(window.webpackJsonp=window.webpackJsonp||[]).push([[45],{103:function(e,t,n){"use strict";n.r(t),n.d(t,"frontMatter",(function(){returna})),n.d(t,"metadata",(function(){returnc})),n.d(t,"rightToc",(function(){returns})),n.d(t,"default",(function(){returnu}));varr=n(2),o=n(6),i=(n(0),n(106)),a={id:"endpoints",title:"Endpoints"},c={unversionedId:"features/endpoints",id:"version-7.1.x/features/endpoints",isDocsHomePage:!1,title:"Endpoints",description:"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.",source:"@site/versioned_docs/version-7.1.x/features/endpoints.md",slug:"/features/endpoints",permalink:"/oauth2-proxy/docs/features/endpoints",editUrl:"https://github.com/oauth2-proxy/oauth2-proxy/edit/master/docs/versioned_docs/version-7.1.x/features/endpoints.md",version:"7.1.x",sidebar:"version-7.1.x/docs",previous:{title:"Alpha Configuration",permalink:"/oauth2-proxy/docs/configuration/alpha-config"},next:{title:"Security",permalink:"/oauth2-proxy/docs/community/security"}},s=[{value:"Sign out",id:"sign-out",children:[]}],p={rightToc:s};functionu(e){vart=e.components,n=Object(o.a)(e,["components"]);returnObject(i.b)("wrapper",Object(r.a)({},p,n,{components:t,mdxType:"MDXLayout"}),Object(i.b)("p",null,"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The ",Object(i.b)("inlineCode",{parentName:"p"},"/oauth2")," prefix can be changed with the ",Object(i.b)("inlineCode",{parentName:"p"},"--proxy-prefix")," config variable."),Object(i.b)("ul",null,Object(i.b)("li",{parentName:"ul"},"/robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see ",Object(i.b)("a",Object(r.a)({parentName:"li"},{href:"http://www.robotstxt.org/"}),"robotstxt.org")," for more info"),Object(i.b)("li",{parentName:"ul"},"/ping - returns a 200 OK response, which is intended for use with health checks"),Object(i.b)("li",{parentName:"ul"},"/metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by ",Object(i.b)("inlineCode",{parentName:"li"},"--metrics-address"),", disabled by default"),Object(i.b)("li",{parentName:"ul"},"/oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)"),Object(i.b)("li",{parentName:"ul"},"/oauth2/sign_out - this URL is used to clear the session cookie"),Object(i.b)("li",{parentName:"ul"},"/oauth2/start - a URL that will redirect to start the OAuth cycle"),Object(i.b)("li",{parentName:"ul"},"/oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url."),Object(i.b)("li",{parentName:"ul"},"/oauth2/userinfo - the URL is used to return user's email from the session in JSON format."),Object(i.b)("li",{parentName:"ul"},"/oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the ",Object(i.b)("a",Object(r.a)({parentName:"li"},{href:"/oauth2-proxy/docs/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive"}),"Nginx ",Object(i.b)("inlineCode",{parentName:"a"},"auth_request")," directive"))),Object(i.b)("h3",{id:"sign-out"},"Sign out"),Object(i.b)("p",null,"To sign the user out, redirect them to ",Object(i.b)("inlineCode",{parentName:"p"},"/oauth2/sign_out"),". This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the ",Object(i.b)("inlineCode",{parentName:"p"},"rd")," query parameter, i.e. redirect the user to something like (notice the url-encoding!):"),Object(i.b)("pre",null,Object(i.b)("code",Object(r.a)({parentName:"pre"},{}),"/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page\n")),Object(i.b)("p",null,"Alternatively,
