Support the PreferEmailToUser option on PassUserHeaders

Previously in #401, an option was added to support forwarding the email address as the username to the upstream service when the PassBasicAuth option is used. The PassBasicAuth option is not appropriate for all users, with PassUserHeaders allowing very similar functionality without specifying a basic auth headers. The PreferEmailToUser option has been expanded to support the PassUserHeaders option.
2025-11-27 22:38:39 +02:00 · 2020-03-04 11:27:43 +13:00
parent 666d4c3db1
commit 4cd43ef397
6 changed files with 44 additions and 15 deletions
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@@ -74,7 +74,7 @@ An example [oauth2_proxy.cfg]({{ site.gitweb }}/contrib/oauth2_proxy.cfg.example
 | `-pass-access-token` | bool | pass OAuth access_token to upstream via X-Forwarded-Access-Token header | false |
 | `-pass-authorization-header` | bool | pass OIDC IDToken to upstream via Authorization Bearer header | false |
 | `-pass-basic-auth` | bool | pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream | true |
-| `-prefer-email-to-user` | bool | Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, eg. htaccess authentication. | false |
+| `-prefer-email-to-user` | bool | Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, eg. htaccess authentication. Used in conjunction with `-pass-basic-auth` and `-pass-user-headers` | false |
 | `-pass-host-header` | bool | pass the request Host Header to upstream | true |
 | `-pass-user-headers` | bool | pass X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream | true |
 | `-profile-url` | string | Profile access endpoint | |