meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
454 Commits 6 Branches 12 Tags 1.8 MiB
2bfcb4ca22
Commit Graph

454 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tanvir Alam
363a0dda16
Merge pull request #448 from mbland/hmacauth 
Switch from 18F/hmacauth to mbland/hmacauth
 2017-11-07 09:46:06 -05:00
Mike Bland
e241fe86d3
Switch from 18F/hmacauth to mbland/hmacauth 
Since I'm no longer with 18F, I've re-released hmacauth under the ISC
license as opposed to the previous CC0 license. There have been no
changes to the hmacauth code itself, and all tests still pass.
 2017-11-07 07:55:24 -05:00
Jehiah Czebotar
28e217dc8f
Merge pull request #496 from talam/update_gitlab_api_endpoint 
providers: update gitlab api endpoint to use latest version, v4
 2017-11-06 13:15:45 -05:00
Tanvir Alam
f2a995b8d9 providers: update gitlab api endpoint to use latest version, v4 2017-11-06 12:05:58 -05:00
Jehiah Czebotar
bfda078caa Merge pull request #376 from reedloden/make-cookie-domain-optional 
Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes
 2017-10-23 14:14:45 -04:00
Jehiah Czebotar
bc1b839f7f Merge pull request #484 from talam/update_assert_package 
Swap out bmizerany/assert package in favor of stretchr/testify/assert
 2017-10-23 13:56:35 -04:00
Tanvir Alam
8a77cfcac3 Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert 2017-10-23 12:24:17 -04:00
Jehiah Czebotar
fd3925d204 Merge pull request #444 from Starefossen/patch-1 
Clarify that GitHub team option in README
 2017-10-23 11:52:21 -04:00
Jehiah Czebotar
b7f9438b8a Merge pull request #473 from jmcarp/oidc-name 
Add OpenID Connect provider name.
 2017-10-13 09:10:44 -04:00
Jehiah Czebotar
f6828631cf Merge pull request #472 from jmcarp/drop-myusa 
Drop deprecated MyUSA provider.
 2017-10-08 13:05:15 -04:00
Joshua Carp
d118cb7bbb Drop deprecated MyUSA provider. 
[Resolves #390]
 2017-10-08 01:01:15 -04:00
Joshua Carp
34d96f8d84 Add OpenID Connect provider name. 2017-10-08 00:40:36 -04:00
Jehiah Czebotar
7b26256df6 Merge pull request #447 from Miouge1/master 
Use read_user as default scope for GitLab
 2017-09-13 10:27:36 -04:00
Miouge1
a32ff08d68 Update test for default GitLab scope 2017-09-12 23:43:49 +02:00
Miouge1
982439a8d8 Reduce the default GitLab scope 2017-09-12 23:42:07 +02:00
Jehiah Czebotar
e87c3eee13 Merge pull request #389 from ericchiang/oidc-provider 
*: add an OpenID Connect provider
 2017-09-09 20:44:59 -04:00
Eric Chiang
cb48577ede *: add an OpenID Connect provider 
See the README for usage with Dex or any other OIDC provider.

To test run a backend:

    python3 -m http.server

Run dex and modify the example config with the proxy callback:

    go get github.com/coreos/dex/cmd/dex
    cd $GOPATH/src/github.com/coreos/dex
    sed -i.bak \
      's|http://127.0.0.1:5555/callback|http://127.0.0.1:5555/oauth2/callback|g' \
       examples/config-dev.yaml
    make
    ./bin/dex serve examples/config-dev.yaml

Then run the oauth2_proxy

    oauth2_proxy \
      --oidc-issuer-url http://127.0.0.1:5556/dex \
      --upstream http://localhost:8000 \
      --client-id example-app \
      --client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
      --cookie-secret foo \
      --email-domain '*' \
      --http-address http://127.0.0.1:5555 \
      --redirect-url http://127.0.0.1:5555/oauth2/callback \
      --cookie-secure=false

Login with the username/password "admin@example.com:password"
 2017-09-08 09:32:51 -07:00
Hans Kristian Flaatten
94574df274 Clarify that GitHub team slug name should be used for the -github-team option 2017-09-05 22:58:53 +02:00
Jehiah Czebotar
b1e29c329b Merge pull request #407 from segmentio/sign-in-redirect 
nginx auth_request: fix -skip-provider-button
 2017-08-28 20:57:09 -04:00
Jehiah Czebotar
678290035c Merge pull request #410 from sobolevn/patch-1 
Updates README.md with svg badge
 2017-08-28 20:50:07 -04:00
Jehiah Czebotar
01ef8162a8 Merge pull request #422 from arnottcr/strip-all-tokens 
strip all tokens
 2017-08-28 20:48:43 -04:00
Jehiah Czebotar
23cef89236 Merge pull request #431 from ploxiln/nil_upstream_url 
gracefully report un-parsed upstream URL
 2017-08-28 20:46:30 -04:00
Jehiah Czebotar
11bdcc96c5 Merge pull request #426 from bluecmd/patch-4 
Remove check for >0 upstreams
 2017-08-28 20:45:26 -04:00
Jehiah Czebotar
79fff53531 Merge pull request #425 from bluecmd/patch-3 
Update cookie generation to match base64 encoding
 2017-08-28 20:44:49 -04:00
Pierce Lopez
3d8b59ef71 options: wrap missing-email-validation error message 2017-08-05 12:55:42 -04:00
Pierce Lopez
e9bbecface options: gracefully report un-parsed upstream URL 
upstreamURL is a nil pointer if there is an error parsing --upstream
 2017-08-05 12:55:15 -04:00
Christian Svensson
0b117133b9 Remove check for >0 upstreams 
When used solely for auth_request there is no upstream.
Instead of forcing users to set a dummy upstream, remove
the check.
 2017-07-20 21:54:31 +02:00
Christian Svensson
f4321c4b45 Update cookie generation to match base64 encoding 
Current code is using URLEncoding but example was using the
standard RFC 4648 encoding. Switch to using the URL
encoding in the example as well.
 2017-07-20 13:28:41 +02:00
Colin Arnott
ba67e5c847
strip all log statements with the endpoint var 2017-07-13 18:33:48 +00:00
Colin Arnott
8d6e16bf22
use base64.RawURLEncoding.DecodeString() in place of a bespoke function 2017-07-13 18:29:58 +00:00
Nikita Sobolev
e6e60c4b60 Updates README.md with svg badge 2017-06-29 09:36:31 +03:00
Alan Braithwaite
b640a69d63 oauthproxy: fix #284 -skip-provider-button for /sign_in route 2017-06-21 15:05:36 -07:00
Jehiah Czebotar
3c51c914ac Merge pull request #405 from bspaans/patch-1 
Update Google Auth Provider instructions
 2017-06-21 09:24:24 -04:00
Bart Spaans
7fea71a4ce Update Google Auth Provider instructions 2017-06-21 11:03:24 +01:00
Jehiah Czebotar
cddd2fcd7c Merge pull request #402 from shividhar/master 
Fix spelling mistake in docs
 2017-06-09 12:23:50 -04:00
Shivansh Dhar
c8c6b66465 Fix spelling mistake in docs 2017-06-09 12:17:24 -04:00
Jehiah Czebotar
6d6cb7e1f8 Merge pull request #392 from arnottcr/master 
[github provider] use Authorization header, not access_token query parameter
 2017-05-26 08:42:07 -04:00
Colin Arnott
17b1fa31dd
use Authorization header, not access_token query parameter 2017-05-18 03:45:34 +00:00
Jehiah Czebotar
f4c356637f Merge pull request #382 from ploxiln/auth_request_readme 
README: nginx auth_request example updates
 2017-05-15 20:50:28 -04:00
Pierce Lopez
6d295f8446 README: nginx auth_request example refresh cookie handling 
how to pass back the refreshed oauth2_proxy cookie from an nginx auth_request
 2017-04-24 17:59:21 -04:00
Pierce Lopez
7f5672b433 README: simplify nginx auth_request example 
/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection

"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.

No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
 2017-04-24 17:56:15 -04:00
Jehiah Czebotar
ea2540bc89 Merge pull request #381 from ploxiln/dist_strip 
dist.sh: use go build option to strip binaries
 2017-04-24 16:34:22 -04:00
Pierce Lopez
68e3178812 dist.sh: use go build option to strip binaries 
30% release binary size reduction
 2017-04-24 16:04:36 -04:00
Pierce Lopez
d7e327d712 bump to version 2.2.1-alpha for development 2017-04-24 16:04:06 -04:00
Reed Loden
b6bd878f27 Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes 
The Cookie Prefixes spec disallows the use of the `domain` attribute in cookies
if the `__Host-` prefix is used
(https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2).

There's no need to set it to the host by default, so make it optional. If it is
set to a non-empty value, still output a warning if it is not a suffix of the
host, as that's likely not wanted.

Fixes #352.
 2017-04-24 13:03:40 -07:00
Jehiah Czebotar
b90a23473f Merge pull request #380 from jehiah/release_380 
Release v2.2
 2017-04-24 12:22:11 -04:00
Jehiah Czebotar
f457a9042a Readme: update --help usage 2017-04-24 12:16:16 -04:00
Jehiah Czebotar
3fa5635d6c
Release 2.2.0 2017-04-24 12:11:23 -04:00
Jehiah Czebotar
f511cac6a6 Merge pull request #365 from travisofthenorth/fix/default-http-address 
Fix url parse error
 2017-04-20 14:57:39 -04:00
Jehiah Czebotar
120a47a526 Merge pull request #370 from idntfy/master 
#369: Optionally allow skipping authentication for preflight requests
 2017-04-07 09:20:33 -04:00