public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,203 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

2203 Commits

Author SHA1 Message Date
Jan Larwig a29eda3a6d
Merge branch 'master' into fix/missing-version-during-docker-built 2025-01-15 09:08:42 +01:00
stomekpe f31e02cebd
fix: jwt regex validation error during skip-jwt-bearer-tokens flow (#2888) 
---------

Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-01-15 09:06:21 +01:00
Jan Larwig f1a5011108
fix: setting missing version during docker built 2025-01-14 16:29:26 +01:00
Joel Speed fafb47e45a
Merge pull request #2914 from oauth2-proxy/release/v7.8.0 
release v7.8.0
 2025-01-14 11:38:46 +00:00
tuunit 8dd2cbec4d
fix: systemd socket support build handling for windows 2025-01-13 16:41:33 +01:00
tuunit ae5b5dc45f
doc: update release v7.8.0 changelog 2025-01-13 16:41:33 +01:00
github-actions[bot] f2ce83b154
doc: add new docs version 7.8.x 2025-01-13 16:41:19 +01:00
renovate[bot] f400e6f340 chore(deps): update gitea/gitea docker tag to v1.23.1 2025-01-12 20:33:51 +01:00
renovate[bot] c90487926c chore(deps): update alpine docker tag to v3.21.2 2025-01-12 18:46:57 +01:00
renovate[bot] f5631a657c
chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.47.0 (#2911) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-12 18:42:40 +01:00
Joel Speed 01b01d82a1
Merge pull request #2376 from tuunit/feature/static-public-keys-support 
feature: static public keys file support for oidc provider
 2025-01-11 17:58:26 +00:00
axel7083 e28603f7af
feature: static public keys file support for oidc provider 
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: JJ Łakis <jacek.lakis@checkatrade.com>
 2025-01-11 12:09:23 +00:00
JJ Łakis ae8fb08a89
feat(entra): add Workload Identity support for Entra ID (#2902) 2025-01-11 11:12:41 +00:00
Jon Newton 60570cc60e
doc: fix formatting issue in Google provider doc (#2907) 
A missing line break caused subsequent list items to be squished into a single paragraph.
 2025-01-09 01:51:20 +01:00
renovate[bot] 5df6053280 chore(deps): update helmv3 2025-01-08 21:42:59 +01:00
renovate[bot] 75a1099a8f chore(deps): update docker-compose 2025-01-08 21:32:34 +01:00
renovate[bot] 1c3bc31665 chore(deps): update dependency golangci/golangci-lint to v1.63.4 2025-01-08 20:57:15 +01:00
Vinay Chandrasekharan 5260633103
doc: fix dex helm chart values for k8s example (#2880) 
---------

Co-authored-by: vinay chandrasekharan <vinay.cn@gmail.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-01-04 19:09:36 +01:00
renovate[bot] 507d63e05b chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.46.0 2025-01-04 19:02:37 +01:00
renovate[bot] 140674e492
chore(deps): update alpine docker tag to v3.21.0 (#2877) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-04 18:57:30 +01:00
Joel Speed cdcc62014d
Merge pull request #2894 from oauth2-proxy/fix-lint 
Fix linting after updating golangci-lint to 1.62.2
 2024-12-31 19:19:57 +07:00
Joel Speed f41a686b43
Fix linting after updating golangci-lint to 1.62.2 2024-12-31 13:14:39 +01:00
Joel Speed c1a21aa877
Merge pull request #2872 from oauth2-proxy/renovate/golangci-golangci-lint-1.x 
chore(deps): update dependency golangci/golangci-lint to v1.62.2
 2024-12-31 19:00:30 +07:00
renovate[bot] 1346ae6079
chore(deps): update dependency golangci/golangci-lint to v1.62.2 2024-12-31 11:53:30 +00:00
Joel Speed fe6f8ddb65
Merge pull request #2878 from oauth2-proxy/renovate/golang-1.x 
chore(deps): update dependency golang to v1.23.4
 2024-12-31 18:52:56 +07:00
renovate[bot] 5edff8fe1a
chore(deps): update dependency golang to v1.23.4 2024-12-31 11:46:50 +00:00
JJ Łakis 5f188e5b6b
Microsoft Entra ID provider (#2390) 
* Microsoft Entra ID Provider

* fix typo in function name

* documentation tweaks

* documentation and comment tweak

* docs tweaks

* final tweaks

* refactor: drop flag for skipping graph groups

* update legacy / deprecated provider page and sort provider overview

* reformat

* move entra-id provider into switch (treat like every other provider

* fix test case and reformat

* fix sidebar configuration

* apply review suggestions

* add pagination for graph api

* fix: do not error when groups unable to retrieve

* doc: number of groups fix

* restore master packages

* docs: tiny docs tweak

* address review comments

* fix codegen

---------

Co-authored-by: tuunit <jan@larwig.com>
 2024-12-31 11:46:13 +00:00
Joel Speed c64ec1251b
Merge pull request #2886 from oauth2-proxy/renovate/go-golang.org-x-net-vulnerability 
chore(deps): update module golang.org/x/net to v0.33.0 [security]
 2024-12-23 17:38:28 +07:00
renovate[bot] 47638db231
chore(deps): update module golang.org/x/net to v0.33.0 [security] 2024-12-19 02:01:45 +00:00
Joel Speed bcf20346cf
Merge pull request #2884 from oauth2-proxy/renovate/go-golang.org-x-crypto-vulnerability 
chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
 2024-12-17 15:02:49 +07:00
renovate[bot] 0dca9af6d7
chore(deps): update module golang.org/x/crypto to v0.31.0 [security] 2024-12-12 00:59:31 +00:00
ciffelia ef8ba75987
docs: fix insecure Caddy configuration example (#2827) 
The original example only protected the root (`/`) path, leaving other routes unsecured.
* docs: add syntax highlighting for nginx config
* docs: fix headings in `configuration/integration` page
* docs: fix redirect in caddy configuraion example
 2024-11-11 10:04:04 +01:00
renovate[bot] 5042203625 chore(deps): update docker-compose 2024-11-11 09:44:08 +01:00
renovate[bot] bc1224291c chore(deps): update gomod 2024-11-10 22:43:42 +01:00
Jacek J. Łakis 05b91f310a chore: extend test cases for oidc provider and documentation regarding implicit setting of the groups scope when no scope was specified in the config 
Co-authored-by: Jan Larwig <jan@larwig.com>
 2024-11-09 15:48:29 +01:00
renovate[bot] 2fd2f8c63d chore(deps): update gomod 2024-11-06 16:56:57 +01:00
Vish (Ishaya) Abrams 4e2013e6ba
fix: update code_verifier to use recommended method (#2620) 
The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
says that a code verifier just uses unreserved characters, but the
recommended method is that it is a base64-urlencoded 32-octet url. Some
implementations of PKCE (most notably the one used by salesforce)
require that this is a valid base64 encoded string[1], so this patch
switches to using the recommended approach to make it more compatible.

[1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
 2024-11-06 15:16:39 +01:00
Ondrej Sika 3ceef0cff4
feat: add CF-Connecting-IP as supported real ip header (#2821) 2024-11-04 23:28:08 +01:00
Reto Kupferschmid 64e736f668
fix: websocket path rewrite (#2300) 2024-11-04 23:12:35 +01:00
renovate[bot] 96f0288a36
chore(deps): update alpine docker tag to v3.20.3 (#2682) 2024-11-04 22:30:56 +01:00
renovate[bot] 0bc8dd98e2
chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] (#2831) 2024-11-04 22:22:03 +01:00
renovate[bot] 50ec7fa902
chore(deps): update dependency node to v22 (#2836) 2024-11-04 22:16:30 +01:00
Benjamin Cremer b4f7e0603e
doc: fix relative URLs to configuration page (#2818) 2024-10-29 16:21:43 +01:00
Joel Speed 4d2b5c30a1
Merge pull request #1985 from isodude/systemd-socket 
Add support for systemd socket
 2024-10-28 03:56:05 +07:00
renovate[bot] 5ec03ab0e9
chore(deps): update module github.com/go-jose/go-jose/v3 to v4 (#2598) 2024-10-27 17:25:27 +01:00
Jan Larwig 9945b68a06
doc: readme overhaul and azure sponsorship (#2826) 
* new readme structure

* add adopters file

* add microsoft sponsorship

* add reference to adopter file

* add gopher slack invite link

* slightly rephrase nightly image section

* add sponsor request for action

* better formatting for contributor wall

* add longer wait time for stale PRs and issues and allow for exemption through bug and high-priority labels

* apply review suggestion

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2024-10-27 12:12:46 +00:00
Josef Johansson 6743a9cc89 Add support for systemd.socket 
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.

This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.

Does not support TLS yet.

nginx
```
server {
    location /oauth2/ {
      proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```

oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```

Start oauth2-proxy with the parameter `--http-address=fd:3`.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 09:35:47 +02:00
Josef Johansson bc8e7162db Allow parsing remote address headers over unix sockets 
When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 07:48:54 +02:00
Konstantin Shalygin e00c7a7edd
fix(contrib): revamped systemd service example (#2655) 2024-10-13 20:00:54 +02:00
bjencks 66f1063722
feat: add X-Envoy-External-Address as supported header (#2755) 2024-10-13 19:55:47 +02:00