public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
322 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

322 Commits

Author SHA1 Message Date
Christian Svensson f4321c4b45 Update cookie generation to match base64 encoding 
Current code is using URLEncoding but example was using the
standard RFC 4648 encoding. Switch to using the URL
encoding in the example as well.
 2017-07-20 13:28:41 +02:00
Jehiah Czebotar 3c51c914ac Merge pull request #405 from bspaans/patch-1 
Update Google Auth Provider instructions
 2017-06-21 09:24:24 -04:00
Bart Spaans 7fea71a4ce Update Google Auth Provider instructions 2017-06-21 11:03:24 +01:00
Jehiah Czebotar cddd2fcd7c Merge pull request #402 from shividhar/master 
Fix spelling mistake in docs
 2017-06-09 12:23:50 -04:00
Shivansh Dhar c8c6b66465 Fix spelling mistake in docs 2017-06-09 12:17:24 -04:00
Jehiah Czebotar 6d6cb7e1f8 Merge pull request #392 from arnottcr/master 
[github provider] use Authorization header, not access_token query parameter
 2017-05-26 08:42:07 -04:00
Colin Arnott 17b1fa31dd
use Authorization header, not access_token query parameter 2017-05-18 03:45:34 +00:00
Jehiah Czebotar f4c356637f Merge pull request #382 from ploxiln/auth_request_readme 
README: nginx auth_request example updates
 2017-05-15 20:50:28 -04:00
Pierce Lopez 6d295f8446 README: nginx auth_request example refresh cookie handling 
how to pass back the refreshed oauth2_proxy cookie from an nginx auth_request
 2017-04-24 17:59:21 -04:00
Pierce Lopez 7f5672b433 README: simplify nginx auth_request example 
/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection

"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.

No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
 2017-04-24 17:56:15 -04:00
Jehiah Czebotar ea2540bc89 Merge pull request #381 from ploxiln/dist_strip 
dist.sh: use go build option to strip binaries
 2017-04-24 16:34:22 -04:00
Pierce Lopez 68e3178812 dist.sh: use go build option to strip binaries 
30% release binary size reduction
 2017-04-24 16:04:36 -04:00
Pierce Lopez d7e327d712 bump to version 2.2.1-alpha for development 2017-04-24 16:04:06 -04:00
Jehiah Czebotar b90a23473f Merge pull request #380 from jehiah/release_380 
Release v2.2
 2017-04-24 12:22:11 -04:00
Jehiah Czebotar f457a9042a Readme: update --help usage 2017-04-24 12:16:16 -04:00
Jehiah Czebotar 3fa5635d6c
Release 2.2.0 2017-04-24 12:11:23 -04:00
Jehiah Czebotar f511cac6a6 Merge pull request #365 from travisofthenorth/fix/default-http-address 
Fix url parse error
 2017-04-20 14:57:39 -04:00
Jehiah Czebotar 120a47a526 Merge pull request #370 from idntfy/master 
#369: Optionally allow skipping authentication for preflight requests
 2017-04-07 09:20:33 -04:00
idntfy 1e7d2a08a3 #369: Optionally allow skipping authentication for preflight requests 2017-04-07 15:01:47 +03:00
Travis Hunter f983933d88
Parse http address without url 2017-04-02 16:23:27 -04:00
Jehiah Czebotar af7be2d622 Merge pull request #319 from advarisk/auth-request 
various fixes for getting Nginx auth_request mode working
 2017-03-29 12:14:24 -04:00
Ashish Kulkarni fe44b89f57 update documentation for Nginx auth_request mode 2017-03-29 21:28:55 +05:30
Sjoerd Mulder 90a22b2f39 Use X-Auth-Request-Redirect request header in sign-in page 
This is useful in Nginx auth_request mode, if a 401 handler is
configured to redirect to the sign-in page. As the request URL
does not reflect the actual URL, the value is taken from the
header "X-Auth-Request-Redirect" instead. Based on #247
 2017-03-29 21:28:55 +05:30
Lukasz Siudut 829b442302 add --set-xauthrequest flag for use in Nginx auth_request mode 
This is enhancement of #173 to use "Auth Request" consistently in
the command-line option, configuration file and response headers.
It always sets the X-Auth-Request-User response header and if the
email is available, sets X-Auth-Request-Email as well.
 2017-03-29 21:28:55 +05:30
Jehiah Czebotar 93852a24cb Merge pull request #362 from jehiah/ssl_insecure_skip_verify_362 
Option to skip SSL verification
 2017-03-29 11:02:26 -04:00
Jehiah Czebotar dcf62d06df option for skipping OAuth provider SSL verification 2017-03-29 10:57:07 -04:00
Jehiah Czebotar bb9b607440 Merge pull request #361 from jehiah/gofmt_361 
travis: run gofmt and go vet
 2017-03-29 09:53:19 -04:00
Jehiah Czebotar c5fc7baa86 gofmt 2017-03-29 09:36:38 -04:00
Jehiah Czebotar c1116ea506 travis: run gofmt and go vet 2017-03-29 09:36:23 -04:00
Jehiah Czebotar 4464655276 Merge pull request #360 from jehiah/csrf_validation_360 
CSRF protection for OAuth flow.
 2017-03-29 09:36:04 -04:00
Colin Arnott 55085d9697 csrf protection; always set state 2017-03-29 09:31:10 -04:00
Jehiah Czebotar 6c690b699b Merge pull request #339 from omazhary/issue-205 
Allow to pass user headers only
 2017-03-28 21:42:29 -04:00
Jehiah Czebotar 107b4811b4 Merge pull request #346 from bdwyertech/patch-1 
Oversize Cookie Alert
 2017-03-28 21:40:11 -04:00
Jehiah Czebotar cd0d13e3fb Merge pull request #357 from wrapp/skip-group-lookup-404 
Skip 404 errors when looking up Google groups
 2017-03-28 21:38:55 -04:00
Jehiah Czebotar 86d083266b Merge pull request #359 from jehiah/redirect_check_359 
Improve redirect checks
 2017-03-28 21:34:23 -04:00
Colin Arnott 289a6ccf46 add check for //.* to prevent open redirect during oauth 2017-03-28 21:12:33 -04:00
Eskil Andreen 652f43ed38 Skip 404 errors when looking up Google groups 
When checking user membership against Google groups the groups are checked one
at a time and in the order that they were supplied. If one of the groups does
not exist then the checking is halted with the following error.

google.go:201: googleapi: Error 404: Resource Not Found: groupKey, notFound

None of the groups following the missing group are checked either. This means
that something as trivial as a typo in the first group will make it impossible
for anybody to login.

This change catches the 404, logs a message, and then carries on as usual. In
this way a typo will cause a particular group to stop working but will not
affect any other groups.
 2017-03-28 16:06:15 +02:00
Jehiah Czebotar 712739f777 Merge pull request #356 from jehiah/bump_dependencies_356 
Update vendored dependencies.
 2017-03-27 21:07:08 -04:00
Jehiah Czebotar 2ebab604eb bump golang.org/x/... and google.golang.org dependencies 2017-03-27 20:56:15 -04:00
Jehiah Czebotar b884b36f26 bump easy pkg upgrades; drop Go 1.6 (no httptest.NewRequest) 
This fixes a test w request signing due to a content-length:0 header from Go 1.8
 2017-03-27 20:36:35 -04:00
Jehiah Czebotar 951b5f325b Merge pull request #355 from ploxiln/dist_updates 
dist.sh and Godeps updates
 2017-03-27 20:16:44 -04:00
Pierce Lopez 9167c8ace8 travis: update go versions, gpm version 2017-03-27 19:40:12 -04:00
Pierce Lopez a2eeec2b7a Godeps: remove redundant dep, add missing 
golang.org/x/oauth2/google is same repo as golang.org/x/oauth2
  - this sometimes confused gpm/git

cloud.google.com/go/compute/metadata is a missing dependency
of golang.org/x/oauth2
 2017-03-27 19:17:42 -04:00
Pierce Lopez 2024dc34ac dist.sh: run gpm with GOPATH=$DIR/.godeps 
so gpm is not affected if module exists in user's GOPATH already
 2017-03-27 19:13:05 -04:00
Pierce Lopez 86c9638572 dist.sh: already uses set "-e", remove "|| exit 1" 2017-03-27 18:16:39 -04:00
Jehiah Czebotar 7d920c98a6 Merge pull request #354 from ploxiln/dist_win_exe 
dist.sh: add .exe for windows build
 2017-03-27 14:49:40 -04:00
Pierce Lopez bc3fe00be4 dist.sh: add .exe for windows build 2017-03-27 14:35:28 -04:00
Jehiah Czebotar 87847316d4 Merge pull request #349 from braincube-io/signout 
[signout] Implement logout endpoint
 2017-03-22 23:08:47 -04:00
Guillaume Bienkowski 562cc2e466 [signout] Implement logout endpoint 2017-03-21 17:40:47 +01:00
Brian Dwyer 3379e05fec Oversize Cookie Alert 
Cookies cannot be larger than 4kb
 2017-02-23 18:48:34 -05:00