meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
700 Commits 6 Branches 12 Tags 1.8 MiB
a83c5eabb6
Commit Graph

12 Commits

Author SHA1 Message Date
Daryl Finlay
018a25be04 Create option to skip verified email check in OIDC provider 2019-07-11 15:29:48 +01:00
Brian Van Klaveren
b895f49c52 Use idToken expiry because that's the time checked for refresh 
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
 2019-06-17 12:51:35 -07:00
Joel Speed
34cbe0497c
Add CreatedAt to SessionState 2019-05-20 11:26:09 +02:00
Joel Speed
2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
Phil Taprogge
56da8387c0
Include JWT sub as User 2019-05-07 11:57:17 +01:00
Aigars Mahinovs
7acec6243b Fall back to using OIDC Subject instead of Email 
Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however.

Issue: #56
 2019-03-08 13:39:08 +01:00
Joel Speed
cac2c9728d
Validate OIDC Session State 2019-01-22 11:34:57 +00:00
Joel Speed
1b638f32ac
Implement refreshing within OIDC provider 2019-01-22 11:34:56 +00:00
Joel Speed
68d4164897
Add Authorization header flags 2019-01-22 11:34:23 +00:00
Joel Speed
e200bd5c20
Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00
Joshua Carp
34d96f8d84 Add OpenID Connect provider name. 2017-10-08 00:40:36 -04:00
Eric Chiang
cb48577ede *: add an OpenID Connect provider 
See the README for usage with Dex or any other OIDC provider.

To test run a backend:

    python3 -m http.server

Run dex and modify the example config with the proxy callback:

    go get github.com/coreos/dex/cmd/dex
    cd $GOPATH/src/github.com/coreos/dex
    sed -i.bak \
      's|http://127.0.0.1:5555/callback|http://127.0.0.1:5555/oauth2/callback|g' \
       examples/config-dev.yaml
    make
    ./bin/dex serve examples/config-dev.yaml

Then run the oauth2_proxy

    oauth2_proxy \
      --oidc-issuer-url http://127.0.0.1:5556/dex \
      --upstream http://localhost:8000 \
      --client-id example-app \
      --client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
      --cookie-secret foo \
      --email-domain '*' \
      --http-address http://127.0.0.1:5555 \
      --redirect-url http://127.0.0.1:5555/oauth2/callback \
      --cookie-secure=false

Login with the username/password "admin@example.com:password"
 2017-09-08 09:32:51 -07:00