66c5eb3174
Small clarification around health checks ( #84 )
...
Type: docs
I simply added the word health check. I was searching all over the
package for a health check, to only realise that it had been called
ping. I think the small addition might help others avoid my troubles.
2019-03-05 14:09:30 +00:00
8816a2a972
Add -skip-oidc-discovery option ( #41 )
...
* added karrieretutor go-oidc fork for using an AAD B2C Policy
* added karrieretutor go-oidc fork for using an AAD B2C Policy
* added --skip-oidc-discovery option
* added --skip-oidc-discovery option
* add simple test for skip-oidc-discovery option
* revert Dockerfile to pusher upstream
* revert Dockerfile to pusher upstream
* remove karrieretutor b2c option leftover
* remove karrieretutor b2c option leftover
* Fix typo (missing letters)
Co-Authored-By: marratj <marrat@marrat.de>
* Fix typo (missing letters)
Co-Authored-By: marratj <marrat@marrat.de>
* replace fake http client with NewProvider() from go-oidc
* remove OIDC UserInfo URL option (not required)
* add info about -skip-oidc-discovery to README
* add note to changelog
* Update outdated comment
2019-03-04 13:54:22 +00:00
2280b42f59
Access token forwarding through nginx auth request ( #68 )
...
* Access token forwarding through nginx auth request
Related to #420 .
(cherry picked from commit b138872bea6fab314f72https://github.com/pusher/oauth2_proxy/pull/68
* Fix Changelog message location
2019-02-22 07:49:57 +00:00
8d73740425
Remove backslashes from azure configuration example
2019-02-19 14:59:13 +01:00
da7d340519
Reorder arg line
2019-02-13 16:36:45 +01:00
7404195c6e
Add oidc-issuer-url arg to README
2019-02-13 16:34:46 +01:00
09c6bd77ed
Add note on changed flush-interval behaviour
2019-02-08 14:16:41 +00:00
5b95ed3552
Update release notes for v3.1.0
2019-02-08 11:57:17 +00:00
2ca5de9d44
update Readme for Azure Active Directory
2019-02-06 23:07:53 +01:00
fb13ee87c8
Merge pull request #34 from marratj/cookie-separator
...
Change cookie index separator to underscore
2019-02-03 13:21:51 +00:00
72d4c49be0
remove duplicate lines
2019-02-02 15:00:10 +01:00
cd37a14fc0
Added more context as suggested by JoelSpeed.
...
Co-Authored-By: marratj <marrat@marrat.de>
2019-02-02 12:47:21 +01:00
c574346086
add nginx cookie part extraction to README
2019-02-01 18:10:44 +01:00
81f77a55de
Add note on subdomain behaviour
2019-01-30 17:30:48 +00:00
0925b88d17
Update documentation and changelog
2019-01-22 11:36:52 +00:00
d472cf1645
Release v3.0.0
2019-01-14 10:07:22 +00:00
f80ce246f3
Fix repo link
2019-01-07 16:43:27 +00:00
39d11b486f
Fix Quay link
2018-12-20 14:30:37 +00:00
52f27f76dd
Add docker image note to README
2018-12-20 14:28:13 +00:00
3253bef854
Add CONTRIBUTING guide
2018-12-20 14:14:04 +00:00
d41089d315
Update README to reflect new repo ownership
2018-11-27 12:08:21 +00:00
bfdccf681a
Add Fork notice
2018-11-27 11:23:37 +00:00
2db0443e04
typo(README): Terminiation » Termination
2018-03-01 12:10:02 -05:00
20e87edde8
README: fix nginx auth_request example for requests with body
...
Nginx never sends the body with the auth_request sub-request, but
keeps the original Content-Length header by default. Without some
config tweaks, this results in the request to /oauth2/auth hanging.
2017-12-18 20:55:37 -05:00
faff555c55
Merge pull request #423 from Jimdo/configure_accesslog_format
...
Make Request Logging Format Configurable
2017-12-04 12:56:54 -05:00
69550cbb23
Document request-logging-format option
2017-12-04 12:52:47 -05:00
dc65ff800f
distribution: create sha256sum.txt file when creating binaries to allow validation of checksums.
...
* update README.md to include instructions on how to verify prebuilt binaries for new releases.
2017-11-21 15:00:30 -05:00
f2a995b8d9
providers: update gitlab api endpoint to use latest version, v4
2017-11-06 12:05:58 -05:00
bfda078caa
Merge pull request #376 from reedloden/make-cookie-domain-optional
...
Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes
2017-10-23 14:14:45 -04:00
fd3925d204
Merge pull request #444 from Starefossen/patch-1
...
Clarify that GitHub team option in README
2017-10-23 11:52:21 -04:00
d118cb7bbb
Drop deprecated MyUSA provider.
...
[Resolves #390 ]
2017-10-08 01:01:15 -04:00
e87c3eee13
Merge pull request #389 from ericchiang/oidc-provider
...
*: add an OpenID Connect provider
2017-09-09 20:44:59 -04:00
cb48577ede
*: add an OpenID Connect provider
...
See the README for usage with Dex or any other OIDC provider.
To test run a backend:
python3 -m http.server
Run dex and modify the example config with the proxy callback:
go get github.com/coreos/dex/cmd/dex
cd $GOPATH/src/github.com/coreos/dex
sed -i.bak \
's|http://127.0.0.1:5555/callback |http://127.0.0.1:5555/oauth2/callback |g' \
examples/config-dev.yaml
make
./bin/dex serve examples/config-dev.yaml
Then run the oauth2_proxy
oauth2_proxy \
--oidc-issuer-url http://127.0.0.1:5556/dex \
--upstream http://localhost:8000 \
--client-id example-app \
--client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
--cookie-secret foo \
--email-domain '*' \
--http-address http://127.0.0.1:5555 \
--redirect-url http://127.0.0.1:5555/oauth2/callback \
--cookie-secure=false
Login with the username/password "admin@example.com:password"
2017-09-08 09:32:51 -07:00
94574df274
Clarify that GitHub team slug name should be used for the `-github-team` option
2017-09-05 22:58:53 +02:00
678290035c
Merge pull request #410 from sobolevn/patch-1
...
Updates README.md with svg badge
2017-08-28 20:50:07 -04:00
f4321c4b45
Update cookie generation to match base64 encoding
...
Current code is using URLEncoding but example was using the
standard RFC 4648 encoding. Switch to using the URL
encoding in the example as well.
2017-07-20 13:28:41 +02:00
e6e60c4b60
Updates README.md with svg badge
2017-06-29 09:36:31 +03:00
7fea71a4ce
Update Google Auth Provider instructions
2017-06-21 11:03:24 +01:00
c8c6b66465
Fix spelling mistake in docs
2017-06-09 12:17:24 -04:00
6d295f8446
README: nginx auth_request example refresh cookie handling
...
how to pass back the refreshed oauth2_proxy cookie from an nginx auth_request
2017-04-24 17:59:21 -04:00
7f5672b433
README: simplify nginx auth_request example
...
/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection
"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.
No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
2017-04-24 17:56:15 -04:00
b6bd878f27
Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes
...
The Cookie Prefixes spec disallows the use of the `domain` attribute in cookies
if the `__Host-` prefix is used
(https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2 ).
There's no need to set it to the host by default, so make it optional. If it is
set to a non-empty value, still output a warning if it is not a suffix of the
host, as that's likely not wanted.
Fixes #352 .
2017-04-24 13:03:40 -07:00
f457a9042a
Readme: update --help usage
2017-04-24 12:16:16 -04:00
3fa5635d6c
Release 2.2.0
2017-04-24 12:11:23 -04:00
1e7d2a08a3
#369 : Optionally allow skipping authentication for preflight requests
2017-04-07 15:01:47 +03:00
fe44b89f57
update documentation for Nginx auth_request mode
2017-03-29 21:28:55 +05:30
dcf62d06df
option for skipping OAuth provider SSL verification
2017-03-29 10:57:07 -04:00
24f91a0b60
Allow to pass user headers only (issue #205 )
...
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
to control whether X-Forwarded-User and X-Forwarded-Email
headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
X-Forwarded-User is needed but HTTP BASIC auth fails
(password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility
[1] http://docs.grafana.org/installation/configuration/#authproxy
2017-01-24 11:11:58 +01:00
4203c26d7c
Correct the spelling of GitHub in README
2016-11-18 09:31:22 -08:00
116b84906e
Adding skip-provider-button docs
2016-07-30 22:34:28 -04:00
17f412e407
docs: working nginx auth_request example ( #273 )
2016-07-05 09:38:34 -04:00
56bf3f8add
Fix documentation for auth_request directive
...
The correct endpoint is /oauth2/auth
2016-06-27 20:10:22 -05:00
671f00e60e
cookie secret: give helper command for generating a secret
2016-06-23 09:42:32 -04:00
3bba24ab31
Bump verison to 2.1
2016-06-23 09:35:33 -04:00
a0763477c5
Facebook Authentication Provider
...
* will not re-prompt if the email permission is denied, or if you previously authorized the same FB app without the email scope.
2016-06-23 08:43:21 -04:00
bcb8064831
github: fix github enterprise support
2016-06-20 08:15:07 -04:00
60a59ce7b1
Fix typo
2016-04-12 07:26:13 +02:00
87d80d6d22
OAUTH2_PROXY_SIGNATURE_KEY env var, README update
2016-02-24 08:23:31 -05:00
293d674e14
Merge pull request #214 from raphink/github_multiple_teams
...
github provider: allow multiple teams
2016-02-17 17:24:50 -05:00
338e99773a
github provider: allow multiple teams
2016-02-17 23:17:08 +01:00
bfb8dc13bf
Merge pull request #211 from pmosbach/gitlab-provider
...
Add GitLab provider
2016-02-17 09:04:07 -05:00
034612bf8b
Add GitLab provider
2016-02-17 06:19:52 -06:00
51dbc9fb9b
Fix small typo in README.md.
2016-02-16 17:07:26 -05:00
c0a18a5cb3
fixed formatting
2016-02-13 01:41:10 -06:00
36128e971f
Merge pull request #197 from ruta-goomba/enterprise-github
...
use Github provider with GitHub enterprise
2016-02-06 13:24:48 -06:00
79b548dae6
modifying README to add information about use with enterprise github
2016-01-21 21:54:29 +00:00
10f47e325b
Add Azure Provider
2016-01-20 03:57:17 -05:00
0fad1da1df
Google UI changes
...
Google changed to developer console UI, updated walkthrough to match new UI.
2015-12-16 19:10:38 -06:00
e4626c1360
Sign Upstream requests with HMAC. closes #147
2015-11-15 22:09:30 -05:00
d247274b06
Add nginx auth_request config to README
2015-11-09 11:00:18 -05:00
e61fc9e7a6
Add /auth endpoint to support Nginx's auth_request
...
Closes #152 .
2015-11-09 10:31:41 -05:00
ffeccfe552
Add support for serving static files from a directory
...
The path should be provided as a file:// url with the full operating system path.
An alias to where the directory is available as can be specified by appending
a fragment (ie. "#/static/") at the end of the URL.
2015-09-24 15:37:45 +02:00
3fd8f911c2
google: Support restricting access to a specific group(s)
2015-09-09 02:10:32 -07:00
d1c0208824
Merge pull request #131 from ebardsley/master
...
Allow passing the value of "approval_prompt" as a flag or option.
2015-08-27 07:33:07 -04:00
85fcd66be6
Google auth configuration screen flow has changed
2015-08-09 12:08:21 -07:00
33045a792b
Add a flag to set the value of "approval_prompt".
...
By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
2015-07-31 00:43:47 -07:00
f3353c0eea
Fix spelling
...
*snicker*
*titter*
*giggle*
2015-07-24 14:31:25 -07:00
7dd5d299e1
Add support for setting the basic auth password.
...
For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.
2015-07-24 09:17:43 +00:00
3a792555f1
tag v2.0.1
2015-07-02 23:29:25 -04:00
51852c045a
Doc updates clarifying external Load Balancer config
2015-07-02 23:21:59 -04:00
aa0a725a3a
Readme: doc updates
2015-06-23 14:01:05 -04:00
d78aa13464
v2.0 & cleanup changes
...
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
2015-06-12 13:07:26 -04:00
f5b2b20f67
support TLS directly
2015-06-07 23:14:48 -04:00
f5db2e1ff7
More complete HTTP error logging
2015-06-07 21:03:53 -04:00
56d19b1c84
disable email validation; rename email-domain argument
...
This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers
2015-06-06 14:37:54 -04:00
c5ccd43767
Enable specific oauth2proxy path; change cookie name to _oauth2proxy
2015-06-06 14:21:42 -04:00
a80aad04f7
Readme Updates
2015-05-21 09:54:21 -04:00
b96a078839
Project Rename -> oauth2_proxy
2015-05-21 02:55:04 -04:00
37b38dd2f4
Github provider
2015-05-21 02:21:19 -04:00
9047920e90
Merge pull request #88 from 18F/auto-refresh
...
Auto refresh auth token
2015-05-11 22:24:50 -04:00
2808ba7beb
Update cookie-refresh doc string
2015-05-11 09:55:07 -04:00
5b07d9fcef
Provide a robots.txt that denies all crawlers
2015-05-10 15:15:52 -04:00
082b7c0ec8
Set cookie-refresh flag = 0; update README, config
2015-05-09 17:36:17 -04:00
5bc77b0ee8
LinkedIn OAuth support.
2015-04-17 17:35:40 -07:00
ad3c9a886f
Pass the access token to the upstream client
...
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
2015-04-03 15:32:01 -04:00
291a0b76b9
Add alternate provider information to README
2015-03-31 15:31:22 -04:00
b9b5e817fc
improve request logging (closer to Apache Common Log)
2015-03-19 22:34:01 -04:00
de04e0c519
rename cookie secure flag
2015-03-19 14:08:17 -04:00
ebae065b11
make redirect_uri optional
2015-03-19 14:03:05 -04:00
2b2324e410
support (optional) custom templates
2015-03-17 18:11:58 -04:00
Ben
Marcel D. Juhnke
David Holsgrove
Martin Loetzsch
Zadkiel
Joel Speed
Jérôme Lecorvaisier
Pierce Lopez
Tanvir Alam
Paul Seiffert
Tanvir Alam
Jehiah Czebotar
Joshua Carp
Eric Chiang
Hans Kristian Flaatten
Christian Svensson
Nikita Sobolev
Bart Spaans
Shivansh Dhar
Reed Loden
idntfy
Ashish Kulkarni
Omar Elazhary
ReadmeCritic
Mark Herhold
Nick Semenkovich
Joakim Gustin
Mike Bland
Raphaël Pinson
pmosbach
Robert Hencke
Alex
Ruta Sakalauskaite
Eelco Cramer
Jeppe Toustrup
Justin Burnham
Srivatsa Ray
Ed Bardsley
Sharif Nassar
tonymeng
Mike Bland
Darren Lee