oauth2-proxy/efc9be4b.e5ba1330.js

(window.webpackJsonp=window.webpackJsonp||[]).push([[50],{108:function(e,t,n){"use strict";n.r(t),n.d(t,"frontMatter",(function(){return a})),n.d(t,"metadata",(function(){return c})),n.d(t,"rightToc",(function(){return s})),n.d(t,"default",(function(){return u}));var r=n(2),o=n(6),i=(n(0),n(116)),a={id:"endpoints",title:"Endpoints"},c={unversionedId:"features/endpoints",id:"features/endpoints",isDocsHomePage:!1,title:"Endpoints",description:"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.",source:"@site/docs/features/endpoints.md",slug:"/features/endpoints",permalink:"/oauth2-proxy/docs/next/features/endpoints",editUrl:"https://github.com/oauth2-proxy/oauth2-proxy/edit/master/docs/docs/features/endpoints.md",version:"current",sidebar:"docs",previous:{title:"Alpha Configuration",permalink:"/oauth2-proxy/docs/next/configuration/alpha-config"},next:{title:"Security",permalink:"/oauth2-proxy/docs/next/community/security"}},s=[{value:"Sign out",id:"sign-out",children:[]}],p={rightToc:s};function u(e){var t=e.components,n=Object(o.a)(e,["components"]);return Object(i.b)("wrapper",Object(r.a)({},p,n,{components:t,mdxType:"MDXLayout"}),Object(i.b)("p",null,"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The ",Object(i.b)("inlineCode",{parentName:"p"},"/oauth2")," prefix can be changed with the ",Object(i.b)("inlineCode",{parentName:"p"},"--proxy-prefix")," config variable."),Object(i.b)("ul",null,Object(i.b)("li",{parentName:"ul"},"/robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see ",Object(i.b)("a",Object(r.a)({parentName:"li"},{href:"http://www.robotstxt.org/"}),"robotstxt.org")," for more info"),Object(i.b)("li",{parentName:"ul"},"/ping - returns a 200 OK response, which is intended for use with health checks"),Object(i.b)("li",{parentName:"ul"},"/metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by ",Object(i.b)("inlineCode",{parentName:"li"},"--metrics-address"),", disabled by default"),Object(i.b)("li",{parentName:"ul"},"/oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)"),Object(i.b)("li",{parentName:"ul"},"/oauth2/sign_out - this URL is used to clear the session cookie"),Object(i.b)("li",{parentName:"ul"},"/oauth2/start - a URL that will redirect to start the OAuth cycle"),Object(i.b)("li",{parentName:"ul"},"/oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url."),Object(i.b)("li",{parentName:"ul"},"/oauth2/userinfo - the URL is used to return user's email from the session in JSON format."),Object(i.b)("li",{parentName:"ul"},"/oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the ",Object(i.b)("a",Object(r.a)({parentName:"li"},{href:"/oauth2-proxy/docs/next/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive"}),"Nginx ",Object(i.b)("inlineCode",{parentName:"a"},"auth_request")," directive"))),Object(i.b)("h3",{id:"sign-out"},"Sign out"),Object(i.b)("p",null,"To sign the user out, redirect them to ",Object(i.b)("inlineCode",{parentName:"p"},"/oauth2/sign_out"),". This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the ",Object(i.b)("inlineCode",{parentName:"p"},"rd")," query parameter, i.e. redirect the user to something like (notice the url-encoding!):"),Object(i.b)("pre",null,Object(i.b)("code",Object(r.a)({parentName:"pre"},{}),"/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page\n")),Object(i.b)("p",null,"Alternatively, include the redirect URL in the ",Object(i.b)("inline