oauth2-proxy/docs/0_index.md

---
layout: default
title: Home
permalink: /
nav_order: 0
---

![OAuth2 Proxy](/logos/OAuth2_Proxy_horizontal.svg)

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)
to validate accounts by email, domain or group.

**Note:** This repository was forked from [bitly/OAuth2_Proxy](https://github.com/bitly/oauth2_proxy) on 27/11/2018.
Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork.
A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md).

[![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy)

![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png)

## Architecture

![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png)

## Behavior

1. Any request passing through the proxy (and not matched by `--skip-auth-regex`) is checked for the proxy's session cookie (`--cookie-name`) (or, if allowed, a JWT token - see `--skip-jwt-bearer-tokens`). 
2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with `Accept: application/json`, in which case 401 Unauthorized is returned)
3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful [endpoints](/oauth2-proxy/endpoints).
Initialise Jekyll site 2019-02-03 21:44:04 +00:00			`---`
			`layout: default`
			`title: Home`
			`permalink: /`
split README.MD into pages 2019-03-26 16:04:59 +00:00			`nav_order: 0`
Initialise Jekyll site 2019-02-03 21:44:04 +00:00			`---`

Add logo to docs site 2019-10-30 10:04:29 +00:00			`![OAuth2 Proxy](/logos/OAuth2_Proxy_horizontal.svg)`
split README.MD into pages 2019-03-26 16:04:59 +00:00
Initialise Jekyll site 2019-02-03 21:44:04 +00:00			`A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)`
			`to validate accounts by email, domain or group.`

split README.MD into pages 2019-03-26 16:04:59 +00:00			`Note: This repository was forked from [bitly/OAuth2_Proxy](https://github.com/bitly/oauth2_proxy) on 27/11/2018.`
Initialise Jekyll site 2019-02-03 21:44:04 +00:00			`Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork.`
Fix links in docs - Fixed a bunch of references to the repo, which were 404ing - Fixed a couple of things that 301/302ed - Fixed some in page references 2019-08-11 16:07:03 +01:00			`A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md).`
Initialise Jekyll site 2019-02-03 21:44:04 +00:00
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 14:54:36 +01:00			`[![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy)`
Initialise Jekyll site 2019-02-03 21:44:04 +00:00
			`![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png)`

split README.MD into pages 2019-03-26 16:04:59 +00:00			`## Architecture`

Fix links in docs - Fixed a bunch of references to the repo, which were 404ing - Fixed a couple of things that 301/302ed - Fixed some in page references 2019-08-11 16:07:03 +01:00			`![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png)`
Home: Add a brief description of the behavior (#794) * Home: Add a brief description of the behavior I could not find this information anywhere and think it is quite important for understanding how to use and configure the proxy for different use cases. (Especially the Ajax part is not mentioned anywhere else I believe.) I tried to keep it general enough so that it won't need updating often yet useful enough to have good value :) * Update docs/0_index.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-10-05 11:34:42 +02:00
			`## Behavior`

			1. Any request passing through the proxy (and not matched by `--skip-auth-regex`) is checked for the proxy's session cookie (`--cookie-name`) (or, if allowed, a JWT token - see `--skip-jwt-bearer-tokens`).
			2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with `Accept: application/json`, in which case 401 Unauthorized is returned)
			`3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set`
			`4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)`

			`Notice that the proxy also provides a number of useful [endpoints](/oauth2-proxy/endpoints).`