public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 131ad2280e into 110d51d1d7

This commit is contained in:
Drew Foehn 2025-10-28 13:42:08 +00:00 committed by GitHub
parent 110d51d1d7 131ad2280e
commit 8c8b90bbab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -11,6 +11,7 @@
- [#3228](https://github.com/oauth2-proxy/oauth2-proxy/pull/3228) fix: use GetSecret() in ticket.go makeCookie to respect cookie-secret-file (@stagswtf)
- [#3244](https://github.com/oauth2-proxy/oauth2-proxy/pull/3244) chore(deps): upgrade to latest go1.25.3 (@tuunit)
- [#3238](https://github.com/oauth2-proxy/oauth2-proxy/pull/3238) chore: Replace pkg/clock with narrowly targeted stub clocks (@dsymonds)
- [#3236](https://github.com/oauth2-proxy/oauth2-proxy/pull/3236) Updated the Google Provider's token endpoint to match Google OIDC's token endpoint. As listed in https://accounts.google.com/.well-known/openid-configuration this token endpoint provides additional claims in the id token such as profile photo and full name (@pixeldrew)
# V7.12.0

21
providers/google.go
View File

@ -67,19 +67,26 @@ var (
}
// Default Redeem URL for Google.
// Pre-parsed URL of https://www.googleapis.com/oauth2/v3/token.
// pulled from https://accounts.google.com/.well-known/openid-configuration
googleDefaultRedeemURL = &url.URL{
Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v3/token",
Host: "oauth2.googleapis.com",
Path: "/token",
}
// Default Validation URL for Google.
// Pre-parsed URL of https://www.googleapis.com/oauth2/v1/tokeninfo.
// https://developers.google.com/identity/sign-in/android/backend-auth#calling-the-tokeninfo-endpoint
googleDefaultValidateURL = &url.URL{
Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v1/tokeninfo",
Host: "oauth2.googleapis.com",
Path: "/tokeninfo",
}
// pulled from https://openidconnect.googleapis.com/v1/userinfo
googleDefaultProfileURL = &url.URL{
Scheme: "https",
Host: "openidconnect.googleapis.com",
Path: "/v1/userinfo",
}
)
@ -89,7 +96,7 @@ func NewGoogleProvider(p *ProviderData, opts options.GoogleOptions) (*GoogleProv
name: googleProviderName,
loginURL: googleDefaultLoginURL,
redeemURL: googleDefaultRedeemURL,
profileURL: nil,
profileURL: googleDefaultProfileURL,
validateURL: googleDefaultValidateURL,
scope: googleDefaultScope,
})

6
providers/google_test.go
View File

@ -51,9 +51,9 @@ func TestNewGoogleProvider(t *testing.T) {
g.Expect(providerData.ProviderName).To(Equal("Google"))
g.Expect(providerData.LoginURL.String()).To(Equal("https://accounts.google.com/o/oauth2/auth?access_type=offline"))
g.Expect(providerData.RedeemURL.String()).To(Equal("https://www.googleapis.com/oauth2/v3/token"))
g.Expect(providerData.ProfileURL.String()).To(Equal(""))
g.Expect(providerData.ValidateURL.String()).To(Equal("https://www.googleapis.com/oauth2/v1/tokeninfo"))
g.Expect(providerData.RedeemURL.String()).To(Equal("https://oauth2.googleapis.com/token"))
g.Expect(providerData.ProfileURL.String()).To(Equal("https://openidconnect.googleapis.com/v1/userinfo"))
g.Expect(providerData.ValidateURL.String()).To(Equal("https://oauth2.googleapis.com/tokeninfo"))
g.Expect(providerData.Scope).To(Equal("profile email"))
}