Merge pull request #247 from pusher/release-v4.0.0
Update changelog for v4.0.0 release
This commit is contained in:
commit
d00c14a2a7
26
CHANGELOG.md
26
CHANGELOG.md
@ -1,12 +1,26 @@
|
|||||||
# Vx.x.x (Pre-release)
|
# Vx.x.x (Pre-release)
|
||||||
|
|
||||||
|
## Changes since v4.0.0
|
||||||
|
|
||||||
|
# v4.0.0
|
||||||
|
|
||||||
|
## Release Highlights
|
||||||
|
- Documentation is now on a [microsite](https://pusher.github.io/oauth2_proxy/)
|
||||||
|
- Health check logging can now be disabled for quieter logs
|
||||||
|
- Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users
|
||||||
|
- Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing)
|
||||||
|
- Logging overhaul allows customisable logging formats
|
||||||
|
|
||||||
|
## Important Notes
|
||||||
|
- This release includes a number of breaking changes that will require users to
|
||||||
|
reconfigure their proxies. Please read the Breaking Changes below thoroughly.
|
||||||
|
|
||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Rework GitLab provider (@Overv)
|
- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Rework GitLab provider
|
||||||
- This PR changes the configuration options for the GitLab provider to use
|
- This PR changes the configuration options for the GitLab provider to use
|
||||||
a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than
|
a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than
|
||||||
explicit `-login-url`, `-redeem-url` and `-validate-url` parameters.
|
explicit `-login-url`, `-redeem-url` and `-validate-url` parameters.
|
||||||
|
|
||||||
- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent
|
- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent
|
||||||
- This PR changes configuration options so that all flags have a config counterpart
|
- This PR changes configuration options so that all flags have a config counterpart
|
||||||
of the same name but with underscores (`_`) in place of hyphens (`-`).
|
of the same name but with underscores (`_`) in place of hyphens (`-`).
|
||||||
@ -23,8 +37,7 @@
|
|||||||
This change affects the following existing environment variables:
|
This change affects the following existing environment variables:
|
||||||
- The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`.
|
- The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`.
|
||||||
- The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`.
|
- The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`.
|
||||||
|
- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field
|
||||||
- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath)
|
|
||||||
- This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain
|
- This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain
|
||||||
a username.
|
a username.
|
||||||
In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains
|
In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains
|
||||||
@ -45,7 +58,7 @@
|
|||||||
- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed)
|
- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed)
|
||||||
- [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed)
|
- [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed)
|
||||||
- [#65](https://github.com/pusher/oauth2_proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via
|
- [#65](https://github.com/pusher/oauth2_proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via
|
||||||
the `-skip-jwt-bearer-token` options.
|
the `-skip-jwt-bearer-token` options. (@brianv0)
|
||||||
- Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL
|
- Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL
|
||||||
(e.g. `https://example.com/.well-known/jwks.json`).
|
(e.g. `https://example.com/.well-known/jwks.json`).
|
||||||
- [#180](https://github.com/pusher/oauth2_proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg).
|
- [#180](https://github.com/pusher/oauth2_proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg).
|
||||||
@ -86,7 +99,6 @@
|
|||||||
- Implement two new flags to customize the logging format
|
- Implement two new flags to customize the logging format
|
||||||
- `-standard-logging-format` Sets the format for standard logging
|
- `-standard-logging-format` Sets the format for standard logging
|
||||||
- `-auth-logging-format` Sets the format for auth logging
|
- `-auth-logging-format` Sets the format for auth logging
|
||||||
|
|
||||||
- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
|
- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
|
||||||
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
|
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
|
||||||
- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas)
|
- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas)
|
||||||
@ -94,7 +106,7 @@
|
|||||||
- Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized.
|
- Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized.
|
||||||
- [#195](https://github.com/pusher/oauth2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore)
|
- [#195](https://github.com/pusher/oauth2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore)
|
||||||
- [#198](https://github.com/pusher/oauth2_proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore)
|
- [#198](https://github.com/pusher/oauth2_proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore)
|
||||||
- [#159](https://github.com/pusher/oauth2_proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email`
|
- [#159](https://github.com/pusher/oauth2_proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay)
|
||||||
- [#210](https://github.com/pusher/oauth2_proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore)
|
- [#210](https://github.com/pusher/oauth2_proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore)
|
||||||
- [#201](https://github.com/pusher/oauth2_proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d)
|
- [#201](https://github.com/pusher/oauth2_proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d)
|
||||||
- Implement flags to enable Bitbucket authentication:
|
- Implement flags to enable Bitbucket authentication:
|
||||||
|
@ -15,7 +15,7 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md).
|
|||||||
|
|
||||||
1. Choose how to deploy:
|
1. Choose how to deploy:
|
||||||
|
|
||||||
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v3.2.0`)
|
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v4.0.0`)
|
||||||
|
|
||||||
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
|
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
|
||||||
|
|
||||||
@ -25,7 +25,7 @@ Prebuilt binaries can be validated by extracting the file and verifying it again
|
|||||||
|
|
||||||
```
|
```
|
||||||
sha256sum -c sha256sum.txt 2>&1 | grep OK
|
sha256sum -c sha256sum.txt 2>&1 | grep OK
|
||||||
oauth2_proxy-3.2.0.linux-amd64: OK
|
oauth2_proxy-4.0.0.linux-amd64: OK
|
||||||
```
|
```
|
||||||
|
|
||||||
2. [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration)
|
2. [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration)
|
||||||
|
Loading…
Reference in New Issue
Block a user