public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,595 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
Nick Meves 11c2177f18 Use `nickname` claim as User for GitLab 
Previously this was only done in the `EnrichSession` stage
which would've missed Bearer usages & `RefreshSession`
would've overriden the User to the Subject.
 2021-09-25 16:49:25 -07:00
Nick Meves 0b4bc36554
Upgrade go-oidc to v3 (#1264) 2021-07-17 09:55:05 -07:00
Nick Meves 7eeaea0b3f
Support nonce checks in OIDC Provider (#967) 
* Set and verify a nonce with OIDC

* Create a CSRF object to manage nonces & cookies

* Add missing generic cookie unit tests

* Add config flag to control OIDC SkipNonce

* Send hashed nonces in authentication requests

* Encrypt the CSRF cookie

* Add clarity to naming & add more helper methods

* Make CSRF an interface and keep underlying nonces private

* Add ReverseProxy scope to cookie tests

* Align to new 1.16 SameSite cookie default

* Perform SecretBytes conversion on CSRF cookie crypto

* Make state encoding signatures consistent

* Mock time in CSRF struct via Clock

* Improve InsecureSkipNonce docstring
 2021-04-21 10:33:27 +01:00
Nick Meves d2ffef2c7e
Use global OIDC fields for Gitlab 2020-12-21 16:54:12 -08:00
Nick Meves 42f6cef7d6
Improve OIDC error handling 2020-12-21 16:53:05 -08:00
Nick Meves ea5b8cc21f
Support non-list and complex groups 2020-12-21 16:52:18 -08:00
Nick Meves eb56f24d6d
Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Nick Meves 74ac4274c6
Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
Nick Meves 22f60e9b63
Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves b92fd4b0bb
Streamline Google to use default Authorize 2020-11-12 11:18:58 -08:00
Nick Meves eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
Mitsuo Heijo 3fa42edb73
Fix import path for v7 (#800) 
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-09-29 17:44:42 +01:00
Phil Taprogge d69fd6af22
Allow Logging to stdout with separate Error Log Channel (#718) 
* Add dedicated error logging writer

* Document new errors to stdout flag

* Update changelog

* Thread-safe the log buffer

* Address feedback

* Remove duplication by adding log level

* Clean up error formatting

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-08-10 11:44:08 +01:00
Joel Speed d4dd34a65a
Move provider URLs to package level vars 2020-07-19 18:34:55 +01:00
Mitsuo Heijo dd05e7ff0b
Add new linters (#486) 
* add new linters and fix issues

* fix deprecated warnings

* simplify return

* update CHANGELOG

* fix staticcheck issues

* remove a deprecated linter, minor fixes of variable initialization
 2020-04-14 09:36:44 +01:00
Joel Speed 802754caad
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
Jakub Holy 3108f765a5
Fix #381, expose acr_values to all providers (#445) 2020-03-17 17:57:33 +00:00
Wolfgang Richter fad6fff16d
Cleaned up source to make golangci-lint pass (#418) 
* cleaned up source to make golangci-lint pass

* providers/azure_test.go: use build in POST constant

* options_test.go: do not export unnecessary variables

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-03-14 09:58:29 +00:00
Jakub Holy b1c81e2abe
Support prompt in addition to auth-prompt (#444) 
Fix #380
 2020-03-14 09:53:43 +00:00
Pavel Kirichenko f2661c47ba
Support for client secret file. (#355) 
* added ClientSecretFile in ProviderData

* add documentation notes on client secret file

* added Changelog entry for Client Secret File PR

* fixing configuration.md

* addressing PR issue of ClientSecret property naming

* Update providers/provider_data.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* corrected changelog entry

* fixed typo in GetClientSecret

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-02-15 13:44:39 +00:00
Joel Speed e200bd5c20
Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00
Eelco Cramer 10f47e325b Add Azure Provider 2016-01-20 03:57:17 -05:00
Brandon Philips 51a2e4e48c *: rename Url to URL everywhere 
Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
 2015-11-09 00:47:44 +01:00
Ed Bardsley 33045a792b Add a flag to set the value of "approval_prompt". 
By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
 2015-07-31 00:43:47 -07:00
Jehiah Czebotar 37b38dd2f4 Github provider 2015-05-21 02:21:19 -04:00
Mike Bland 72857018ee Introduce `validate-url` flag/config 2015-05-08 17:13:35 -04:00
Mike Bland 666e6ad436 Add ProviderName field; use in sign_in template 2015-03-31 12:59:07 -04:00
Mike Bland e2931da853 Create providers package with Google default 2015-03-31 09:34:50 -04:00