public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,628 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

1628 Commits

Author SHA1 Message Date
Magnus Lübeck dede6fd531
Fixing a typo, pointing to correct compose file (#1493) 
Fixing a typo for the docker-compose-alpha-config.yaml
 2021-12-29 19:50:36 +00:00
Ole-Martin Bratteng 0e10fb8967
Remove the information about `Microsoft Azure AD` in the provider documentation (#1477) 
* Remove the information about `Microsoft Azure AD`

* Put `proxy_buffer_size` in a code tag

* Update `CHANGELOG.md`

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-12-23 17:24:31 +00:00
Joel Speed 576184924d
Merge pull request #1481 from oauth2-proxy/release-v7.2.1 
Prepare changelog for release v7.2.1
 2021-12-22 17:09:59 +00:00
Joel Speed 5515918436
Prepare changelog for release v7.2.1 2021-12-18 12:59:55 +00:00
Joel Speed 95839a2896
Merge pull request #1479 from polarctos/feature/go-1.17 
Update go version to 1.17
 2021-12-18 12:34:40 +00:00
polarctos 7eaf98b5fe Update go version to 1.17 
This includes the change to the pruned module graph with the converted go.mod for Go 1.17
https://go.dev/doc/go1.17#go-command
 2021-12-17 16:51:13 +01:00
Joel Speed c278e0aa4e
Merge pull request #1471 from AlexanderBabel/feature/update-aline 
[Security] Update alpine to 3.15
 2021-12-14 19:19:09 +00:00
Alex Babel 8a951b2b4a
doc: update changelog 2021-12-14 02:21:28 +01:00
Alex Babel a654c9ec24
fix(Dockerfile): bump alpine to 3.15 2021-12-14 02:09:59 +01:00
Joel Speed 5933000b86
Merge pull request #1247 from oauth2-proxy/adfs-default-claims 
Use `upn` as EmailClaim throughout ADFSProvider
 2021-12-06 14:24:41 +00:00
Nick Meves 0fa8fca276 Update ADFS to new jwt lib 2021-12-01 19:16:42 -08:00
Nick Meves bdfca925a3 Handle UPN fallback when profileURL isn't set 2021-12-01 19:08:15 -08:00
Nick Meves 1621ea3bba ADFS supports IDToken nonce, use it 2021-12-01 19:08:15 -08:00
Nick Meves 4980f6af7d Use upn claim as a fallback in Enrich & Refresh 
Only when `email` claim is missing, fallback to `upn` claim which may have it.
 2021-12-01 19:08:10 -08:00
Nick Meves a53198725e Use `upn` as EmailClaim throughout ADFSProvider 
By only overriding in the EnrichSession, any Refresh calls
would've overriden it with the `email` claim.
 2021-12-01 19:06:02 -08:00
Joel Speed 1b335a056d
Merge pull request #1447 from oauth2-proxy/docker-fixes 
Fix docker build/push issues found during last release
 2021-11-24 17:31:20 +00:00
Joel Speed ceb015ee22
Update changelog for docker fixes 2021-11-24 17:20:25 +00:00
Joel Speed 8dea8134eb
Drop old makefiles in favour of buildx 2021-11-24 17:20:23 +00:00
Joel Speed 60b6dd850a
Fix docker build and push for all platforms 2021-11-24 17:20:22 +00:00
Jeeva Kandasamy 6e54ac2745
Update LinkedIn provider validate URL (#1444) 
* update LinkedIn validate URL

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update changelog

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update failed unit test

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>
 2021-11-19 21:36:33 +00:00
Jack Henschel 0693856bc3
Explicitly state precedence of config sources in docs (#1439) 
I was recently looking into the order in which oauth2-proxy evaluates it configuration options from the various sources.
I think this will also be helpful for other users.
Since oauth2-proxy is using viper, the order of configuration sources is as follows [1]:
> Viper uses the following precedence order. Each item takes precedence over the item below it:
>
>    explicit call to Set
>    flag
>    env
>    config
>    key/value store
>    default

[1] https://github.com/spf13/viper/blob/master/README.md#why-viper

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-11-15 09:24:04 +00:00
Jeeva Kandasamy 7ed4e3c830
Fix docker container multi arch build issue by passing GOARCH details to make build (#1445) 
* pass GOARCH details to make process

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update changelog

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>
 2021-11-12 21:42:46 +00:00
Stephan Aßmus 2c668a52d4
Let authentication fail when session validation fails (fixes #1396) (#1433) 
* Error page for session validation failure

* Fix existing tests

* Add test-case for session validation failure

* Simplify test

* Add changelog entry for PR

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-11-12 18:36:29 +00:00
Joel Speed 9caf8c7040
Merge pull request #1419 from jangaraj/patch-1 
Keycloak OIDC config improvement
 2021-11-12 18:25:04 +00:00
Jan Garaj 1e761bf8fd
Keycloak OIDC config improvement 2021-10-25 10:01:35 +01:00
Joel Speed 6c379f74db
Merge pull request #1412 from oauth2-proxy/release-7.2.0 
Release 7.2.0
 2021-10-22 18:19:35 +01:00
Joel Speed 4ee3f13c46
Create versioned docs for release v7.2.x 
Created with: yarn run docusaurus docs:version 7.2.x
 2021-10-22 18:11:28 +01:00
Joel Speed 976dc35805
Update CHANGELOG for v7.2.0 release 2021-10-22 18:11:26 +01:00
Joel Speed d82c268696
Merge pull request #1403 from openstandia/fix-redis-tls 
Improve TLS handling for Redis to support non-standalone mode with TLS
 2021-10-19 13:30:53 +01:00
Hiroyuki Wada 7eb3a4fbd5 Improve TLS handling for Redis to support non-standalone mode with TLS 2021-10-19 20:04:49 +09:00
Maciej Strzelecki b49e62f9b2
Initalize TLS.Config when connecting to Redis with TLS (#1296) 
* init TLS.Config when connecting to Redis with TLS

* don't overwrite TLS config if it exists

* add tests for Redis with TLS

* remove hardcoded certs

* add GenerateCert func

* use GenerateCert util func

* fix issue reported by go fmt

* limit return statements in GenerateCert
 2021-10-19 09:17:42 +01:00
Adam Stephens ea261ca014
fix arg typo in traefik example (#1410) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-10-18 19:01:40 +01:00
Joel Speed 543a71efad
Merge pull request #1411 from oauth2-proxy/fix-exclude-logging-doc 
Fix exclude-logging-path documentation
 2021-10-18 18:42:18 +01:00
Joel Speed bdab6feb0c
Fix exclude-logging-path documentation 2021-10-18 18:36:56 +01:00
Joel Speed 85c02821bf
Merge pull request #1391 from oauth2-proxy/docker-buildx-selection 
Improve build times by sharing cache and allowing platform selection
 2021-10-18 18:36:19 +01:00
Joel Speed 2ce93b6b31
Improve build times by sharing cache and allowing platform selection 2021-10-18 18:19:40 +01:00
Joel Speed 9d8093f470
Merge pull request #1404 from oauth2-proxy/improve-no-auth-error 
Improve error message when no cookie is found
 2021-10-18 18:16:40 +01:00
Joel Speed d8deaa124b
Improve error message when no cookie is found 2021-10-13 19:08:11 +01:00
Joel Speed 6cc7da8993
Merge pull request #1375 from bancek/feature-force-json-errors 
Add --force-json-errors flag
 2021-10-13 17:09:08 +01:00
Luka Zakrajšek d3e036d619 Add force-json-errors flag 2021-10-05 11:24:47 +02:00
David Emanuel Buchmann fd5e23e1c5
linkedidn: Update provider to v2 (#1315) 
* linkedin: Update provider to v2

* changelog: Add change
 2021-10-04 15:58:25 +01:00
Matt Lilley 3957183fd5
Use the httputil.NewSingleHostReverseProxy instead of yhat/wsutil for … (#1348) 
* Use the httputil.NewSingleHostReverseProxy instad of yhat/wsutil for websocket proxying. This correctly handles 404 responses with keep-alive by terminating the tunnel rather than keeping it alive

* Tidy up dependencies - yhat/wsutil is no longer required

* Update changelog to include reference to 1348

Co-authored-by: Matt Lilley <matt.lilley@securitease.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-10-03 15:38:40 +01:00
Joel Speed a87c27b6bf
Merge pull request #1379 from janrotter/fix-htpasswd-user-group 
Store groups from the htpasswd-user-group in the session during the manual sign in process
 2021-09-28 11:09:29 +01:00
Joel Speed b0ab60b0b8
Merge branch 'master' into fix-htpasswd-user-group 2021-09-28 10:18:09 +01:00
Joel Speed 044b022608
Merge pull request #1381 from matt-cote/keycloak-provider-documentation 
Fix formatting of Keycloak provider documentation
 2021-09-28 10:15:03 +01:00
Matt Cote 6ced2e5ad4
Fix formatting of Keycloak provider documentation 2021-09-27 14:37:19 -04:00
Jan Rotter 826ebc230a Add changelog entry 2021-09-26 23:47:28 +02:00
Jan Rotter 81cfd24962 Store the group membership in the session 
This change puts the groups from the htpasswd-user-group in the
session during the manual sign in process. This fixes the issue
with being unable to properly authenticate using the manual
sign in form when certain group membership is required (e.g. when
the --gitlab-group option is used).
 2021-09-26 23:07:10 +02:00
Jan Rotter e25158dda6 Add a test for htpasswd-user-groups in the session 
The groups configured in the `htpasswd-user-group` are not
stored in the session, resulting in unauthorized errors when
group membership is required. Please see:
https://gist.github.com/janrotter/b3d806a59292f07fe83bc52c061226e0
for instructions on reproducing the issue.
 2021-09-26 23:07:10 +02:00
Nick Meves f6b2848e9a
Merge pull request #1239 from oauth2-proxy/gitlab-oidc 
Make GitLab Provider based on OIDC Provider
 2021-09-25 17:11:43 -07:00