1.5 KiB
| id | title |
|---|---|
| index | OAuth Provider Configuration |
You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it
with Redirect URI(s) for the domain you intend to run oauth2-proxy on.
Valid providers are :
- Google default
- Azure
- ADFS
- GitHub
- Gitea
- Keycloak/Keycloak OIDC
- GitLab
- Microsoft Azure AD
- OpenID Connect
- login.gov
- Nextcloud
- DigitalOcean
- Bitbucket
The provider can be selected using the provider configuration value.
Please note that not all providers support all claims. The preferred_username claim is currently only supported by the
OpenID Connect provider.
Email Authentication
To authorize a specific email-domain use --email-domain=yourcompany.com. To authorize individual email addresses use
--authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.
Adding a new Provider
Follow the examples in the providers package to define a new
Provider instance. Add a new case to
providers.New() to allow oauth2-proxy to use the
new Provider.