From 9823971b7d9e7e5f24a988b488c8a0955dbafaa8 Mon Sep 17 00:00:00 2001 From: Daryl Finlay Date: Thu, 11 Jul 2019 15:58:31 +0100 Subject: [PATCH] Make insecure-oidc-allow-unverified-email configuration usage consistent --- docs/configuration/configuration.md | 2 +- main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index d7cdcd9..016fe3a 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -63,7 +63,7 @@ Usage of oauth2_proxy: -jwt-key string: private key in PEM format used to sign JWT, so that you can say something like -jwt-key="${OAUTH2_PROXY_JWT_KEY}": required by login.gov -jwt-key-file string: path to the private key file in PEM format used to sign the JWT so that you can say something like -jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov -login-url string: Authentication endpoint - -oidc-allow-unverified-email: don't fail if an email address in an id_token is not verified + -insecure-oidc-allow-unverified-email: don't fail if an email address in an id_token is not verified -oidc-issuer-url: the OpenID Connect issuer URL. ie: "https://accounts.google.com" -oidc-jwks-url string: OIDC JWKS URI for token verification; required if OIDC discovery is disabled -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header diff --git a/main.go b/main.go index 4187257..f82205d 100644 --- a/main.go +++ b/main.go @@ -104,7 +104,7 @@ func main() { flagSet.String("provider", "google", "OAuth provider") flagSet.String("oidc-issuer-url", "", "OpenID Connect issuer URL (ie: https://accounts.google.com)") - flagSet.Bool("oidc-allow-unverified-email", false, "Don't fail if an email address in an id_token is not verified") + flagSet.Bool("insecure-oidc-allow-unverified-email", false, "Don't fail if an email address in an id_token is not verified") flagSet.Bool("skip-oidc-discovery", false, "Skip OIDC discovery and use manually supplied Endpoints") flagSet.String("oidc-jwks-url", "", "OpenID Connect JWKS URL (ie: https://www.googleapis.com/oauth2/v3/certs)") flagSet.String("login-url", "", "Authentication endpoint")