Commit Graph

786 Commits

Author SHA1 Message Date
aledeganopix4d
fa6c4792a1 Add Bitbucket provider. (#201)
Add a new provider for Bitbucket,
can be configured from the options
specifying team and/or repository
that the user must be part/have access
to in order to grant login.
2019-08-16 14:53:22 +01:00
Joel Speed
a165928458
Merge pull request #226 from continusec/makeheadersettingdeterministic
Made setting of proxied headers deterministic based on configuration alone
2019-08-16 14:41:14 +01:00
Adam Eijdenberg
d5d4878a29 Made setting of proxied headers deterministic based on configuration
alone

Previously some headers that are normally set by the proxy (and may be
replied upstream for authorization decisiions) were not being set
depending on values in the users sesssion.

This change ensure that if a given header is sometimes set, it will
always be either set or removed.

It might be worth considerating always deleting these headers if we
didn't add them.
2019-08-16 11:44:43 +10:00
Joel Speed
c4559ea372
Merge pull request #241 from thought-machine/fix-docs-links
Fix links in docs
2019-08-15 12:07:37 +01:00
Henry Jenkins
a65d38d181
Merge branch 'master' into fix-docs-links 2019-08-14 12:04:23 +01:00
Henry Jenkins
57851f6850
Merge pull request #239 from bradym/docFormat
Docs only:  format Command Line Options using a table
2019-08-14 12:03:03 +01:00
Joel Speed
7e3ad6b215
Merge branch 'master' into docFormat 2019-08-14 11:12:54 +01:00
Henry Jenkins
c941f3ce0d
Merge branch 'master' into fix-docs-links 2019-08-13 21:23:45 +01:00
Henry Jenkins
9240538939
Merge pull request #244 from ferhatelmas/typo-fix
Fix some typos
2019-08-13 21:23:18 +01:00
Brady Mitchell
272fb96024 add back nginx-auth-request <a name 2019-08-13 09:12:48 -07:00
Brady Mitchell
bc5fc5a513 remove unnecessary <a> tags 2019-08-13 09:01:38 -07:00
Dan Bond
49e124eb87
Merge branch 'master' into typo-fix 2019-08-13 16:25:23 +01:00
Dan Bond
6453e78db3
Merge branch 'master' into docFormat 2019-08-13 16:22:18 +01:00
Joel Speed
b167744b0a
Merge pull request #145 from rtluckie/feature/add_oidc_userinfo_support
Add OIDC support for UserInfo Endpoint Email Verification
2019-08-13 15:35:51 +01:00
ferhat elmas
fb52bdb90c Fix some typos 2019-08-13 12:42:23 +02:00
Ryan Luckie
c457eeb711
Merge branch 'master' into feature/add_oidc_userinfo_support 2019-08-12 17:32:29 -05:00
Brady Mitchell
9938bb95d9
Merge branch 'master' into docFormat 2019-08-11 17:23:33 -07:00
Brady Mitchell
4b985992d8 add missing header border 2019-08-11 17:21:32 -07:00
Henry Jenkins
8b61559b8d Fix links in docs
- Fixed a bunch of references to the repo, which were 404ing
- Fixed a couple of things that 301/302ed
- Fixed some in page references
2019-08-11 16:07:03 +01:00
Henry Jenkins
e1b70dc9f0
Merge pull request #240 from vitaliytv/patch-1
[docs] Fix link to oauth2_proxy.cfg
2019-08-11 15:20:58 +01:00
Vitalii Tverdokhlib
9e37de53e3
docs: fix path to oauth2_proxy.cfg 2019-08-11 14:55:19 +03:00
Brady Mitchell
18156713e3 indent content in ordered list, fixes 165 2019-08-10 21:46:13 -07:00
Brady Mitchell
14c25c1d8a use a table for command line options 2019-08-10 21:45:18 -07:00
Joel Speed
a91cce7ab9
Merge pull request #238 from thought-machine/fix-typo
Fix typos in changelog
2019-08-07 19:36:03 +01:00
hjenkins
02dfa87f11 Fix typos in changelog 2019-08-07 18:00:37 +01:00
jansinger
7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234)
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
2019-08-07 17:48:53 +01:00
mikesiegel
d85660248c Adding docs for how to configure Okta for the OIDC provider (#235)
* Adding documentation for Okta OIDC provider.

* additional clean up.

* Clearer heading

* Forgot a word.

* updated documentation based on ReillyProcentive review.

* Per steakunderscore review: removed defaults. Removed extra hardening steps (expiration, https only etc) not directly related to setting up Okta w/ OIDC
2019-08-07 11:57:18 +01:00
Henry Jenkins
64672c34eb
Merge pull request #236 from thought-machine/slack
Adds reference to slack channel in readme
2019-08-06 12:47:10 +01:00
Dan Bond
c3eac4f6d4
Merge branch 'master' into slack 2019-08-06 12:23:45 +01:00
Alexander Overvoorde
4de49983fb Rework GitLab provider (#231)
* Initial version of OIDC based GitLab provider

* Add support for email domain check to GitLab provider

* Add gitlab.com as default issuer for GitLab provider

* Update documentation for GitLab provider

* Update unit tests for new GitLab provider implementation

* Update CHANGELOG for GitLab provider

* Rename GitLab test access token as response to linter
2019-08-06 12:20:54 +01:00
hjenkins
5f9a65f6b1 Adds reference to slack channel in readme 2019-08-06 12:16:03 +01:00
Justin Palpant
7d910c0ae8 Check Google group membership with hasMember and get. (#224)
* Check Google group membership with hasMember and get.

This PR is an enhancement built on
https://github.com/pusher/oauth2_proxy/pull/160. That PR reduces the
number of calls to the Google Admin API and simplifies the code by
using the hasMember method. It also supports checking membership in
nested groups.

However, the above message doesn't handle members who are not a part
of the domain. The hasMember API returns a 400 for that case. As a
fallback, when the API returns a 400, this change will try using the
`get` API which works as expected for members who aren't a part of the
domain. Supporting members who belong to the Google group but aren't
part of the domain is a requested feature from
https://github.com/pusher/oauth2_proxy/issues/95.

https://developers.google.com/admin-sdk/directory/v1/reference/members/get

Note that nested members who are not a part of the domain will not be
correctly detected with this change.

* Update CHANGELOG.

* Fix incorrect JSON and stop escaping strings.

* Add comments for each scenario.
2019-08-06 10:38:24 +01:00
Henry Jenkins
69c723af81
Merge pull request #232 from ReillyBrogan/fix-changelog-typos
[DOCS] Fix a bunch of places where the repo link was incorrect
2019-08-05 11:28:21 +01:00
Joel Speed
a882788efb
Merge branch 'master' into fix-changelog-typos 2019-08-05 11:17:28 +01:00
Joel Speed
88a7f9f483
Merge pull request #233 from steakunderscore/remove-dep
Remove dep from Travis CI & pre-install modules
2019-08-05 09:44:16 +01:00
hjenkins
8a24dd797f Download modules in travis install step 2019-08-05 09:26:42 +01:00
Henry Jenkins
d346219293 Remove dep from Travis CI
Was missed from previous switch to go modules
2019-08-04 21:24:21 +01:00
Reilly Brogan
1ab63304a1 Fix a bunch of places where the repo link was incorrect 2019-08-03 13:22:42 -05:00
Joel Speed
3f219bd85c
Merge pull request #225 from pusher/fix-codeowners
Fix CODEOWNERS file
2019-07-24 09:37:15 +01:00
Joel Speed
23309adc7c
Fix CODEOWNERS file 2019-07-24 09:21:08 +01:00
Joel Speed
6c4aca957e
Merge pull request #223 from pusher/maintainers
Add MAINTAINERS and update CODEOWNERS
2019-07-23 16:45:32 +01:00
Joel Speed
e48d28d1b9
Add MAINTAINERS and update CODEOWNERS 2019-07-23 16:20:45 +01:00
Ryan Luckie
4a6b703c54 Update CHANGELOG 2019-07-19 09:03:01 -05:00
Ryan Luckie
93cb575d7c Fix error message for clarity 2019-07-19 08:59:29 -05:00
Ryan Luckie
f537720b52 fix lint errors 2019-07-19 08:57:05 -05:00
Ryan Luckie
122ec45dd8 Requested changes 2019-07-19 08:55:14 -05:00
Ryan Luckie
0d94f5e515 fix lint error 2019-07-19 08:53:20 -05:00
Ryan Luckie
2eecf756e4 Add OIDC support for UserInfo Endpoint Email Verification
* Current OIDC implementation asserts that user email check must come
from JWT token claims. OIDC specification also allows for source
of user email to be fetched from userinfo profile endpoint.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

* First, attempt to retrieve email from JWT token claims.  Then fall back to
requesting email from userinfo endpoint.

* Don't fallback to subject for email

https://github.com/bitly/oauth2_proxy/pull/481
2019-07-19 08:53:20 -05:00
Joel Speed
8635391543
Merge pull request #178 from kskewes/pinglog
Add silence-ping-logging flag
2019-07-19 11:30:31 +01:00
Karl
f29e353586
Update options.go
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
2019-07-19 22:11:53 +12:00