go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-19 17:52:23 +02:00
Code Issues Releases Activity
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
2,072 Commits 27 Branches 34 Tags 79 MiB
Go 98.2%
Makefile 0.7%
HTML 0.5%
Shell 0.3%
Dockerfile 0.3%
master
Go to file
ciffelia ef8ba75987
docs: fix insecure Caddy configuration example (#2827) 
The original example only protected the root (`/`) path, leaving other routes unsecured.
* docs: add syntax highlighting for nginx config
* docs: fix headings in `configuration/integration` page
* docs: fix redirect in caddy configuraion example
2024-11-11 10:04:04 +01:00
.devcontainer fix go version in DevContainer and contibution guide (#2768) 2024-09-23 16:23:27 +02:00
.github chore(deps): update dependency node to v22 (#2836) 2024-11-04 22:16:30 +01:00
.vscode Improved dev environment (#2211) 2024-01-20 20:10:37 +00:00
contrib chore(deps): update docker-compose 2024-11-11 09:44:08 +01:00
docs docs: fix insecure Caddy configuration example (#2827) 2024-11-11 10:04:04 +01:00
pkg fix: update code_verifier to use recommended method (#2620) 2024-11-06 15:16:39 +01:00
providers chore: extend test cases for oidc provider and documentation regarding implicit setting of the groups scope when no scope was specified in the config 2024-11-09 15:48:29 +01:00
static Embed static stylesheets and dependencies 2023-08-24 20:50:17 -04:00
testdata Rename test directory to testdata 2020-10-06 21:37:25 +09:00
tools Generate reference page in configuration 2021-01-18 09:57:44 +00:00
.dockerignore Parameterise runtime image (#1478) 2022-04-14 14:10:59 +01:00
.gitignore Improved dev environment (#2211) 2024-01-20 20:10:37 +00:00
.golangci.yml add new loop var linter for go1.22 and remove unnecessary exportloopref linter 2024-10-01 11:15:48 +02:00
.pre-commit-config.yaml Improved dev environment (#2211) 2024-01-20 20:10:37 +00:00
ADOPTERS.md doc: readme overhaul and azure sponsorship (#2826) 2024-10-27 12:12:46 +00:00
CHANGELOG.md chore: extend test cases for oidc provider and documentation regarding implicit setting of the groups scope when no scope was specified in the config 2024-11-09 15:48:29 +01:00
CODE_OF_CONDUCT.md add code of conduct (#2387) 2024-01-23 11:39:10 +00:00
CONTRIBUTING.md Drop configure script in favour of native Makefile env and checks (#515) 2020-05-09 16:07:46 +01:00
dist.sh feature/s390x architecture support (#2734) 2024-08-23 09:02:02 +02:00
Dockerfile doc: add standard opencontainer docker labels (#2800) 2024-10-09 15:01:36 +02:00
go.mod chore(deps): update gomod 2024-11-10 22:43:42 +01:00
go.sum chore(deps): update gomod 2024-11-10 22:43:42 +01:00
LICENSE add MIT license for google_auth_proxy 2014-06-09 16:25:26 -04:00
main_suite_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
main_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
main.go feat: Replace default Go user-agent with oauth2-proxy and version (#2570) 2024-07-14 21:09:17 +01:00
MAINTAINERS doc: update maintainer emails (#2748) 2024-08-20 18:56:11 +02:00
Makefile chore(deps): update alpine docker tag to v3.20.3 (#2682) 2024-11-04 22:30:56 +01:00
oauthproxy_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
oauthproxy.go fix: update code_verifier to use recommended method (#2620) 2024-11-06 15:16:39 +01:00
README.md doc: readme overhaul and azure sponsorship (#2826) 2024-10-27 12:12:46 +00:00
RELEASE.md feature: add release automation workflows (#2224) 2024-01-20 20:14:09 +00:00
SECURITY.md Update SECURITY.md 2024-07-07 18:29:14 -03:00
validator_test.go Fix Linting Errors (#1835) 2022-10-21 11:57:51 +01:00
validator.go Watch the htpasswd file for changes and update the htpasswdMap (#1701) 2022-09-01 19:46:00 +01:00

README.md

Continuous Integration Go Report Card GoDoc MIT licensed Maintainability Test Coverage

OAuth2 Proxy

OAuth2-Proxy is a flexible, open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. It provides a simple and secure way to protect your web applications with OAuth2 / OIDC authentication. As a reverse proxy, it intercepts requests to your application and redirects users to an OAuth2 provider for authentication. As a middleware, it can be seamlessly integrated into your existing infrastructure to handle authentication for multiple applications.

OAuth2-Proxy supports a lot of OAuth2 as well as OIDC providers. Either through a generic OIDC client or a specific implementation for Google, Microsoft Entra ID, GitHub, login.gov and others. Through specialised provider implementations oauth2-proxy can extract more details about the user like preferred usernames and groups. Those details can then be forwarded as HTTP headers to your upstream applications.

Simplified Architecture

Get Started

OAuth2-Proxy's Installation Docs cover how to install and configure your setup. Additionally you can take a further look at the example setup files.

Releases

Binaries

We publish oauth2-proxy as compiled binaries on GitHub for all major architectures as well as more exotic ones like ppc64le as well as s390x.

Check out the latest release.

Images

From v7.6.0 and up the base image has been changed from Alpine to GoogleContainerTools/distroless. This image comes with even fewer installed dependencies and thus should improve security. The image therefore is also slightly smaller than Alpine. For debugging purposes (and those who really need it. e.g. armv6) we still provide images based on Alpine. The tags of these images are suffixed with -alpine.

Since 2023-11-18 we build nightly images directly from the master branch and provide them at quay.io/oauth2-proxy/oauth2-proxy-nightly. These images are considered unstable and therefore should NOT be used for production purposes unless you know what you're doing.

Sponsors

Microsoft Microsoft Azure credits for open source projects

Would you like to sponsor the project then please contact us at sponsors@oauth2-proxy.dev

Getting Involved

Slack

Join the #oauth2-proxy Slack channel to chat with other users of oauth2-proxy or reach out to the maintainers directly. Use the public invite link to get an invite for the Gopher Slack space.

OAuth2-Proxy is a community-driven project. We rely on the contribut️ions of our users to continually improve it. While review times can vary, we appreciate your patience and understanding. As a volunteer-driven project, we strive to keep this project stable and might take longer to merge changes.

If you want to contribute to the project. Please see our Contributing guide.

Who uses OAuth2-Proxy? Have a look at our new ADOPTERS file and feel free to open a PR to add your organisation.

Thanks to all the people who already contributed ❤

Made with contrib.rocks.

Security

If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly.

Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintainers, please compose an email and send it to the list of people listed in our MAINTAINERS file.

For more details read our full Security Docs

Security Notice for v6.0.0 and older

If you are running a version older than v6.0.0 we strongly recommend to the current version.

See open redirect vulnerability for details.

Repository History

2018-11-27: This repository was forked from bitly/OAuth2_Proxy. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

2020-03-29: This project was formerly hosted as pusher/oauth2_proxy but has been renamed to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.

License

OAuth2-Proxy is distributed under The MIT License.