public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
742 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Ryan Luckie f537720b52 fix lint errors 2019-07-19 08:57:05 -05:00
Ryan Luckie 122ec45dd8 Requested changes 2019-07-19 08:55:14 -05:00
Ryan Luckie 0d94f5e515 fix lint error 2019-07-19 08:53:20 -05:00
Ryan Luckie 2eecf756e4 Add OIDC support for UserInfo Endpoint Email Verification 
* Current OIDC implementation asserts that user email check must come
from JWT token claims. OIDC specification also allows for source
of user email to be fetched from userinfo profile endpoint.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

* First, attempt to retrieve email from JWT token claims.  Then fall back to
requesting email from userinfo endpoint.

* Don't fallback to subject for email

https://github.com/bitly/oauth2_proxy/pull/481
 2019-07-19 08:53:20 -05:00
Daryl Finlay 018a25be04 Create option to skip verified email check in OIDC provider 2019-07-11 15:29:48 +01:00
Brian Van Klaveren b895f49c52 Use idToken expiry because that's the time checked for refresh 
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
 2019-06-17 12:51:35 -07:00
Joel Speed 34cbe0497c
Add CreatedAt to SessionState 2019-05-20 11:26:09 +02:00
Joel Speed 2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
Phil Taprogge 56da8387c0
Include JWT sub as User 2019-05-07 11:57:17 +01:00
Aigars Mahinovs 7acec6243b Fall back to using OIDC Subject instead of Email 
Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however.

Issue: #56
 2019-03-08 13:39:08 +01:00
Joel Speed cac2c9728d
Validate OIDC Session State 2019-01-22 11:34:57 +00:00
Joel Speed 1b638f32ac
Implement refreshing within OIDC provider 2019-01-22 11:34:56 +00:00
Joel Speed 68d4164897
Add Authorization header flags 2019-01-22 11:34:23 +00:00
Joel Speed e200bd5c20
Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00
Joshua Carp 34d96f8d84 Add OpenID Connect provider name. 2017-10-08 00:40:36 -04:00
Eric Chiang cb48577ede *: add an OpenID Connect provider 
See the README for usage with Dex or any other OIDC provider.

To test run a backend:

    python3 -m http.server

Run dex and modify the example config with the proxy callback:

    go get github.com/coreos/dex/cmd/dex
    cd $GOPATH/src/github.com/coreos/dex
    sed -i.bak \
      's|http://127.0.0.1:5555/callback|http://127.0.0.1:5555/oauth2/callback|g' \
       examples/config-dev.yaml
    make
    ./bin/dex serve examples/config-dev.yaml

Then run the oauth2_proxy

    oauth2_proxy \
      --oidc-issuer-url http://127.0.0.1:5556/dex \
      --upstream http://localhost:8000 \
      --client-id example-app \
      --client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
      --cookie-secret foo \
      --email-domain '*' \
      --http-address http://127.0.0.1:5555 \
      --redirect-url http://127.0.0.1:5555/oauth2/callback \
      --cookie-secure=false

Login with the username/password "admin@example.com:password"
 2017-09-08 09:32:51 -07:00