oauth2-proxy/docs/versioned_docs/version-7.8.x/configuration/providers/index.md

---
id: index
title: OAuth Provider Configuration
---

You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it 
with Redirect URI(s) for the domain you intend to run `oauth2-proxy` on.

Valid providers are :

- [ADFS](adfs.md)
- [Bitbucket](bitbucket.md)
- [DigitalOcean](digitalocean.md)
- [Facebook](facebook.md)
- [Gitea](gitea.md)
- [GitHub](github.md)
- [GitLab](gitlab.md)
- [Google](google.md) _default_
- [Keycloak](keycloak.md) (Deprecated)
- [Keycloak OIDC](keycloak_oidc.md)
- [LinkedIn](linkedin.md)
- [login.gov](login_gov.md)
- [Microsoft Azure](ms_azure_ad.md) (Deprecated)
- [Microsoft Entra ID](ms_entra_id.md)
- [Nextcloud](nextcloud.md)
- [OpenID Connect](openid_connect.md)

The provider can be selected using the `provider` configuration value, or set in the [`providers` array using AlphaConfig](https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#providers). However, [**the feature to implement multiple providers is not complete**](https://github.com/oauth2-proxy/oauth2-proxy/issues/926).

Please note that not all providers support all claims. The `preferred_username` claim is currently only supported by the 
OpenID Connect provider.

## Email Authentication

To authorize a specific email-domain use `--email-domain=yourcompany.com`. To authorize individual email addresses use 
`--authenticated-emails-file=/path/to/file` with one email per line. To authorize all email addresses use `--email-domain=*`.

## Adding a new Provider

Follow the examples in the [`providers` package](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/) to define a new
`Provider` instance. Add a new `case` to
[`providers.New()`](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/providers.go) to allow `oauth2-proxy` to use the
new `Provider`.
doc: add new docs version 7.8.x 2025-01-12 12:20:17 +00:00			`---`
			`id: index`
			`title: OAuth Provider Configuration`
			`---`

			`You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it`
			with Redirect URI(s) for the domain you intend to run `oauth2-proxy` on.

			`Valid providers are :`

			`- [ADFS](adfs.md)`
			`- [Bitbucket](bitbucket.md)`
			`- [DigitalOcean](digitalocean.md)`
			`- [Facebook](facebook.md)`
			`- [Gitea](gitea.md)`
			`- [GitHub](github.md)`
			`- [GitLab](gitlab.md)`
			`- [Google](google.md) _default_`
			`- [Keycloak](keycloak.md) (Deprecated)`
			`- [Keycloak OIDC](keycloak_oidc.md)`
			`- [LinkedIn](linkedin.md)`
			`- [login.gov](login_gov.md)`
			`- [Microsoft Azure](ms_azure_ad.md) (Deprecated)`
			`- [Microsoft Entra ID](ms_entra_id.md)`
			`- [Nextcloud](nextcloud.md)`
			`- [OpenID Connect](openid_connect.md)`

docs: clear up multiple-providers is unimplemented (#3046) * docs: clear up multiple-providers is unimplemented Currently this configuration option is held up by #926. So users don't assume this solution will work for them, and later find the feature is not yet implemented -- own the shortcoming clearly. * doc: add note about missing multi provider implementation to versioned docs --------- Signed-off-by: Jan Larwig <jan@larwig.com> Co-authored-by: Jan Larwig <jan@larwig.com> 2025-04-28 16:52:27 -05:00			The provider can be selected using the `provider` configuration value, or set in the [`providers` array using AlphaConfig](https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#providers). However, [the feature to implement multiple providers is not complete](https://github.com/oauth2-proxy/oauth2-proxy/issues/926).
doc: add new docs version 7.8.x 2025-01-12 12:20:17 +00:00
			Please note that not all providers support all claims. The `preferred_username` claim is currently only supported by the
			`OpenID Connect provider.`

			`## Email Authentication`

			To authorize a specific email-domain use `--email-domain=yourcompany.com`. To authorize individual email addresses use
			`--authenticated-emails-file=/path/to/file` with one email per line. To authorize all email addresses use `--email-domain=*`.

			`## Adding a new Provider`

			Follow the examples in the [`providers` package](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/) to define a new
			`Provider` instance. Add a new `case` to
			[`providers.New()`](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/providers.go) to allow `oauth2-proxy` to use the
			new `Provider`.