add --set-xauthrequest flag for use in Nginx auth_request mode

This is enhancement of #173 to use "Auth Request" consistently in the command-line option, configuration file and response headers. It always sets the X-Auth-Request-User response header and if the email is available, sets X-Auth-Request-Email as well.
2025-06-17 00:17:40 +02:00 · 2016-10-20 17:49:59 +05:30
parent 93852a24cb
commit 829b442302
4 changed files with 41 additions and 0 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -60,6 +60,7 @@ type OAuthProxy struct {
 	HtpasswdFile        *HtpasswdFile
 	DisplayHtpasswdForm bool
 	serveMux            http.Handler
+	SetXAuthRequest     bool
 	PassBasicAuth       bool
 	SkipProviderButton  bool
 	PassUserHeaders     bool
@ -198,6 +199,7 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
 		redirectURL:        redirectURL,
 		skipAuthRegex:      opts.SkipAuthRegex,
 		compiledRegex:      opts.CompiledRegex,
+		SetXAuthRequest:    opts.SetXAuthRequest,
 		PassBasicAuth:      opts.PassBasicAuth,
 		PassUserHeaders:    opts.PassUserHeaders,
 		BasicAuthPassword:  opts.BasicAuthPassword,
@ -663,6 +665,12 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
 			req.Header["X-Forwarded-Email"] = []string{session.Email}
 		}
 	}
+	if p.SetXAuthRequest {
+		rw.Header().Set("X-Auth-Request-User", session.User)
+		if session.Email != "" {
+			rw.Header().Set("X-Auth-Request-Email", session.Email)
+		}
+	}
 	if p.PassAccessToken && session.AccessToken != "" {
 		req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
 	}