From b138872beaaa7f47d43a1c0fef11a67f57e61eff Mon Sep 17 00:00:00 2001 From: Patrick Fuller Date: Sun, 16 Jul 2017 16:07:59 -0500 Subject: [PATCH] Access token forwarding through nginx auth request Related to #420. --- README.md | 2 ++ oauthproxy.go | 3 +++ 2 files changed, 5 insertions(+) diff --git a/README.md b/README.md index 85fd920..5484267 100644 --- a/README.md +++ b/README.md @@ -370,8 +370,10 @@ server { # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; + auth_request_set $token $upstream_http_x_auth_request_access_token; # Available with --pass-access-token flag proxy_set_header X-User $user; proxy_set_header X-Email $email; + proxy_set_header X-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; diff --git a/oauthproxy.go b/oauthproxy.go index dd2b58e..19ed0e3 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -680,6 +680,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int if session.Email != "" { rw.Header().Set("X-Auth-Request-Email", session.Email) } + if p.PassAccessToken && session.AccessToken != "" { + rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken) + } } if p.PassAccessToken && session.AccessToken != "" { req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}