meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
154 Commits 6 Branches 12 Tags 1.8 MiB
c6946893e0
Commit Graph

5 Commits

Author SHA1 Message Date
Mike Bland
8e2d83600c Implement cookie auto-refresh 
The intention is to refresh the cookie whenever the user accesses an
authenticated service with less than `cookie-refresh` time to go before the
cookie expires.
 2015-05-08 14:05:09 -04:00
Mike Bland
9887ac3be5 Refactor cookie building and parsing 
Extracts buildCookieValue() and parseCookieValue() from OauthProxy.ServeHTTP()
and adds tests for both.
 2015-04-07 05:53:41 -04:00
Mike Bland
ad3c9a886f Pass the access token to the upstream client 
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
 2015-04-03 15:32:01 -04:00
Vikrum Nijjar
ad57a9391f Fixed timing attack in cookie validation. 
- Changed from using string == to hmac.Equal
- See more details here: http://verboselogging.com/2012/08/20/a-timing-attack-in-action
 2014-11-08 13:16:39 -05:00
Jehiah Czebotar
fb636396a3 initial code import 2012-12-10 20:59:23 -05:00