public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/docs/features/endpoints/index.html

17 lines
15 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html class="docs-version-7.4.x" lang="en" dir="ltr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="generator" content="Docusaurus v2.0.0-beta.15">
<title data-react-helmet="true">Endpoints | OAuth2 Proxy</title><meta data-react-helmet="true" name="twitter:card" content="summary_large_image"><meta data-react-helmet="true" property="og:url" content="https://oauth2-proxy.github.io/oauth2-proxy/docs/features/endpoints"><meta data-react-helmet="true" name="docusaurus_locale" content="en"><meta data-react-helmet="true" name="docusaurus_version" content="7.4.x"><meta data-react-helmet="true" name="docusaurus_tag" content="docs-default-7.4.x"><meta data-react-helmet="true" property="og:title" content="Endpoints | OAuth2 Proxy"><meta data-react-helmet="true" name="description" content="OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable."><meta data-react-helmet="true" property="og:description" content="OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable."><link data-react-helmet="true" rel="icon" href="/oauth2-proxy/img/logos/OAuth2_Proxy_icon.svg"><link data-react-helmet="true" rel="canonical" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/features/endpoints"><link data-react-helmet="true" rel="alternate" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/features/endpoints" hreflang="en"><link data-react-helmet="true" rel="alternate" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/features/endpoints" hreflang="x-default"><link rel="stylesheet" href="/oauth2-proxy/assets/css/styles.19258e03.css">
<link rel="preload" href="/oauth2-proxy/assets/js/runtime~main.47d18998.js" as="script">
<link rel="preload" href="/oauth2-proxy/assets/js/main.8e38fa6e.js" as="script">
</head>
<body>
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
<div role="region"><a href="#" class="skipToContent_ZgBM">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/oauth2-proxy/"><div class="navbar__logo"><img src="/oauth2-proxy/img/logos/OAuth2_Proxy_icon.svg" alt="OAuth2 Proxy" class="themedImage_W2Cr themedImage--light_TfLj"><img src="/oauth2-proxy/img/logos/OAuth2_Proxy_icon.svg" alt="OAuth2 Proxy" class="themedImage_W2Cr themedImage--dark_oUvU"></div><b class="navbar__title">OAuth2 Proxy</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/oauth2-proxy/docs/">Docs</a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a class="navbar__link" href="/oauth2-proxy/docs/">7.4.x</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/oauth2-proxy/docs/next/features/endpoints">Next</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/oauth2-proxy/docs/features/endpoints">7.4.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/7.3.x/features/endpoints">7.3.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/7.2.x/features/endpoints">7.2.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/7.1.x/features/endpoints">7.1.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/7.0.x/features/endpoints">7.0.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/6.1.x/features/endpoints">6.1.x</a></li></ul></div><a href="https://github.com/oauth2-proxy/oauth2-proxy" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link"><span>GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_I5OW"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a><div class="toggle_Pssr toggle_TdHA toggleDisabled_jDku"><div class="toggleTrack_SSoT" role="button" tabindex="-1"><div class="toggleTrackCheck_XobZ"><span class="toggleIcon_eZtF">🌜</span></div><div class="toggleTrackX_YkSC"><span class="toggleIcon_eZtF">🌞</span></div><div class="toggleTrackThumb_uRm4"></div></div><input type="checkbox" class="toggleScreenReader_JnkT" aria-label="Switch between dark and light mode"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper docs-wrapper docs-doc-page"><div class="docPage_P2Lg"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_RiI4" type="button"></button><aside class="theme-doc-sidebar-container docSidebarContainer_rKC_"><div class="sidebar_CW9Y"><nav class="menu thin-scrollbar menu_SkdO"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/">Installation</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/behaviour">Behaviour</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist hasHref_VCh3" href="/oauth2-proxy/docs/configuration/overview">Configuration</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/configuration/overview">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/configuration/oauth_provider">OAuth Provider Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/configuration/session_storage">Session Storage</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/configuration/tls">TLS Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/configuration/alpha-config">Alpha Configuration</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active hasHref_VCh3" aria-current="page" href="/oauth2-proxy/docs/features/endpoints">Features</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/oauth2-proxy/docs/features/endpoints">Endpoints</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist hasHref_VCh3" href="/oauth2-proxy/docs/community/security">Community</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/community/security">Security</a></li></ul></li></ul></nav></div></aside><main class="docMainContainer_TCnq"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_DM6M"><div class="docItemContainer_vinB"><article><span class="theme-doc-version-badge badge badge--secondary">Version: <!-- -->7.4.x</span><div class="tocCollapsible_jdIR theme-doc-toc-mobile tocMobile_TmEX"><button type="button" class="clean-btn tocCollapsibleButton_Fzxq">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Endpoints</h1></header><p>OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The <code>/oauth2</code> prefix can be changed with the <code>--proxy-prefix</code> config variable.</p><ul><li>/robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see <a href="http://www.robotstxt.org/" target="_blank" rel="noopener noreferrer">robotstxt.org</a> for more info</li><li>/ping - returns a 200 OK response, which is intended for use with health checks</li><li>/metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by <code>--metrics-address</code>, disabled by default</li><li>/oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)</li><li>/oauth2/sign_out - this URL is used to clear the session cookie</li><li>/oauth2/start - a URL that will redirect to start the OAuth cycle</li><li>/oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.</li><li>/oauth2/userinfo - the URL is used to return user&#x27;s email from the session in JSON format.</li><li>/oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the <a href="/oauth2-proxy/docs/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive">Nginx <code>auth_request</code> directive</a></li></ul><h3 class="anchor anchorWithStickyNavbar_mojV" id="sign-out">Sign out<a class="hash-link" href="#sign-out" title="Direct link to heading"></a></h3><p>To sign the user out, redirect them to <code>/oauth2/sign_out</code>. This endpoint only removes oauth2-proxy&#x27;s own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider&#x27;s sign out page afterwards using the <code>rd</code> query parameter, i.e. redirect the user to something like (notice the url-encoding!):</p><div class="codeBlockContainer_I0IT theme-code-block"><div class="codeBlockContent_wNvx"><pre tabindex="0" class="prism-code language-text codeBlock_jd64 thin-scrollbar" style="color:#bfc7d5;background-color:#292d3e"><code class="codeBlockLines_mRuA"><span class="token-line" style="color:#bfc7d5"><span class="token plain">/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_wuS7 clean-btn">Copy</button></div></div><p>Alternatively, include the redirect URL in the <code>X-Auth-Request-Redirect</code> header:</p><div class="codeBlockContainer_I0IT theme-code-block"><div class="codeBlockContent_wNvx"><pre tabindex="0" class="prism-code language-text codeBlock_jd64 thin-scrollbar" style="color:#bfc7d5;background-color:#292d3e"><code class="codeBlockLines_mRuA"><span class="token-line" style="color:#bfc7d5"><span class="token plain">GET /oauth2/sign_out HTTP/1.1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">...</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_wuS7 clean-btn">Copy</button></div></div><p>(The &quot;sign_out_page&quot; should be the <a href="https://openid.net/specs/openid-connect-session-1_0.html#rfc.section.2.1" target="_blank" rel="noopener noreferrer"><code>end_session_endpoint</code></a> from <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig" target="_blank" rel="noopener noreferrer">the metadata</a> if your OIDC provider supports Session Management and Discovery.)</p><p>BEWARE that the domain you want to redirect to (<code>my-oidc-provider.example.com</code> in the example) must be added to the <a href="/oauth2-proxy/docs/configuration/overview"><code>--whitelist-domain</code></a> configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g &quot;localhost:8081&quot; instead of &quot;http://localhost:8081&quot;).</p><h3 class="anchor anchorWithStickyNavbar_mojV" id="auth">Auth<a class="hash-link" href="#auth" title="Direct link to heading"></a></h3><p>This endpoint returns 202 Accepted response or a 401 Unauthorized response.</p><p>It can be configured using the following query parameters query parameters:</p><ul><li><code>allowed_groups</code>: comma separated list of allowed groups</li><li><code>allowed_email_domains</code>: comma separated list of allowed email domains</li><li><code>allowed_emails</code>: comma separated list of allowed emails</li></ul></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/oauth2-proxy/oauth2-proxy/edit/master/docs/versioned_docs/version-7.4.x/features/endpoints.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_dcUD" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_foO9"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><div class="pagination-nav__item"><a class="pagination-nav__link" href="/oauth2-proxy/docs/configuration/alpha-config"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Alpha Configuration</div></a></div><div class="pagination-nav__item pagination-nav__item--next"><a class="pagination-nav__link" href="/oauth2-proxy/docs/community/security"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Security</div></a></div></nav></div></div><div class="col col--3"><div class="tableOfContents_cNA8 thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#sign-out" class="table-of-contents__link toc-highlight">Sign out</a></li><li><a href="#auth" class="table-of-contents__link toc-highlight">Auth</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2023 OAuth2 Proxy.</div></div></div></footer></div>
<script src="/oauth2-proxy/assets/js/runtime~main.47d18998.js"></script>
<script src="/oauth2-proxy/assets/js/main.8e38fa6e.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink