set_header X-Access-Token $token;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request # if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie; add_header Set-Cookie $auth_cookie;

1
configure vendored
View File

@ -106,6 +106,7 @@ check_docker_version() {
check_go_env() { check_go_env() {
echo -n "Checking \$GOPATH... " echo -n "Checking \$GOPATH... "
GOPATH="$(go env GOPATH)"
if [ -z "$GOPATH" ]; then if [ -z "$GOPATH" ]; then
printf "${RED}invalid${NC} - GOPATH not set\n" printf "${RED}invalid${NC} - GOPATH not set\n"
exit 1 exit 1

View File

@ -887,6 +887,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
if session.Email != "" { if session.Email != "" {
rw.Header().Set("X-Auth-Request-Email", session.Email) rw.Header().Set("X-Auth-Request-Email", session.Email)
} }
if p.PassAccessToken && session.AccessToken != "" {
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
}
} }
if p.PassAccessToken && session.AccessToken != "" { if p.PassAccessToken && session.AccessToken != "" {
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken} req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}