From bfdccf681aa643c27014e89db79b76d5780bdb28 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Tue, 27 Nov 2018 11:23:37 +0000 Subject: [PATCH 01/24] Add Fork notice --- CHANGELOG.md | 7 +++ README.md | 137 ++++++++++++++++++++++++++------------------------- 2 files changed, 77 insertions(+), 67 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..714c2b2 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,7 @@ +# Vx.x.x (Pre-release) + +## Changes since v2.2: + +- Repository forked on 27/11/18 + - README updated to include note that this repository is forked + - CHANGLOG created to track changes to repository from original fork diff --git a/README.md b/README.md index 03c753c..d22c4dd 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,13 @@ -oauth2_proxy -================= +# oauth2_proxy A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. -[![Build Status](https://secure.travis-ci.org/bitly/oauth2_proxy.svg?branch=master)](http://travis-ci.org/bitly/oauth2_proxy) +**Note:** This repository was forked from [Bitly/OAuth2_Proxy](https://github.com/bitly/oauth2_proxy) on 27/11/2018. +Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. +A list of changes can be seen in the [CHANGELOG](CHANGELOG.md). +[![Build Status](https://secure.travis-ci.org/bitly/oauth2_proxy.svg?branch=master)](http://travis-ci.org/bitly/oauth2_proxy) ![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png) @@ -15,15 +17,17 @@ to validate accounts by email, domain or group. ## Installation -1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.2`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` -Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v2.3`. +1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.2`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` + Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v2.3`. + ``` sha256sum -c sha256sum.txt 2>&1 | grep OK oauth2_proxy-2.3.linux-amd64: OK ``` -2. Select a Provider and Register an OAuth Application with a Provider -3. Configure OAuth2 Proxy using config file, command line options, or environment variables -4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx) + +2. Select a Provider and Register an OAuth Application with a Provider +3. Configure OAuth2 Proxy using config file, command line options, or environment variables +4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx) ## OAuth Provider Configuration @@ -31,12 +35,12 @@ You will need to register an OAuth application with a Provider (Google, GitHub o Valid providers are : -* [Google](#google-auth-provider) *default* -* [Azure](#azure-auth-provider) -* [Facebook](#facebook-auth-provider) -* [GitHub](#github-auth-provider) -* [GitLab](#gitlab-auth-provider) -* [LinkedIn](#linkedin-auth-provider) +- [Google](#google-auth-provider) _default_ +- [Azure](#azure-auth-provider) +- [Facebook](#facebook-auth-provider) +- [GitHub](#github-auth-provider) +- [GitLab](#gitlab-auth-provider) +- [LinkedIn](#linkedin-auth-provider) The provider can be selected using the `provider` configuration value. @@ -44,61 +48,62 @@ The provider can be selected using the `provider` configuration value. For Google, the registration steps are: -1. Create a new project: https://console.developers.google.com/project -2. Choose the new project from the top right project dropdown (only if another project is selected) -3. In the project Dashboard center pane, choose **"API Manager"** -4. In the left Nav pane, choose **"Credentials"** -5. In the center pane, choose **"OAuth consent screen"** tab. Fill in **"Product name shown to users"** and hit save. -6. In the center pane, choose **"Credentials"** tab. - * Open the **"New credentials"** drop down - * Choose **"OAuth client ID"** - * Choose **"Web application"** - * Application name is freeform, choose something appropriate - * Authorized JavaScript origins is your domain ex: `https://internal.yourcompany.com` - * Authorized redirect URIs is the location of oauth2/callback ex: `https://internal.yourcompany.com/oauth2/callback` - * Choose **"Create"** -4. Take note of the **Client ID** and **Client Secret** +1. Create a new project: https://console.developers.google.com/project +2. Choose the new project from the top right project dropdown (only if another project is selected) +3. In the project Dashboard center pane, choose **"API Manager"** +4. In the left Nav pane, choose **"Credentials"** +5. In the center pane, choose **"OAuth consent screen"** tab. Fill in **"Product name shown to users"** and hit save. +6. In the center pane, choose **"Credentials"** tab. + - Open the **"New credentials"** drop down + - Choose **"OAuth client ID"** + - Choose **"Web application"** + - Application name is freeform, choose something appropriate + - Authorized JavaScript origins is your domain ex: `https://internal.yourcompany.com` + - Authorized redirect URIs is the location of oauth2/callback ex: `https://internal.yourcompany.com/oauth2/callback` + - Choose **"Create"** +7. Take note of the **Client ID** and **Client Secret** It's recommended to refresh sessions on a short interval (1h) with `cookie-refresh` setting which validates that the account is still authorized. #### Restrict auth to specific Google groups on your domain. (optional) -1. Create a service account: https://developers.google.com/identity/protocols/OAuth2ServiceAccount and make sure to download the json file. -2. Make note of the Client ID for a future step. -3. Under "APIs & Auth", choose APIs. -4. Click on Admin SDK and then Enable API. -5. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: +1. Create a service account: https://developers.google.com/identity/protocols/OAuth2ServiceAccount and make sure to download the json file. +2. Make note of the Client ID for a future step. +3. Under "APIs & Auth", choose APIs. +4. Click on Admin SDK and then Enable API. +5. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: + ``` https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.user.readonly ``` -6. Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. -7. Create or choose an existing administrative email address on the Gmail domain to assign to the ```google-admin-email``` flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. -8. Create or choose an existing email group and set that email to the ```google-group``` flag. You can pass multiple instances of this flag with different groups -and the user will be checked against all the provided groups. -9. Lock down the permissions on the json file downloaded from step 1 so only oauth2_proxy is able to read the file and set the path to the file in the ```google-service-account-json``` flag. + +6. Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. +7. Create or choose an existing administrative email address on the Gmail domain to assign to the `google-admin-email` flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. +8. Create or choose an existing email group and set that email to the `google-group` flag. You can pass multiple instances of this flag with different groups + and the user will be checked against all the provided groups. +9. Lock down the permissions on the json file downloaded from step 1 so only oauth2_proxy is able to read the file and set the path to the file in the `google-service-account-json` flag. 10. Restart oauth2_proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ). ### Azure Auth Provider -1. [Add an application](https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/) to your Azure Active Directory tenant. -2. On the App properties page provide the correct Sign-On URL ie `https://internal.yourcompany.com/oauth2/callback` -3. If applicable take note of your `TenantID` and provide it via the `--azure-tenant=` commandline option. Default the `common` tenant is used. +1. [Add an application](https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/) to your Azure Active Directory tenant. +2. On the App properties page provide the correct Sign-On URL ie `https://internal.yourcompany.com/oauth2/callback` +3. If applicable take note of your `TenantID` and provide it via the `--azure-tenant=` commandline option. Default the `common` tenant is used. The Azure AD auth provider uses `openid` as it default scope. It uses `https://graph.windows.net` as a default protected resource. It call to `https://graph.windows.net/me` to get the email address of the user that logs in. - ### Facebook Auth Provider -1. Create a new FB App from -2. Under FB Login, set your Valid OAuth redirect URIs to `https://internal.yourcompany.com/oauth2/callback` +1. Create a new FB App from +2. Under FB Login, set your Valid OAuth redirect URIs to `https://internal.yourcompany.com/oauth2/callback` ### GitHub Auth Provider -1. Create a new project: https://github.com/settings/developers -2. Under `Authorization callback URL` enter the correct url ie `https://internal.yourcompany.com/oauth2/callback` +1. Create a new project: https://github.com/settings/developers +2. Under `Authorization callback URL` enter the correct url ie `https://internal.yourcompany.com/oauth2/callback` The GitHub auth provider supports two additional parameters to restrict authentication to Organization or Team level access. Restricting by org and team is normally accompanied with `--email-domain=*` @@ -121,17 +126,16 @@ If you are using self-hosted GitLab, make sure you set the following to the appr -redeem-url="/oauth/token" -validate-url="/api/v4/user" - ### LinkedIn Auth Provider For LinkedIn, the registration steps are: -1. Create a new project: https://www.linkedin.com/secure/developer -2. In the OAuth User Agreement section: - * In default scope, select r_basicprofile and r_emailaddress. - * In "OAuth 2.0 Redirect URLs", enter `https://internal.yourcompany.com/oauth2/callback` -3. Fill in the remaining required fields and Save. -4. Take note of the **Consumer Key / API Key** and **Consumer Secret / Secret Key** +1. Create a new project: https://www.linkedin.com/secure/developer +2. In the OAuth User Agreement section: + - In default scope, select r_basicprofile and r_emailaddress. + - In "OAuth 2.0 Redirect URLs", enter `https://internal.yourcompany.com/oauth2/callback` +3. Fill in the remaining required fields and Save. +4. Take note of the **Consumer Key / API Key** and **Consumer Secret / Secret Key** ### Microsoft Azure AD Provider @@ -143,9 +147,9 @@ Take note of your `TenantId` if applicable for your situation. The `TenantId` ca OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. -1. Launch a Dex instance using the [getting started guide](https://github.com/coreos/dex/blob/master/Documentation/getting-started.md). -2. Setup oauth2_proxy with the correct provider and using the default ports and callbacks. -3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args: +1. Launch a Dex instance using the [getting started guide](https://github.com/coreos/dex/blob/master/Documentation/getting-started.md). +2. Setup oauth2_proxy with the correct provider and using the default ports and callbacks. +3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args: -provider oidc -client-id oauth2_proxy @@ -253,7 +257,7 @@ The following environment variables can be used in place of the corresponding co There are two recommended configurations. -1) Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert=/path/to/cert.pem` and `--tls-key=/path/to/cert.key`. +1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert=/path/to/cert.pem` and `--tls-key=/path/to/cert.key`. The command line to run `oauth2_proxy` in this configuration would look like this: @@ -270,8 +274,7 @@ The command line to run `oauth2_proxy` in this configuration would look like thi --client-secret=... ``` - -2) Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... +2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... Because `oauth2_proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or @@ -321,12 +324,12 @@ The command line to run `oauth2_proxy` in this configuration would look like thi OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The `/oauth2` prefix can be changed with the `--proxy-prefix` config variable. -* /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see [robotstxt.org](http://www.robotstxt.org/) for more info -* /ping - returns an 200 OK response -* /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) -* /oauth2/start - a URL that will redirect to start the OAuth cycle -* /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. -* /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the [Nginx `auth_request` directive](#nginx-auth-request) +- /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see [robotstxt.org](http://www.robotstxt.org/) for more info +- /ping - returns an 200 OK response +- /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) +- /oauth2/start - a URL that will redirect to start the OAuth cycle +- /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. +- /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the [Nginx `auth_request` directive](#nginx-auth-request) ## Request signatures @@ -341,9 +344,9 @@ in `oauthproxy.go`](./oauthproxy.go). For more information about HMAC request signature validation, read the following: -* [Amazon Web Services: Signing and Authenticating REST +- [Amazon Web Services: Signing and Authenticating REST Requests](https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) -* [rc3.org: Using HMAC to authenticate Web service +- [rc3.org: Using HMAC to authenticate Web service requests](http://rc3.org/2011/12/02/using-hmac-to-authenticate-web-service-requests/) ## Logging Format From 847cf25228ad0a830de87e6408e4c451a4168450 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Tue, 27 Nov 2018 11:45:05 +0000 Subject: [PATCH 02/24] Move imports from bitly to pusher --- CHANGELOG.md | 1 + Gopkg.lock | 65 +++++++++++++++++++++++++++++---- oauthproxy.go | 4 +- oauthproxy_test.go | 2 +- options.go | 2 +- providers/azure.go | 2 +- providers/facebook.go | 2 +- providers/gitlab.go | 2 +- providers/internal_util.go | 2 +- providers/linkedin.go | 2 +- providers/provider_default.go | 2 +- providers/providers.go | 2 +- providers/session_state.go | 2 +- providers/session_state_test.go | 2 +- templates.go | 2 +- 15 files changed, 72 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 714c2b2..d8445f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Changes since v2.2: +- Move Go import path from `github.com/bitly/oauth2_proxy` to `github.com/pusher/oauth2_proxy` - Repository forked on 27/11/18 - README updated to include note that this repository is forked - CHANGLOG created to track changes to repository from original fork diff --git a/Gopkg.lock b/Gopkg.lock index 5a3758a..ac492c0 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,118 +2,149 @@ [[projects]] + digest = "1:b24249f5a5e6fbe1eddc94b25973172339ccabeadef4779274f3ed0167c18812" name = "cloud.google.com/go" packages = ["compute/metadata"] + pruneopts = "" revision = "2d3a6656c17a60b0815b7e06ab0be04eacb6e613" version = "v0.16.0" [[projects]] + digest = "1:289dd4d7abfb3ad2b5f728fbe9b1d5c1bf7d265a3eb9ef92869af1f7baba4c7a" name = "github.com/BurntSushi/toml" packages = ["."] + pruneopts = "" revision = "b26d9c308763d68093482582cea63d69be07a0f0" version = "v0.3.0" [[projects]] + digest = "1:512883404c2a99156e410e9880e3bb35ecccc0c07c1159eb204b5f3ef3c431b3" name = "github.com/bitly/go-simplejson" packages = ["."] + pruneopts = "" revision = "aabad6e819789e569bd6aabf444c935aa9ba1e44" version = "v0.5.0" [[projects]] branch = "v2" + digest = "1:e5a238f8fa890e529d7e493849bbae8988c9e70344e4630cc4f9a11b00516afb" name = "github.com/coreos/go-oidc" packages = ["."] + pruneopts = "" revision = "77e7f2010a464ade7338597afe650dfcffbe2ca8" [[projects]] + digest = "1:56c130d885a4aacae1dd9c7b71cfe39912c7ebc1ff7d2b46083c8812996dc43b" name = "github.com/davecgh/go-spew" packages = ["spew"] + pruneopts = "" revision = "346938d642f2ec3594ed81d874461961cd0faa76" version = "v1.1.0" [[projects]] branch = "master" + digest = "1:3b760d3b93f994df8eb1d9ebfad17d3e9e37edcb7f7efaa15b427c0d7a64f4e4" name = "github.com/golang/protobuf" packages = ["proto"] + pruneopts = "" revision = "1e59b77b52bf8e4b449a57e6f79f21226d571845" [[projects]] + digest = "1:af67386ca553c04c6222f7b5b2f17bc97a5dfb3b81b706882c7fd8c72c30cf8f" name = "github.com/mbland/hmacauth" packages = ["."] + pruneopts = "" revision = "107c17adcc5eccc9935cd67d9bc2feaf5255d2cb" version = "1.0.2" [[projects]] branch = "master" + digest = "1:9408fb9c637c103010e5147469c232ce6b68edc840879cc730a2a15918e6cae8" name = "github.com/mreiferson/go-options" packages = ["."] + pruneopts = "" revision = "77551d20752b54535462404ad9d877ebdb26e53d" [[projects]] + digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411" name = "github.com/pmezard/go-difflib" packages = ["difflib"] + pruneopts = "" revision = "792786c7400a136282c1664665ae0a8db921c6c2" version = "v1.0.0" [[projects]] branch = "master" + digest = "1:386e12afcfd8964907c92dffd106860c0dedd71dbefae14397b77b724a13343b" name = "github.com/pquerna/cachecontrol" packages = [ ".", - "cacheobject" + "cacheobject", ] + pruneopts = "" revision = "0dec1b30a0215bb68605dfc568e8855066c9202d" [[projects]] + digest = "1:3926a4ec9a4ff1a072458451aa2d9b98acd059a45b38f7335d31e06c3d6a0159" name = "github.com/stretchr/testify" packages = ["assert"] + pruneopts = "" revision = "69483b4bd14f5845b5a1e55bca19e954e827f1d0" version = "v1.1.4" [[projects]] branch = "master" + digest = "1:f6a006d27619a4d93bf9b66fe1999b8c8d1fa62bdc63af14f10fbe6fcaa2aa1a" name = "golang.org/x/crypto" packages = [ "bcrypt", "blowfish", "ed25519", - "ed25519/internal/edwards25519" + "ed25519/internal/edwards25519", ] + pruneopts = "" revision = "9f005a07e0d31d45e6656d241bb5c0f2efd4bc94" [[projects]] branch = "master" + digest = "1:130b1bec86c62e121967ee0c69d9c263dc2d3ffe6c7c9a82aca4071c4d068861" name = "golang.org/x/net" packages = [ "context", - "context/ctxhttp" + "context/ctxhttp", ] + pruneopts = "" revision = "9dfe39835686865bff950a07b394c12a98ddc811" [[projects]] branch = "master" + digest = "1:4a61176e8386727e4847b21a5a2625ce56b9c518bc543a28226503e701265db0" name = "golang.org/x/oauth2" packages = [ ".", "google", "internal", "jws", - "jwt" + "jwt", ] + pruneopts = "" revision = "9ff8ebcc8e241d46f52ecc5bff0e5a2f2dbef402" [[projects]] branch = "master" + digest = "1:dc1fb726dbbe79c86369941eae1e3b431b8fc6f11dbd37f7899dc758a43cc3ed" name = "google.golang.org/api" packages = [ "admin/directory/v1", "gensupport", "googleapi", - "googleapi/internal/uritemplates" + "googleapi/internal/uritemplates", ] + pruneopts = "" revision = "8791354e7ab150705ede13637a18c1fcc16b62e8" [[projects]] + digest = "1:934fb8966f303ede63aa405e2c8d7f0a427a05ea8df335dfdc1833dd4d40756f" name = "google.golang.org/appengine" packages = [ ".", @@ -125,30 +156,48 @@ "internal/modules", "internal/remote_api", "internal/urlfetch", - "urlfetch" + "urlfetch", ] + pruneopts = "" revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a" version = "v1.0.0" [[projects]] + digest = "1:cb5b2a45a3dd41c01ff779c54ae4c8aab0271d6d3b3f734c8a8bd2c890299ef2" name = "gopkg.in/fsnotify.v1" packages = ["."] + pruneopts = "" revision = "836bfd95fecc0f1511dd66bdbf2b5b61ab8b00b6" version = "v1.2.11" [[projects]] + digest = "1:be4ed0a2b15944dd777a663681a39260ed05f9c4e213017ed2e2255622c8820c" name = "gopkg.in/square/go-jose.v2" packages = [ ".", "cipher", - "json" + "json", ] + pruneopts = "" revision = "f8f38de21b4dcd69d0413faf231983f5fd6634b1" version = "v2.1.3" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "b502c41a61115d14d6379be26b0300f65d173bdad852f0170d387ebf2d7ec173" + input-imports = [ + "github.com/BurntSushi/toml", + "github.com/bitly/go-simplejson", + "github.com/coreos/go-oidc", + "github.com/mbland/hmacauth", + "github.com/mreiferson/go-options", + "github.com/stretchr/testify/assert", + "golang.org/x/crypto/bcrypt", + "golang.org/x/oauth2", + "golang.org/x/oauth2/google", + "google.golang.org/api/admin/directory/v1", + "google.golang.org/api/googleapi", + "gopkg.in/fsnotify.v1", + ] solver-name = "gps-cdcl" solver-version = 1 diff --git a/oauthproxy.go b/oauthproxy.go index 21e5dfc..fb94c1e 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -14,8 +14,8 @@ import ( "strings" "time" - "github.com/bitly/oauth2_proxy/cookie" - "github.com/bitly/oauth2_proxy/providers" + "github.com/pusher/oauth2_proxy/cookie" + "github.com/pusher/oauth2_proxy/providers" "github.com/mbland/hmacauth" ) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 1e6b314..ccfbf09 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -15,7 +15,7 @@ import ( "testing" "time" - "github.com/bitly/oauth2_proxy/providers" + "github.com/pusher/oauth2_proxy/providers" "github.com/mbland/hmacauth" "github.com/stretchr/testify/assert" ) diff --git a/options.go b/options.go index 949fbba..34c4ca8 100644 --- a/options.go +++ b/options.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/bitly/oauth2_proxy/providers" + "github.com/pusher/oauth2_proxy/providers" oidc "github.com/coreos/go-oidc" "github.com/mbland/hmacauth" ) diff --git a/providers/azure.go b/providers/azure.go index 1ba8a79..0c925bb 100644 --- a/providers/azure.go +++ b/providers/azure.go @@ -4,7 +4,7 @@ import ( "errors" "fmt" "github.com/bitly/go-simplejson" - "github.com/bitly/oauth2_proxy/api" + "github.com/pusher/oauth2_proxy/api" "log" "net/http" "net/url" diff --git a/providers/facebook.go b/providers/facebook.go index 7abb9fe..a322c69 100644 --- a/providers/facebook.go +++ b/providers/facebook.go @@ -6,7 +6,7 @@ import ( "net/http" "net/url" - "github.com/bitly/oauth2_proxy/api" + "github.com/pusher/oauth2_proxy/api" ) type FacebookProvider struct { diff --git a/providers/gitlab.go b/providers/gitlab.go index 124d719..83df5e2 100644 --- a/providers/gitlab.go +++ b/providers/gitlab.go @@ -5,7 +5,7 @@ import ( "net/http" "net/url" - "github.com/bitly/oauth2_proxy/api" + "github.com/pusher/oauth2_proxy/api" ) type GitLabProvider struct { diff --git a/providers/internal_util.go b/providers/internal_util.go index 924d411..b2d3b71 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -6,7 +6,7 @@ import ( "net/http" "net/url" - "github.com/bitly/oauth2_proxy/api" + "github.com/pusher/oauth2_proxy/api" ) // stripToken is a helper function to obfuscate "access_token" diff --git a/providers/linkedin.go b/providers/linkedin.go index 971734c..8d02e95 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -6,7 +6,7 @@ import ( "net/http" "net/url" - "github.com/bitly/oauth2_proxy/api" + "github.com/pusher/oauth2_proxy/api" ) type LinkedInProvider struct { diff --git a/providers/provider_default.go b/providers/provider_default.go index 355e6c3..6fc8638 100644 --- a/providers/provider_default.go +++ b/providers/provider_default.go @@ -9,7 +9,7 @@ import ( "net/http" "net/url" - "github.com/bitly/oauth2_proxy/cookie" + "github.com/pusher/oauth2_proxy/cookie" ) func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error) { diff --git a/providers/providers.go b/providers/providers.go index 70e707b..ad5f1e8 100644 --- a/providers/providers.go +++ b/providers/providers.go @@ -1,7 +1,7 @@ package providers import ( - "github.com/bitly/oauth2_proxy/cookie" + "github.com/pusher/oauth2_proxy/cookie" ) type Provider interface { diff --git a/providers/session_state.go b/providers/session_state.go index 805c702..c2ae9f4 100644 --- a/providers/session_state.go +++ b/providers/session_state.go @@ -6,7 +6,7 @@ import ( "strings" "time" - "github.com/bitly/oauth2_proxy/cookie" + "github.com/pusher/oauth2_proxy/cookie" ) type SessionState struct { diff --git a/providers/session_state_test.go b/providers/session_state_test.go index d3cc8f8..f34f292 100644 --- a/providers/session_state_test.go +++ b/providers/session_state_test.go @@ -6,7 +6,7 @@ import ( "testing" "time" - "github.com/bitly/oauth2_proxy/cookie" + "github.com/pusher/oauth2_proxy/cookie" "github.com/stretchr/testify/assert" ) diff --git a/templates.go b/templates.go index ef99918..ec5d0b2 100644 --- a/templates.go +++ b/templates.go @@ -142,7 +142,7 @@ func getTemplates() *template.Template {