Allow to change provider's name (#296)
* Allow to change provider's name. * Add changelog entry. * Linting. * provider-name -> provider-display-name. * Add flag in main.go. * Update CHANGELOG.md
This commit is contained in:
Felix Fontein
Dan Bond
parent
ca0b8375da
commit
11205c7399
|
|
@ -17,6 +17,7 @@
|
||||||
- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard)
|
- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard)
|
||||||
- [#314](https://github.com/pusher/oauth2_proxy/pull/314) Add redirect capability to sign_out (@costelmoraru)
|
- [#314](https://github.com/pusher/oauth2_proxy/pull/314) Add redirect capability to sign_out (@costelmoraru)
|
||||||
- [#265](https://github.com/pusher/oauth2_proxy/pull/265) Add upstream with static response (@cgroschupp)
|
- [#265](https://github.com/pusher/oauth2_proxy/pull/265) Add upstream with static response (@cgroschupp)
|
||||||
|
- [#296](https://github.com/pusher/oauth2_proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster)
|
||||||
|
|
||||||
# v4.0.0
|
# v4.0.0
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -156,6 +156,7 @@ OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many ma
|
||||||
3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args:
|
3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args:
|
||||||
|
|
||||||
-provider oidc
|
-provider oidc
|
||||||
|
-provider-display-name "My OIDC Provider"
|
||||||
-client-id oauth2_proxy
|
-client-id oauth2_proxy
|
||||||
-client-secret proxy
|
-client-secret proxy
|
||||||
-redirect-url http://127.0.0.1:4180/oauth2/callback
|
-redirect-url http://127.0.0.1:4180/oauth2/callback
|
||||||
|
|
|
||||||
|
|
@ -76,6 +76,7 @@ An example [oauth2_proxy.cfg]({{ site.gitweb }}/contrib/oauth2_proxy.cfg.example
|
||||||
| `-pass-user-headers` | bool | pass X-Forwarded-User and X-Forwarded-Email information to upstream | true |
|
| `-pass-user-headers` | bool | pass X-Forwarded-User and X-Forwarded-Email information to upstream | true |
|
||||||
| `-profile-url` | string | Profile access endpoint | |
|
| `-profile-url` | string | Profile access endpoint | |
|
||||||
| `-provider` | string | OAuth provider | google |
|
| `-provider` | string | OAuth provider | google |
|
||||||
|
| `-provider-display-name` | string | Override the provider's name with the given string; used for the sign-in page | (depends on provider) |
|
||||||
| `-ping-path` | string | the ping endpoint that can be used for basic health checks | `"/ping"` |
|
| `-ping-path` | string | the ping endpoint that can be used for basic health checks | `"/ping"` |
|
||||||
| `-proxy-prefix` | string | the url root path that this proxy should be nested under (e.g. /`<oauth2>/sign_in`) | `"/oauth2"` |
|
| `-proxy-prefix` | string | the url root path that this proxy should be nested under (e.g. /`<oauth2>/sign_in`) | `"/oauth2"` |
|
||||||
| `-proxy-websockets` | bool | enables WebSocket proxying | true |
|
| `-proxy-websockets` | bool | enables WebSocket proxying | true |
|
||||||
|
|
|
||||||
1
main.go
1
main.go
|
|
@ -114,6 +114,7 @@ func main() {
|
||||||
flagSet.String("auth-logging-format", logger.DefaultAuthLoggingFormat, "Template for authentication log lines")
|
flagSet.String("auth-logging-format", logger.DefaultAuthLoggingFormat, "Template for authentication log lines")
|
||||||
|
|
||||||
flagSet.String("provider", "google", "OAuth provider")
|
flagSet.String("provider", "google", "OAuth provider")
|
||||||
|
flagSet.String("provider-display-name", "", "Provider display name")
|
||||||
flagSet.String("oidc-issuer-url", "", "OpenID Connect issuer URL (ie: https://accounts.google.com)")
|
flagSet.String("oidc-issuer-url", "", "OpenID Connect issuer URL (ie: https://accounts.google.com)")
|
||||||
flagSet.Bool("insecure-oidc-allow-unverified-email", false, "Don't fail if an email address in an id_token is not verified")
|
flagSet.Bool("insecure-oidc-allow-unverified-email", false, "Don't fail if an email address in an id_token is not verified")
|
||||||
flagSet.Bool("skip-oidc-discovery", false, "Skip OIDC discovery and use manually supplied Endpoints")
|
flagSet.Bool("skip-oidc-discovery", false, "Skip OIDC discovery and use manually supplied Endpoints")
|
||||||
|
|
|
||||||
|
|
@ -82,6 +82,7 @@ type OAuthProxy struct {
|
||||||
redirectURL *url.URL // the url to receive requests at
|
redirectURL *url.URL // the url to receive requests at
|
||||||
whitelistDomains []string
|
whitelistDomains []string
|
||||||
provider providers.Provider
|
provider providers.Provider
|
||||||
|
providerNameOverride string
|
||||||
sessionStore sessionsapi.SessionStore
|
sessionStore sessionsapi.SessionStore
|
||||||
ProxyPrefix string
|
ProxyPrefix string
|
||||||
SignInMessage string
|
SignInMessage string
|
||||||
|
|
@ -284,6 +285,7 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
|
||||||
|
|
||||||
ProxyPrefix: opts.ProxyPrefix,
|
ProxyPrefix: opts.ProxyPrefix,
|
||||||
provider: opts.provider,
|
provider: opts.provider,
|
||||||
|
providerNameOverride: opts.ProviderName,
|
||||||
sessionStore: opts.sessionStore,
|
sessionStore: opts.sessionStore,
|
||||||
serveMux: serveMux,
|
serveMux: serveMux,
|
||||||
redirectURL: redirectURL,
|
redirectURL: redirectURL,
|
||||||
|
|
@ -465,6 +467,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
|
||||||
ProxyPrefix: p.ProxyPrefix,
|
ProxyPrefix: p.ProxyPrefix,
|
||||||
Footer: template.HTML(p.Footer),
|
Footer: template.HTML(p.Footer),
|
||||||
}
|
}
|
||||||
|
if p.providerNameOverride != "" {
|
||||||
|
t.ProviderName = p.providerNameOverride
|
||||||
|
}
|
||||||
p.templates.ExecuteTemplate(rw, "sign_in.html", t)
|
p.templates.ExecuteTemplate(rw, "sign_in.html", t)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -87,6 +87,7 @@ type Options struct {
|
||||||
// These options allow for other providers besides Google, with
|
// These options allow for other providers besides Google, with
|
||||||
// potential overrides.
|
// potential overrides.
|
||||||
Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
|
Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
|
||||||
|
ProviderName string `flag:"provider-display-name" cfg:"provider_display_name" env:"OAUTH2_PROXY_PROVIDER_DISPLAY_NAME"`
|
||||||
OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
|
OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
|
||||||
InsecureOIDCAllowUnverifiedEmail bool `flag:"insecure-oidc-allow-unverified-email" cfg:"insecure_oidc_allow_unverified_email" env:"OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL"`
|
InsecureOIDCAllowUnverifiedEmail bool `flag:"insecure-oidc-allow-unverified-email" cfg:"insecure_oidc_allow_unverified_email" env:"OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL"`
|
||||||
SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_PROXY_SKIP_OIDC_DISCOVERY"`
|
SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_PROXY_SKIP_OIDC_DISCOVERY"`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue