Allow to change provider's name (#296)

* Allow to change provider's name.

* Add changelog entry.

* Linting.

* provider-name -> provider-display-name.

* Add flag in main.go.

* Update CHANGELOG.md

CHANGELOG.md

@@ -17,6 +17,7 @@
 - [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard)
 - [#314](https://github.com/pusher/oauth2_proxy/pull/314) Add redirect capability to sign_out (@costelmoraru)
 - [#265](https://github.com/pusher/oauth2_proxy/pull/265) Add upstream with static response (@cgroschupp)
+- [#296](https://github.com/pusher/oauth2_proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster)
 
 # v4.0.0
 

docs/2_auth.md

@@ -156,6 +156,7 @@ OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many ma
 3.  Login with the fixture use in the dex guide and run the oauth2_proxy with the following args:
 
     -provider oidc
+    -provider-display-name "My OIDC Provider"
     -client-id oauth2_proxy
     -client-secret proxy
     -redirect-url http://127.0.0.1:4180/oauth2/callback

docs/configuration/configuration.md

@@ -76,6 +76,7 @@ An example [oauth2_proxy.cfg]({{ site.gitweb }}/contrib/oauth2_proxy.cfg.example
 | `-pass-user-headers` | bool | pass X-Forwarded-User and X-Forwarded-Email information to upstream | true |
 | `-profile-url` | string | Profile access endpoint | |
 | `-provider` | string | OAuth provider | google |
+| `-provider-display-name` | string | Override the provider's name with the given string; used for the sign-in page | (depends on provider) |
 | `-ping-path` | string | the ping endpoint that can be used for basic health checks | `"/ping"` |
 | `-proxy-prefix` | string | the url root path that this proxy should be nested under (e.g. /`<oauth2>/sign_in`) | `"/oauth2"` |
 | `-proxy-websockets` | bool | enables WebSocket proxying | true |

main.go

@@ -114,6 +114,7 @@ func main() {
 	flagSet.String("auth-logging-format", logger.DefaultAuthLoggingFormat, "Template for authentication log lines")
 
 	flagSet.String("provider", "google", "OAuth provider")
+	flagSet.String("provider-display-name", "", "Provider display name")
 	flagSet.String("oidc-issuer-url", "", "OpenID Connect issuer URL (ie: https://accounts.google.com)")
 	flagSet.Bool("insecure-oidc-allow-unverified-email", false, "Don't fail if an email address in an id_token is not verified")
 	flagSet.Bool("skip-oidc-discovery", false, "Skip OIDC discovery and use manually supplied Endpoints")

oauthproxy.go

@@ -79,31 +79,32 @@ type OAuthProxy struct {
 	AuthOnlyPath      string
 	UserInfoPath      string
 
-	redirectURL         *url.URL // the url to receive requests at
+	redirectURL          *url.URL // the url to receive requests at
-	whitelistDomains    []string
+	whitelistDomains     []string
-	provider            providers.Provider
+	provider             providers.Provider
-	sessionStore        sessionsapi.SessionStore
+	providerNameOverride string
-	ProxyPrefix         string
+	sessionStore         sessionsapi.SessionStore
-	SignInMessage       string
+	ProxyPrefix          string
-	HtpasswdFile        *HtpasswdFile
+	SignInMessage        string
-	DisplayHtpasswdForm bool
+	HtpasswdFile         *HtpasswdFile
-	serveMux            http.Handler
+	DisplayHtpasswdForm  bool
-	SetXAuthRequest     bool
+	serveMux             http.Handler
-	PassBasicAuth       bool
+	SetXAuthRequest      bool
-	SkipProviderButton  bool
+	PassBasicAuth        bool
-	PassUserHeaders     bool
+	SkipProviderButton   bool
-	BasicAuthPassword   string
+	PassUserHeaders      bool
-	PassAccessToken     bool
+	BasicAuthPassword    string
-	SetAuthorization    bool
+	PassAccessToken      bool
-	PassAuthorization   bool
+	SetAuthorization     bool
-	skipAuthRegex       []string
+	PassAuthorization    bool
-	skipAuthPreflight   bool
+	skipAuthRegex        []string
-	skipJwtBearerTokens bool
+	skipAuthPreflight    bool
-	jwtBearerVerifiers  []*oidc.IDTokenVerifier
+	skipJwtBearerTokens  bool
-	compiledRegex       []*regexp.Regexp
+	jwtBearerVerifiers   []*oidc.IDTokenVerifier
-	templates           *template.Template
+	compiledRegex        []*regexp.Regexp
-	Banner              string
+	templates            *template.Template
-	Footer              string
+	Banner               string
+	Footer               string
 }
 
 // UpstreamProxy represents an upstream server to proxy to
@@ -282,28 +283,29 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
 		AuthOnlyPath:      fmt.Sprintf("%s/auth", opts.ProxyPrefix),
 		UserInfoPath:      fmt.Sprintf("%s/userinfo", opts.ProxyPrefix),
 
-		ProxyPrefix:         opts.ProxyPrefix,
+		ProxyPrefix:          opts.ProxyPrefix,
-		provider:            opts.provider,
+		provider:             opts.provider,
-		sessionStore:        opts.sessionStore,
+		providerNameOverride: opts.ProviderName,
-		serveMux:            serveMux,
+		sessionStore:         opts.sessionStore,
-		redirectURL:         redirectURL,
+		serveMux:             serveMux,
-		whitelistDomains:    opts.WhitelistDomains,
+		redirectURL:          redirectURL,
-		skipAuthRegex:       opts.SkipAuthRegex,
+		whitelistDomains:     opts.WhitelistDomains,
-		skipAuthPreflight:   opts.SkipAuthPreflight,
+		skipAuthRegex:        opts.SkipAuthRegex,
-		skipJwtBearerTokens: opts.SkipJwtBearerTokens,
+		skipAuthPreflight:    opts.SkipAuthPreflight,
-		jwtBearerVerifiers:  opts.jwtBearerVerifiers,
+		skipJwtBearerTokens:  opts.SkipJwtBearerTokens,
-		compiledRegex:       opts.CompiledRegex,
+		jwtBearerVerifiers:   opts.jwtBearerVerifiers,
-		SetXAuthRequest:     opts.SetXAuthRequest,
+		compiledRegex:        opts.CompiledRegex,
-		PassBasicAuth:       opts.PassBasicAuth,
+		SetXAuthRequest:      opts.SetXAuthRequest,
-		PassUserHeaders:     opts.PassUserHeaders,
+		PassBasicAuth:        opts.PassBasicAuth,
-		BasicAuthPassword:   opts.BasicAuthPassword,
+		PassUserHeaders:      opts.PassUserHeaders,
-		PassAccessToken:     opts.PassAccessToken,
+		BasicAuthPassword:    opts.BasicAuthPassword,
-		SetAuthorization:    opts.SetAuthorization,
+		PassAccessToken:      opts.PassAccessToken,
-		PassAuthorization:   opts.PassAuthorization,
+		SetAuthorization:     opts.SetAuthorization,
-		SkipProviderButton:  opts.SkipProviderButton,
+		PassAuthorization:    opts.PassAuthorization,
-		templates:           loadTemplates(opts.CustomTemplatesDir),
+		SkipProviderButton:   opts.SkipProviderButton,
-		Banner:              opts.Banner,
+		templates:            loadTemplates(opts.CustomTemplatesDir),
-		Footer:              opts.Footer,
+		Banner:               opts.Banner,
+		Footer:               opts.Footer,
 	}
 }
 
@@ -465,6 +467,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 		ProxyPrefix:   p.ProxyPrefix,
 		Footer:        template.HTML(p.Footer),
 	}
+	if p.providerNameOverride != "" {
+		t.ProviderName = p.providerNameOverride
+	}
 	p.templates.ExecuteTemplate(rw, "sign_in.html", t)
 }
 

options.go

@@ -87,6 +87,7 @@ type Options struct {
 	// These options allow for other providers besides Google, with
 	// potential overrides.
 	Provider                         string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
+	ProviderName                     string `flag:"provider-display-name" cfg:"provider_display_name" env:"OAUTH2_PROXY_PROVIDER_DISPLAY_NAME"`
 	OIDCIssuerURL                    string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
 	InsecureOIDCAllowUnverifiedEmail bool   `flag:"insecure-oidc-allow-unverified-email" cfg:"insecure_oidc_allow_unverified_email" env:"OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL"`
 	SkipOIDCDiscovery                bool   `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_PROXY_SKIP_OIDC_DISCOVERY"`