Access token forwarding through nginx auth request

Related to #420.
This commit is contained in:
Patrick Fuller 2017-07-16 16:07:59 -05:00
parent 3c51c914ac
commit b138872bea
2 changed files with 5 additions and 0 deletions

View File

@ -370,8 +370,10 @@ server {
# requires running with --set-xauthrequest flag # requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email; auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $token $upstream_http_x_auth_request_access_token; # Available with --pass-access-token flag
proxy_set_header X-User $user; proxy_set_header X-User $user;
proxy_set_header X-Email $email; proxy_set_header X-Email $email;
proxy_set_header X-Token $token;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request # if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie;

View File

@ -680,6 +680,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
if session.Email != "" { if session.Email != "" {
rw.Header().Set("X-Auth-Request-Email", session.Email) rw.Header().Set("X-Auth-Request-Email", session.Email)
} }
if p.PassAccessToken && session.AccessToken != "" {
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
}
} }
if p.PassAccessToken && session.AccessToken != "" { if p.PassAccessToken && session.AccessToken != "" {
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken} req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}