Jehiah Czebotar
23cef89236
Merge pull request #431 from ploxiln/nil_upstream_url
...
gracefully report un-parsed upstream URL
2017-08-28 20:46:30 -04:00
Pierce Lopez
3d8b59ef71
options: wrap missing-email-validation error message
2017-08-05 12:55:42 -04:00
Pierce Lopez
e9bbecface
options: gracefully report un-parsed upstream URL
...
upstreamURL is a nil pointer if there is an error parsing --upstream
2017-08-05 12:55:15 -04:00
Christian Svensson
0b117133b9
Remove check for >0 upstreams
...
When used solely for auth_request there is no upstream.
Instead of forcing users to set a dummy upstream, remove
the check.
2017-07-20 21:54:31 +02:00
idntfy
1e7d2a08a3
#369 : Optionally allow skipping authentication for preflight requests
2017-04-07 15:01:47 +03:00
Lukasz Siudut
829b442302
add --set-xauthrequest flag for use in Nginx auth_request mode
...
This is enhancement of #173 to use "Auth Request" consistently in
the command-line option, configuration file and response headers.
It always sets the X-Auth-Request-User response header and if the
email is available, sets X-Auth-Request-Email as well.
2017-03-29 21:28:55 +05:30
Jehiah Czebotar
dcf62d06df
option for skipping OAuth provider SSL verification
2017-03-29 10:57:07 -04:00
Jehiah Czebotar
c5fc7baa86
gofmt
2017-03-29 09:36:38 -04:00
Omar Elazhary
24f91a0b60
Allow to pass user headers only (issue #205 )
...
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
to control whether X-Forwarded-User and X-Forwarded-Email
headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
X-Forwarded-User is needed but HTTP BASIC auth fails
(password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility
[1] http://docs.grafana.org/installation/configuration/#authproxy
2017-01-24 11:11:58 +01:00
tanuck
c015075996
Validate cookie name ( #278 )
...
Validate cookie name passes go's isCookieNameValid check
2016-07-19 15:51:25 -04:00
Jehiah Czebotar
cdebfd6436
base64 cookie support
2016-06-20 07:45:43 -04:00
Jehiah Czebotar
57f82ed71e
Custom footer text (optional)
...
Closes #256 and #166
2016-06-18 23:54:32 -04:00
Jehiah Czebotar
168cff9d4b
Merge pull request #161 from rahdjoudj/master
...
adding option to skip provider button sign_in page
2016-06-18 23:31:39 -04:00
Mike Bland
87d80d6d22
OAUTH2_PROXY_SIGNATURE_KEY env var, README update
2016-02-24 08:23:31 -05:00
Eelco Cramer
10f47e325b
Add Azure Provider
2016-01-20 03:57:17 -05:00
Mike Bland
e4626c1360
Sign Upstream requests with HMAC. closes #147
2015-11-15 22:09:30 -05:00
Reda Ahdjoudj
35547a40cb
adding option to skip provider button sign_in page
2015-11-11 11:42:35 +11:00
Brandon Philips
51a2e4e48c
*: rename Url to URL everywhere
...
Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
2015-11-09 00:47:44 +01:00
Justin Burnham
3fd8f911c2
google: Support restricting access to a specific group(s)
2015-09-09 02:10:32 -07:00
Ed Bardsley
33045a792b
Add a flag to set the value of "approval_prompt".
...
By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
2015-07-31 00:43:47 -07:00
Jehiah Czebotar
1e48d89e00
clarify required email validation settings
2015-07-24 16:09:33 -04:00
Justin Burnham
7dd5d299e1
Add support for setting the basic auth password.
...
For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.
2015-07-24 09:17:43 +00:00
Jehiah Czebotar
d78aa13464
v2.0 & cleanup changes
...
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
2015-06-12 13:07:26 -04:00
Jehiah Czebotar
f5b2b20f67
support TLS directly
2015-06-07 23:14:48 -04:00
Jehiah Czebotar
56d19b1c84
disable email validation; rename email-domain argument
...
This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers
2015-06-06 14:37:54 -04:00
tonymeng
c5ccd43767
Enable specific oauth2proxy path; change cookie name to _oauth2proxy
2015-06-06 14:21:42 -04:00
Jehiah Czebotar
b96a078839
Project Rename -> oauth2_proxy
2015-05-21 02:55:04 -04:00
Jehiah Czebotar
37b38dd2f4
Github provider
2015-05-21 02:21:19 -04:00
Mike Bland
41b21dd0b1
Enforce that cookie_refresh < cookie_expire
2015-05-09 17:37:33 -04:00
Mike Bland
8ec967ac32
Check cookie_secret size when cookie_refresh set
2015-05-09 17:37:33 -04:00
Mike Bland
72857018ee
Introduce validate-url
flag/config
2015-05-08 17:13:35 -04:00
Mike Bland
8e2d83600c
Implement cookie auto-refresh
...
The intention is to refresh the cookie whenever the user accesses an
authenticated service with less than `cookie-refresh` time to go before the
cookie expires.
2015-05-08 14:05:09 -04:00
Mike Bland
cf79fd9e4c
Refactor pass_access_token+cookie_secret check
...
Moves the check from NewOauthProxy() to Options.Validate() and adds a test.
2015-04-07 05:53:40 -04:00
Mike Bland
ad3c9a886f
Pass the access token to the upstream client
...
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
2015-04-03 15:32:01 -04:00
Mike Bland
d9a945ebc3
Integrate Provider into Options and OauthProxy
2015-03-31 09:34:50 -04:00
Jehiah Czebotar
b9b5e817fc
improve request logging (closer to Apache Common Log)
2015-03-19 22:34:01 -04:00
Jehiah Czebotar
de04e0c519
rename cookie secure flag
2015-03-19 14:08:17 -04:00
Jehiah Czebotar
ebae065b11
make redirect_uri optional
2015-03-19 14:03:05 -04:00
Jehiah Czebotar
2b2324e410
support (optional) custom templates
2015-03-17 18:11:58 -04:00
Jehiah Czebotar
263e16eeea
add --proxy-host-header option
2015-03-17 15:53:01 -04:00
Mike Bland
d751bbea4c
Catch more options errors at once; add test
2015-03-16 14:45:20 -04:00
Jehiah Czebotar
601ae6f4ec
Merge pull request #60 from tomtaylor/gofmt-fixes
...
Run gofmt over source
2015-01-19 12:48:57 -05:00
Tom Taylor
5201f26ffc
Run gofmt over source.
2015-01-19 16:10:37 +00:00
Tom Taylor
132e3d91d6
Add flag to enable/disable cookie's HttpOnly flag.
2015-01-19 16:00:49 +00:00
vishnu chilamakuru
c4d25d271f
Adding Support for multi white listed urls with regex url match.
2015-01-12 14:48:41 +05:30
drew
69804e588a
Allow hiding custom login UI even if an htpasswd file is provided.
2014-12-09 14:38:57 -06:00
Jehiah Czebotar
1f515eba3c
options bug fixes; set https cookies on by default
2014-11-09 22:21:46 -05:00
Jehiah Czebotar
9060feb436
better environment parsing
2014-11-09 21:12:36 -05:00
Jehiah Czebotar
d4fe9a4f57
Add config file support
2014-11-09 20:33:12 -05:00