- [#453](https://github.com/oauth2-proxy/oauth2-proxy/pull/453) Responses to endpoints with a proxy prefix will now return headers for preventing browser caching.
- [#450](https://github.com/oauth2-proxy/oauth2-proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo)
- [#445](https://github.com/oauth2-proxy/oauth2-proxy/pull/445) Expose `acr_values` to all providers (@holyjak)
- [#419](https://github.com/oauth2-proxy/oauth2-proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo)
- [#444](https://github.com/oauth2-proxy/oauth2-proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak)
- [#435](https://github.com/oauth2-proxy/oauth2-proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco)
- [#400](https://github.com/oauth2-proxy/oauth2-proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton)
- [#385](https://github.com/oauth2-proxy/oauth2-proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw)
- [#372](https://github.com/oauth2-proxy/oauth2-proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec)
- [#335](https://github.com/oauth2-proxy/oauth2-proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat)
- [#363](https://github.com/oauth2-proxy/oauth2-proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf)
- [#353](https://github.com/oauth2-proxy/oauth2-proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster)
- [#355](https://github.com/oauth2-proxy/oauth2-proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r)
- [#401](https://github.com/oauth2-proxy/oauth2-proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel)
- [#405](https://github.com/oauth2-proxy/oauth2-proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo)
- [#434](https://github.com/oauth2-proxy/oauth2-proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz)
- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain
- [#321](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted.
- [#280](https://github.com/oauth2-proxy/oauth2-proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7)
- [#259](https://github.com/oauth2-proxy/oauth2-proxy/pull/259) Redirect to HTTPS (@jmickey)
- [#273](https://github.com/oauth2-proxy/oauth2-proxy/pull/273) Support Go 1.13 (@dio)
- [#275](https://github.com/oauth2-proxy/oauth2-proxy/pull/275) docker: build from debian buster (@syscll)
- [#258](https://github.com/oauth2-proxy/oauth2-proxy/pull/258) Add IDToken for Azure provider (@leyshon)
- This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://oauth2-proxy.github.io/oauth2-proxy/configuration#redis-storage)
- [#286](https://github.com/oauth2-proxy/oauth2-proxy/pull/286) Requests.go updated with useful error messages (@biotom)
- [#274](https://github.com/oauth2-proxy/oauth2-proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina)
- This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain
a username.
In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains
- [#234](https://github.com/oauth2-proxy/oauth2-proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger)
- [#224](https://github.com/oauth2-proxy/oauth2-proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant)
- [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv)
- [#226](https://github.com/oauth2-proxy/oauth2-proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg)
- [#209](https://github.com/oauth2-proxy/oauth2-proxy/pull/209) Improve docker build caching of layers (@dekimsey)
- [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent (@JoelSpeed)
- [#187](https://github.com/oauth2-proxy/oauth2-proxy/pull/187) Move root packages to pkg folder (@JoelSpeed)
- [#65](https://github.com/oauth2-proxy/oauth2-proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via
- [#114](https://github.com/oauth2-proxy/oauth2-proxy/pull/114), [#154](https://github.com/oauth2-proxy/oauth2-proxy/pull/154) Documentation is now available live at our [docs website](https://oauth2-proxy.github.io/oauth2-proxy/) (@JoelSpeed, @icelynjennings)
- [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath)
- [#144](https://github.com/oauth2-proxy/oauth2-proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes)
- [#142](https://github.com/oauth2-proxy/oauth2-proxy/pull/142) ARM Docker USER fix (@kskewes)
- [#111](https://github.com/oauth2-proxy/oauth2-proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
- [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
- [#185](https://github.com/oauth2-proxy/oauth2-proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas)
- [#141](https://github.com/oauth2-proxy/oauth2-proxy/pull/141) Check google group membership based on email address (@bchess)
- [#195](https://github.com/oauth2-proxy/oauth2-proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore)
- [#198](https://github.com/oauth2-proxy/oauth2-proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore)
- [#159](https://github.com/oauth2-proxy/oauth2-proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay)
- [#210](https://github.com/oauth2-proxy/oauth2-proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore)
- [#201](https://github.com/oauth2-proxy/oauth2-proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d)