Readme: update --help usage

This commit is contained in:
Jehiah Czebotar 2017-04-24 12:16:16 -04:00
parent 3fa5635d6c
commit f457a9042a

View File

@ -157,54 +157,56 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
``` ```
Usage of oauth2_proxy: Usage of oauth2_proxy:
-approval-prompt="force": Oauth approval_prompt -approval-prompt string: OAuth approval_prompt (default "force")
-authenticated-emails-file="": authenticate against emails via file (one per line) -authenticated-emails-file string: authenticate against emails via file (one per line)
-azure-tenant="common": go to a tenant-specific or common (tenant-independent) endpoint. -azure-tenant string: go to a tenant-specific or common (tenant-independent) endpoint. (default "common")
-basic-auth-password="": the password to set when passing the HTTP Basic Auth header -basic-auth-password string: the password to set when passing the HTTP Basic Auth header
-client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com" -client-id string: the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
-client-secret="": the OAuth Client Secret -client-secret string: the OAuth Client Secret
-config="": path to config file -config string: path to config file
-cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)* -cookie-domain string: an optional cookie domain to force cookies to (ie: .yourcompany.com)*
-cookie-expire=168h0m0s: expire timeframe for cookie -cookie-expire duration: expire timeframe for cookie (default 168h0m0s)
-cookie-httponly=true: set HttpOnly cookie flag -cookie-httponly: set HttpOnly cookie flag (default true)
-cookie-name="_oauth2_proxy": the name of the cookie that the oauth_proxy creates -cookie-name string: the name of the cookie that the oauth_proxy creates (default "_oauth2_proxy")
-cookie-refresh=0: refresh the cookie after this duration; 0 to disable -cookie-refresh duration: refresh the cookie after this duration; 0 to disable
-cookie-secret="": the seed string for secure cookies -cookie-secret string: the seed string for secure cookies (optionally base64 encoded)
-cookie-secure=true: set secure (HTTPS) cookie flag -cookie-secure: set secure (HTTPS) cookie flag (default true)
-custom-templates-dir="": path to custom html templates -custom-templates-dir string: path to custom html templates
-display-htpasswd-form=true: display username / password login form if an htpasswd file is provided -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
-email-domain=: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
-github-org="": restrict logins to members of this organisation -footer string: custom footer string. Use "-" to disable default footer.
-github-team="": restrict logins to members of this team -github-org string: restrict logins to members of this organisation
-google-admin-email="": the google admin to impersonate for api calls -github-team string: restrict logins to members of this team
-google-group=: restrict logins to members of this google group (may be given multiple times). -google-admin-email string: the google admin to impersonate for api calls
-google-service-account-json="": the path to the service account json credentials -google-group value: restrict logins to members of this google group (may be given multiple times).
-htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption -google-service-account-json string: the path to the service account json credentials
-http-address="127.0.0.1:4180": [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients -htpasswd-file string: additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
-https-address=":443": <addr>:<port> to listen on for HTTPS clients -http-address string: [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients (default "127.0.0.1:4180")
-login-url="": Authentication endpoint -https-address string: <addr>:<port> to listen on for HTTPS clients (default ":443")
-pass-access-token=false: pass OAuth access_token to upstream via X-Forwarded-Access-Token header -login-url string: Authentication endpoint
-pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
-pass-user-headers=true: pass X-Forwarded-User and X-Forwarded-Email information to upstream -pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
-pass-host-header=true: pass the request Host Header to upstream -pass-host-header: pass the request Host Header to upstream (default true)
-profile-url="": Profile access endpoint -pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
-provider="google": OAuth provider -profile-url string: Profile access endpoint
-proxy-prefix="/oauth2": the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) -provider string: OAuth provider (default "google")
-redeem-url="": Token redemption endpoint -proxy-prefix string: the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) (default "/oauth2")
-redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" -redeem-url string: Token redemption endpoint
-resource="": the resource that is being protected. ie: "https://graph.windows.net". Currently only used in the Azure provider. -redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
-request-logging=true: Log requests to stdout -request-logging: Log requests to stdout (default true)
-scope="": Oauth scope specification -resource string: The resource that is protected (Azure AD only)
-signature-key="": GAP-Signature request signature key (algorithm:secretkey) -scope string: OAuth scope specification
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times) -set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
-skip-auth-preflight=false: bypass authentication for OPTIONAL requests so preflight requests could succeed when using CORS -signature-key string: GAP-Signature request signature key (algorithm:secretkey)
-skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start -skip-auth-preflight: will skip authentication for OPTIONS requests
-skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
-skip-provider-button: will skip sign-in-page to directly reach the next step: oauth/start
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS -ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
-tls-cert="": path to certificate file -tls-cert string: path to certificate file
-tls-key="": path to private key file -tls-key string: path to private key file
-upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path -upstream value: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
-validate-url="": Access token validation endpoint -validate-url string: Access token validation endpoint
-version=false: print version string -version: print version string
``` ```
See below for provider specific options See below for provider specific options