public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 8419af869d into e4becfdf1f

This commit is contained in:
Drew Foehn 2025-11-11 19:36:52 +00:00 committed by GitHub
parent e4becfdf1f 8419af869d
commit 8ff3a43ab8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -8,6 +8,8 @@
## Changes since v7.13.0
- [#3236](https://github.com/oauth2-proxy/oauth2-proxy/pull/3236) Updated the Google Provider's token endpoint to match Google OIDC's token endpoint. As listed in https://accounts.google.com/.well-known/openid-configuration this token endpoint provides additional claims in the id token such as profile photo and full name (@pixeldrew)
# V7.13.0
## Release Highlights

21
providers/google.go
View File

@ -69,19 +69,26 @@ var (
}
// Default Redeem URL for Google.
// Pre-parsed URL of https://www.googleapis.com/oauth2/v3/token.
// pulled from https://accounts.google.com/.well-known/openid-configuration
googleDefaultRedeemURL = &url.URL{
Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v3/token",
Host: "oauth2.googleapis.com",
Path: "/token",
}
// Default Validation URL for Google.
// Pre-parsed URL of https://www.googleapis.com/oauth2/v1/tokeninfo.
// https://developers.google.com/identity/sign-in/android/backend-auth#calling-the-tokeninfo-endpoint
googleDefaultValidateURL = &url.URL{
Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v1/tokeninfo",
Host: "oauth2.googleapis.com",
Path: "/tokeninfo",
}
// pulled from https://openidconnect.googleapis.com/v1/userinfo
googleDefaultProfileURL = &url.URL{
Scheme: "https",
Host: "openidconnect.googleapis.com",
Path: "/v1/userinfo",
}
)
@ -91,7 +98,7 @@ func NewGoogleProvider(p *ProviderData, opts options.GoogleOptions) (*GoogleProv
name: googleProviderName,
loginURL: googleDefaultLoginURL,
redeemURL: googleDefaultRedeemURL,
profileURL: nil,
profileURL: googleDefaultProfileURL,
validateURL: googleDefaultValidateURL,
scope: googleDefaultScope,
})

6
providers/google_test.go
View File

@ -51,9 +51,9 @@ func TestNewGoogleProvider(t *testing.T) {
g.Expect(providerData.ProviderName).To(Equal("Google"))
g.Expect(providerData.LoginURL.String()).To(Equal("https://accounts.google.com/o/oauth2/auth?access_type=offline"))
g.Expect(providerData.RedeemURL.String()).To(Equal("https://www.googleapis.com/oauth2/v3/token"))
g.Expect(providerData.ProfileURL.String()).To(Equal(""))
g.Expect(providerData.ValidateURL.String()).To(Equal("https://www.googleapis.com/oauth2/v1/tokeninfo"))
g.Expect(providerData.RedeemURL.String()).To(Equal("https://oauth2.googleapis.com/token"))
g.Expect(providerData.ProfileURL.String()).To(Equal("https://openidconnect.googleapis.com/v1/userinfo"))
g.Expect(providerData.ValidateURL.String()).To(Equal("https://oauth2.googleapis.com/tokeninfo"))
g.Expect(providerData.Scope).To(Equal("profile email"))
}