33 lines
1.8 KiB
Markdown
33 lines
1.8 KiB
Markdown
---
|
|
layout: default
|
|
title: Home
|
|
permalink: /
|
|
nav_order: 0
|
|
---
|
|
|
|
|
|
|
|
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)
|
|
to validate accounts by email, domain or group.
|
|
|
|
**Note:** This repository was forked from [bitly/OAuth2_Proxy](https://github.com/bitly/oauth2_proxy) on 27/11/2018.
|
|
Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork.
|
|
A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md).
|
|
|
|
[](http://travis-ci.org/oauth2-proxy/oauth2-proxy)
|
|
|
|
|
|
|
|
## Architecture
|
|
|
|
|
|
|
|
## Behavior
|
|
|
|
1. Any request passing through the proxy (and not matched by `--skip-auth-regex`) is checked for the proxy's session cookie (`--cookie-name`) (or, if allowed, a JWT token - see `--skip-jwt-bearer-tokens`).
|
|
2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with `Accept: application/json`, in which case 401 Unauthorized is returned)
|
|
3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
|
|
4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)
|
|
|
|
Notice that the proxy also provides a number of useful [endpoints](/oauth2-proxy/endpoints).
|