public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
1,151 Commits 29 Branches 41 Tags 50 MiB
Go 98.1%
Makefile 0.9%
HTML 0.5%
Shell 0.3%
Dockerfile 0.2%
Go to file
Isabelle COWAN-BERGMAN 64ae31b5a0
Implements --trusted-ip option (#552) 
* Implements --ip-whitelist option

* Included IPWhitelist option to allow one-or-more selected CIDR ranges
  to bypass OAuth2 authentication.
* Adds IPWhitelist, a fast lookup table for multiple CIDR ranges.

* Renamed IPWhitelist ipCIDRSet

* Fixed unessesary pointer usage in ipCIDRSet

* Update CHANGELOG.md

* Update CHANGELOG.md

* Updated to not use err.Error() in printf statements

* Imrpoved language for --ip-whitelist descriptions.

* Improve IP whitelist options error messages

* Clarify options single-host normalization

* Wrote a book about ipCIDRSet

* Added comment to IsWhitelistedIP in oauthproxy.go

* Rewrite oauthproxy test case as table driven

* oops

* Support whitelisting by low-level remote address

* Added more test-cases, improved descriptions

* Move ip_cidr_set.go to pkg/ip/net_set.go

* Add more whitelist test use cases.

* Oops

* Use subtests for TestIPWhitelist

* Add minimal tests for ip.NetSet

* Use switch statment

* Renamed ip-whitelist to whitelist-ip

* Update documentation with a warning.

* Update pkg/apis/options/options.go

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/ip/net_set_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/ip/net_set_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/ip/net_set_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* fix fmt

* Move ParseIPNet into abstraction

* Add warning in case of --reverse-proxy

* Update pkg/validation/options_test.go

* Rename --whitelist-ip to --trusted-ip

* Update oauthproxy.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* fix

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 		2020-07-11 11:10:58 +01:00
.github Update CODEOWNERS to request review from reviewers team (#613) 2020-07-02 21:09:55 +01:00
contrib Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
docs Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
pkg Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
providers Migrate all requests to result pattern 2020-07-06 20:38:00 +01:00
test Merge pull request from GHSA-5m6c-jp6f-2vcv 2020-06-27 12:07:24 +01:00
.dockerignore Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
.gitignore Set up code coverage within Travis for Code Climate (#533) 2020-05-10 07:29:37 +01:00
.golangci.yml Move SessionStore tests to independent package 2020-07-01 06:41:35 +01:00
.travis.yml Set up code coverage within Travis for Code Climate (#533) 2020-05-10 07:29:37 +01:00
CHANGELOG.md Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
CONTRIBUTING.md Drop configure script in favour of native Makefile env and checks (#515) 2020-05-09 16:07:46 +01:00
Dockerfile Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
Dockerfile.arm64 Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
Dockerfile.armv6 Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
LICENSE add MIT license for google_auth_proxy 2014-06-09 16:25:26 -04:00
MAINTAINERS Remove Syscll as a maintainer (#540) 2020-05-10 11:51:15 +01:00
Makefile Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
README.md Update changelog ready for release v6.0.0 2020-06-27 12:10:27 +01:00
RELEASE.md Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
dist.sh Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
go.mod Move SessionStore tests to independent package 2020-07-01 06:41:35 +01:00
go.sum Move SessionStore tests to independent package 2020-07-01 06:41:35 +01:00
htpasswd.go Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
htpasswd_test.go Lint for non-comment linter errors 2018-11-29 14:26:41 +00:00
http.go Move RedirectToHTTPS to middleware package 2020-07-03 17:19:09 +01:00
http_test.go Move RedirectToHTTPS to middleware package 2020-07-03 17:19:09 +01:00
logging_handler.go Integrate HealthCheck middleware 2020-06-14 21:05:17 +01:00
logging_handler_test.go Integrate HealthCheck middleware 2020-06-14 21:05:17 +01:00
main.go Move RedirectToHTTPS to middleware package 2020-07-03 17:19:09 +01:00
nsswitch.conf Add nsswitch.conf to Docker image (#400) 2020-02-23 18:16:18 +00:00
oauthproxy.go Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
oauthproxy_test.go Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
templates.go Add basic string functions to templates (#514) 2020-05-09 21:05:51 +01:00
templates_test.go Add basic string functions to templates (#514) 2020-05-09 21:05:51 +01:00
validator.go Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
validator_test.go remove unnecessary validator tests (#288) 2019-10-18 08:49:33 -07:00
version.go Introduce Makefile 2019-01-04 10:58:30 +00:00
watcher.go Add new linters (#486) 2020-04-14 09:36:44 +01:00
watcher_unsupported.go Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00

README.md

OAuth2 Proxy

Build Status Go Report Card GoDoc MIT licensed Maintainability Test Coverage

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries wiil been named oauth2-proxy.

Sign In Page

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v6.0.0)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy which will put the binary in $GOROOT/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnverability for details.

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2_proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.