Joshua Carp
d118cb7bbb
Drop deprecated MyUSA provider.
...
[Resolves #390 ]
2017-10-08 01:01:15 -04:00
Joshua Carp
34d96f8d84
Add OpenID Connect provider name.
2017-10-08 00:40:36 -04:00
Jehiah Czebotar
7b26256df6
Merge pull request #447 from Miouge1/master
...
Use read_user as default scope for GitLab
2017-09-13 10:27:36 -04:00
Miouge1
a32ff08d68
Update test for default GitLab scope
2017-09-12 23:43:49 +02:00
Miouge1
982439a8d8
Reduce the default GitLab scope
2017-09-12 23:42:07 +02:00
Jehiah Czebotar
e87c3eee13
Merge pull request #389 from ericchiang/oidc-provider
...
*: add an OpenID Connect provider
2017-09-09 20:44:59 -04:00
Eric Chiang
cb48577ede
*: add an OpenID Connect provider
...
See the README for usage with Dex or any other OIDC provider.
To test run a backend:
python3 -m http.server
Run dex and modify the example config with the proxy callback:
go get github.com/coreos/dex/cmd/dex
cd $GOPATH/src/github.com/coreos/dex
sed -i.bak \
's|http://127.0.0.1:5555/callback |http://127.0.0.1:5555/oauth2/callback |g' \
examples/config-dev.yaml
make
./bin/dex serve examples/config-dev.yaml
Then run the oauth2_proxy
oauth2_proxy \
--oidc-issuer-url http://127.0.0.1:5556/dex \
--upstream http://localhost:8000 \
--client-id example-app \
--client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
--cookie-secret foo \
--email-domain '*' \
--http-address http://127.0.0.1:5555 \
--redirect-url http://127.0.0.1:5555/oauth2/callback \
--cookie-secure=false
Login with the username/password "admin@example.com:password"
2017-09-08 09:32:51 -07:00
Hans Kristian Flaatten
94574df274
Clarify that GitHub team slug name should be used for the -github-team
option
2017-09-05 22:58:53 +02:00
Jehiah Czebotar
b1e29c329b
Merge pull request #407 from segmentio/sign-in-redirect
...
nginx auth_request: fix -skip-provider-button
2017-08-28 20:57:09 -04:00
Jehiah Czebotar
678290035c
Merge pull request #410 from sobolevn/patch-1
...
Updates README.md with svg badge
2017-08-28 20:50:07 -04:00
Jehiah Czebotar
01ef8162a8
Merge pull request #422 from arnottcr/strip-all-tokens
...
strip all tokens
2017-08-28 20:48:43 -04:00
Jehiah Czebotar
23cef89236
Merge pull request #431 from ploxiln/nil_upstream_url
...
gracefully report un-parsed upstream URL
2017-08-28 20:46:30 -04:00
Jehiah Czebotar
11bdcc96c5
Merge pull request #426 from bluecmd/patch-4
...
Remove check for >0 upstreams
2017-08-28 20:45:26 -04:00
Jehiah Czebotar
79fff53531
Merge pull request #425 from bluecmd/patch-3
...
Update cookie generation to match base64 encoding
2017-08-28 20:44:49 -04:00
Pierce Lopez
3d8b59ef71
options: wrap missing-email-validation error message
2017-08-05 12:55:42 -04:00
Pierce Lopez
e9bbecface
options: gracefully report un-parsed upstream URL
...
upstreamURL is a nil pointer if there is an error parsing --upstream
2017-08-05 12:55:15 -04:00
Christian Svensson
0b117133b9
Remove check for >0 upstreams
...
When used solely for auth_request there is no upstream.
Instead of forcing users to set a dummy upstream, remove
the check.
2017-07-20 21:54:31 +02:00
Christian Svensson
f4321c4b45
Update cookie generation to match base64 encoding
...
Current code is using URLEncoding but example was using the
standard RFC 4648 encoding. Switch to using the URL
encoding in the example as well.
2017-07-20 13:28:41 +02:00
Colin Arnott
ba67e5c847
strip all log statements with the endpoint var
2017-07-13 18:33:48 +00:00
Colin Arnott
8d6e16bf22
use base64.RawURLEncoding.DecodeString() in place of a bespoke function
2017-07-13 18:29:58 +00:00
Nikita Sobolev
e6e60c4b60
Updates README.md with svg badge
2017-06-29 09:36:31 +03:00
Alan Braithwaite
b640a69d63
oauthproxy: fix #284 -skip-provider-button for /sign_in route
2017-06-21 15:05:36 -07:00
Jehiah Czebotar
3c51c914ac
Merge pull request #405 from bspaans/patch-1
...
Update Google Auth Provider instructions
2017-06-21 09:24:24 -04:00
Bart Spaans
7fea71a4ce
Update Google Auth Provider instructions
2017-06-21 11:03:24 +01:00
Jehiah Czebotar
cddd2fcd7c
Merge pull request #402 from shividhar/master
...
Fix spelling mistake in docs
2017-06-09 12:23:50 -04:00
Shivansh Dhar
c8c6b66465
Fix spelling mistake in docs
2017-06-09 12:17:24 -04:00
Jehiah Czebotar
6d6cb7e1f8
Merge pull request #392 from arnottcr/master
...
[github provider] use Authorization header, not access_token query parameter
2017-05-26 08:42:07 -04:00
Colin Arnott
17b1fa31dd
use Authorization header, not access_token query parameter
2017-05-18 03:45:34 +00:00
Jehiah Czebotar
f4c356637f
Merge pull request #382 from ploxiln/auth_request_readme
...
README: nginx auth_request example updates
2017-05-15 20:50:28 -04:00
Pierce Lopez
6d295f8446
README: nginx auth_request example refresh cookie handling
...
how to pass back the refreshed oauth2_proxy cookie from an nginx auth_request
2017-04-24 17:59:21 -04:00
Pierce Lopez
7f5672b433
README: simplify nginx auth_request example
...
/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection
"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.
No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
2017-04-24 17:56:15 -04:00
Jehiah Czebotar
ea2540bc89
Merge pull request #381 from ploxiln/dist_strip
...
dist.sh: use go build option to strip binaries
2017-04-24 16:34:22 -04:00
Pierce Lopez
68e3178812
dist.sh: use go build option to strip binaries
...
30% release binary size reduction
2017-04-24 16:04:36 -04:00
Pierce Lopez
d7e327d712
bump to version 2.2.1-alpha for development
2017-04-24 16:04:06 -04:00
Reed Loden
b6bd878f27
Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes
...
The Cookie Prefixes spec disallows the use of the `domain` attribute in cookies
if the `__Host-` prefix is used
(https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2 ).
There's no need to set it to the host by default, so make it optional. If it is
set to a non-empty value, still output a warning if it is not a suffix of the
host, as that's likely not wanted.
Fixes #352 .
2017-04-24 13:03:40 -07:00
Jehiah Czebotar
b90a23473f
Merge pull request #380 from jehiah/release_380
...
Release v2.2
2017-04-24 12:22:11 -04:00
Jehiah Czebotar
f457a9042a
Readme: update --help usage
2017-04-24 12:16:16 -04:00
Jehiah Czebotar
3fa5635d6c
Release 2.2.0
2017-04-24 12:11:23 -04:00
Jehiah Czebotar
f511cac6a6
Merge pull request #365 from travisofthenorth/fix/default-http-address
...
Fix url parse error
2017-04-20 14:57:39 -04:00
Jehiah Czebotar
120a47a526
Merge pull request #370 from idntfy/master
...
#369 : Optionally allow skipping authentication for preflight requests
2017-04-07 09:20:33 -04:00
idntfy
1e7d2a08a3
#369 : Optionally allow skipping authentication for preflight requests
2017-04-07 15:01:47 +03:00
Travis Hunter
f983933d88
Parse http address without url
2017-04-02 16:23:27 -04:00
Jehiah Czebotar
af7be2d622
Merge pull request #319 from advarisk/auth-request
...
various fixes for getting Nginx auth_request mode working
2017-03-29 12:14:24 -04:00
Ashish Kulkarni
fe44b89f57
update documentation for Nginx auth_request mode
2017-03-29 21:28:55 +05:30
Sjoerd Mulder
90a22b2f39
Use X-Auth-Request-Redirect request header in sign-in page
...
This is useful in Nginx auth_request mode, if a 401 handler is
configured to redirect to the sign-in page. As the request URL
does not reflect the actual URL, the value is taken from the
header "X-Auth-Request-Redirect" instead. Based on #247
2017-03-29 21:28:55 +05:30
Lukasz Siudut
829b442302
add --set-xauthrequest flag for use in Nginx auth_request mode
...
This is enhancement of #173 to use "Auth Request" consistently in
the command-line option, configuration file and response headers.
It always sets the X-Auth-Request-User response header and if the
email is available, sets X-Auth-Request-Email as well.
2017-03-29 21:28:55 +05:30
Jehiah Czebotar
93852a24cb
Merge pull request #362 from jehiah/ssl_insecure_skip_verify_362
...
Option to skip SSL verification
2017-03-29 11:02:26 -04:00
Jehiah Czebotar
dcf62d06df
option for skipping OAuth provider SSL verification
2017-03-29 10:57:07 -04:00
Jehiah Czebotar
bb9b607440
Merge pull request #361 from jehiah/gofmt_361
...
travis: run gofmt and go vet
2017-03-29 09:53:19 -04:00
Jehiah Czebotar
c5fc7baa86
gofmt
2017-03-29 09:36:38 -04:00