Readme Updates
This commit is contained in:
parent
4d3b1c4e29
commit
a80aad04f7
72
README.md
72
README.md
@ -1,10 +1,10 @@
|
|||||||
oaut2_proxy
|
oauth2_proxy
|
||||||
=================
|
=================
|
||||||
|
|
||||||
(This project was formerly known as Google Auth Proxy)
|
<small>(This project was renamed from Google Auth Proxy - May 2015)</small>
|
||||||
|
|
||||||
A reverse proxy that provides authentication using Providers (Google, Github, and others)
|
A reverse proxy that provides authentication using Providers (Google, Github, and others)
|
||||||
to validate individual accounts, or a whole email domain.
|
to validate accounts by email, domain or group.
|
||||||
|
|
||||||
[![Build Status](https://secure.travis-ci.org/bitly/oauth2_proxy.png?branch=master)](http://travis-ci.org/bitly/oauth2_proxy)
|
[![Build Status](https://secure.travis-ci.org/bitly/oauth2_proxy.png?branch=master)](http://travis-ci.org/bitly/oauth2_proxy)
|
||||||
|
|
||||||
@ -13,28 +13,29 @@ to validate individual accounts, or a whole email domain.
|
|||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
```
|
![oauth2_proxy_arch](https://cloud.githubusercontent.com/assets/45028/7749664/35fef390-ff9d-11e4-8d51-21a7ba78f857.png)
|
||||||
_______ ______________ __________
|
|
||||||
|Nginx| ----> |oauth2_proxy| ----> |upstream|
|
|
||||||
------- -------------- ----------
|
|
||||||
||
|
|
||||||
\/
|
|
||||||
[provider OAuth2 API]
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) or build from `master` with `$ go get github.com/bitly/oauth2_proxy` which should put the binary in `$GOROOT/bin`
|
1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v1.1.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
|
||||||
2. Register an OAuth Application with a Provider
|
2. Register an OAuth Application with a Provider
|
||||||
3. Configure Google Auth Proxy using config file, command line options, or environment variables
|
3. Configure Oauth2 Proxy using config file, command line options, or environment variables
|
||||||
4. Deploy behind a SSL endpoint (example provided for Nginx)
|
4. Deploy behind a SSL endpoint (example provided for Nginx)
|
||||||
|
|
||||||
## OAuth Configuration
|
## OAuth Provider Configuration
|
||||||
|
|
||||||
You will need to register an OAuth application with Google (or [another
|
You will need to register an OAuth application with a Provider (Google, Github or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2_proxy` on.
|
||||||
provider](#providers)), and configure it with Redirect URI(s) for the domain
|
|
||||||
you intend to run `OAUTH2_PROXY` on.
|
Valid providers are :
|
||||||
|
|
||||||
|
* [Google](#google-auth-provider) *default*
|
||||||
|
* [GitHub](#github-auth-provider)
|
||||||
|
* [LinkedIn](#linkedin-auth-provider)
|
||||||
|
* [MyUSA](#myusa-auth-provider)
|
||||||
|
|
||||||
|
The provider can be selected using the `provider` configuration value.
|
||||||
|
|
||||||
|
### Google Auth Provider
|
||||||
|
|
||||||
For Google, the registration steps are:
|
For Google, the registration steps are:
|
||||||
|
|
||||||
@ -49,6 +50,19 @@ For Google, the registration steps are:
|
|||||||
* Fill in the necessary fields and Save (this is _required_)
|
* Fill in the necessary fields and Save (this is _required_)
|
||||||
5. Take note of the **Client ID** and **Client Secret**
|
5. Take note of the **Client ID** and **Client Secret**
|
||||||
|
|
||||||
|
### GitHub Auth Provider
|
||||||
|
|
||||||
|
1. Create a new project: https://github.com/settings/developers
|
||||||
|
2. Under `Authorization callback URL` enter the correct url ie `https://internal.yourcompany.com/oauth2/callback`
|
||||||
|
|
||||||
|
The GitHub auth provider supports two additional parameters to restrict authentication to Organization or Team level access.
|
||||||
|
|
||||||
|
-github-org="": restrict logins to members of this organisation
|
||||||
|
-github-team="": restrict logins to members of this team
|
||||||
|
|
||||||
|
|
||||||
|
### LinkedIn Auth Provider
|
||||||
|
|
||||||
For LinkedIn, the registration steps are:
|
For LinkedIn, the registration steps are:
|
||||||
|
|
||||||
1. Create a new project: https://www.linkedin.com/secure/developer
|
1. Create a new project: https://www.linkedin.com/secure/developer
|
||||||
@ -58,13 +72,17 @@ For LinkedIn, the registration steps are:
|
|||||||
3. Fill in the remaining required fields and Save.
|
3. Fill in the remaining required fields and Save.
|
||||||
4. Take note of the **Consumer Key / API Key** and **Consumer Secret / Secret Key**
|
4. Take note of the **Consumer Key / API Key** and **Consumer Secret / Secret Key**
|
||||||
|
|
||||||
|
### MyUSA Auth Provider
|
||||||
|
|
||||||
|
The [MyUSA](https://alpha.my.usa.gov) authentication service ([GitHub](https://github.com/18F/myusa))
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
`oauth2_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables).
|
`oauth2_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables).
|
||||||
|
|
||||||
### Config File
|
### Config File
|
||||||
|
|
||||||
An example [OAUTH2_PROXY.cfg](contrib/oauth2_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2_proxy.cfg`
|
An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2_proxy.cfg`
|
||||||
|
|
||||||
### Command Line Options
|
### Command Line Options
|
||||||
|
|
||||||
@ -168,23 +186,11 @@ OAuth2 Proxy Proxy logs requests to stdout in a format similar to Apache Combine
|
|||||||
<REMOTE_ADDRESS> - <user@domain.com> [19/Mar/2015:17:20:19 -0400] <HOST_HEADER> GET <UPSTREAM_HOST> "/path/" HTTP/1.1 "<USER_AGENT>" <RESPONSE_CODE> <RESPONSE_BYTES> <REQUEST_DURATION>
|
<REMOTE_ADDRESS> - <user@domain.com> [19/Mar/2015:17:20:19 -0400] <HOST_HEADER> GET <UPSTREAM_HOST> "/path/" HTTP/1.1 "<USER_AGENT>" <RESPONSE_CODE> <RESPONSE_BYTES> <REQUEST_DURATION>
|
||||||
```
|
```
|
||||||
|
|
||||||
## <a name="providers"></a>Providers
|
|
||||||
|
|
||||||
Authentication providers can be specified by the `providers` flag/config
|
|
||||||
directive. Right now this includes:
|
|
||||||
|
|
||||||
* `google` - (default) [Google](https://console.developers.google.com/project)
|
|
||||||
* `myusa` - The [MyUSA](https://alpha.my.usa.gov) authentication service
|
|
||||||
([GitHub](https://github.com/18F/myusa))
|
|
||||||
* `linkedin` - The [LinkedIn](https://developer.linkedin.com/docs/signin-with-linkedin) Sign In service.
|
|
||||||
* `github` - Via [Github][https://github.com/settings/developers] OAuth App. Also supports restricting via org and team.
|
|
||||||
|
|
||||||
-github-org="": restrict logins to members of this organisation
|
|
||||||
-github-team="": restrict logins to members of this team
|
|
||||||
|
|
||||||
## Adding a new Provider
|
## Adding a new Provider
|
||||||
|
|
||||||
Follow the examples in the [`providers` package](providers/) to define a new
|
Follow the examples in the [`providers` package](providers/) to define a new
|
||||||
`Provider` instance. Add a new `case` to
|
`Provider` instance. Add a new `case` to
|
||||||
[`providers.New()`](providers/providers.go) to allow the auth proxy to use the
|
[`providers.New()`](providers/providers.go) to allow `oauth2_proxy` to use the
|
||||||
new `Provider`.
|
new `Provider`.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user