From 8886bb752ab01e5be673822ca1c9ff38b45a3abe Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 22 Sep 2023 13:31:39 +0000 Subject: [PATCH] Update documentation based on ef9595799037938879e61e3c00a354dd84cddf24 --- 404.html | 4 ++-- ...{121b3f12.1d2ff384.js => 121b3f12.63726df8.js} | 2 +- ...{dc696e54.167ac9d6.js => dc696e54.e6e30379.js} | 2 +- ...~main.53cfe8ac.js => runtime~main.3f651c82.js} | 2 +- docs/6.1.x/behaviour/index.html | 4 ++-- docs/6.1.x/community/security/index.html | 4 ++-- .../6.1.x/configuration/oauth_provider/index.html | 4 ++-- docs/6.1.x/configuration/overview/index.html | 4 ++-- .../configuration/session_storage/index.html | 4 ++-- docs/6.1.x/configuration/tls/index.html | 4 ++-- docs/6.1.x/features/endpoints/index.html | 4 ++-- docs/6.1.x/features/request_signatures/index.html | 4 ++-- docs/6.1.x/index.html | 4 ++-- docs/6.1.x/search-index.json | 2 +- docs/7.0.x/behaviour/index.html | 4 ++-- docs/7.0.x/community/security/index.html | 4 ++-- docs/7.0.x/configuration/alpha-config/index.html | 4 ++-- .../7.0.x/configuration/oauth_provider/index.html | 4 ++-- docs/7.0.x/configuration/overview/index.html | 4 ++-- .../configuration/session_storage/index.html | 4 ++-- docs/7.0.x/configuration/tls/index.html | 4 ++-- docs/7.0.x/features/endpoints/index.html | 4 ++-- docs/7.0.x/features/request_signatures/index.html | 4 ++-- docs/7.0.x/index.html | 4 ++-- docs/7.1.x/behaviour/index.html | 4 ++-- docs/7.1.x/community/security/index.html | 4 ++-- docs/7.1.x/configuration/alpha-config/index.html | 4 ++-- .../7.1.x/configuration/oauth_provider/index.html | 4 ++-- docs/7.1.x/configuration/overview/index.html | 4 ++-- .../configuration/session_storage/index.html | 4 ++-- docs/7.1.x/configuration/tls/index.html | 4 ++-- docs/7.1.x/features/endpoints/index.html | 4 ++-- docs/7.1.x/index.html | 4 ++-- docs/7.2.x/behaviour/index.html | 4 ++-- docs/7.2.x/community/security/index.html | 4 ++-- docs/7.2.x/configuration/alpha-config/index.html | 4 ++-- .../7.2.x/configuration/oauth_provider/index.html | 4 ++-- docs/7.2.x/configuration/overview/index.html | 4 ++-- .../configuration/session_storage/index.html | 4 ++-- docs/7.2.x/configuration/tls/index.html | 4 ++-- docs/7.2.x/features/endpoints/index.html | 4 ++-- docs/7.2.x/index.html | 4 ++-- docs/7.3.x/behaviour/index.html | 4 ++-- docs/7.3.x/community/security/index.html | 4 ++-- docs/7.3.x/configuration/alpha-config/index.html | 4 ++-- .../7.3.x/configuration/oauth_provider/index.html | 4 ++-- docs/7.3.x/configuration/overview/index.html | 4 ++-- .../configuration/session_storage/index.html | 4 ++-- docs/7.3.x/configuration/tls/index.html | 4 ++-- docs/7.3.x/features/endpoints/index.html | 4 ++-- docs/7.3.x/index.html | 4 ++-- docs/7.4.x/behaviour/index.html | 4 ++-- docs/7.4.x/community/security/index.html | 4 ++-- docs/7.4.x/configuration/alpha-config/index.html | 4 ++-- .../7.4.x/configuration/oauth_provider/index.html | 4 ++-- docs/7.4.x/configuration/overview/index.html | 4 ++-- .../configuration/session_storage/index.html | 4 ++-- docs/7.4.x/configuration/tls/index.html | 4 ++-- docs/7.4.x/features/endpoints/index.html | 4 ++-- docs/7.4.x/index.html | 4 ++-- docs/behaviour/index.html | 4 ++-- docs/community/security/index.html | 4 ++-- docs/configuration/alpha-config/index.html | 4 ++-- docs/configuration/oauth_provider/index.html | 4 ++-- docs/configuration/overview/index.html | 4 ++-- docs/configuration/session_storage/index.html | 15 ++++++++++++--- docs/configuration/tls/index.html | 4 ++-- docs/features/endpoints/index.html | 4 ++-- docs/index.html | 6 +++--- docs/next/behaviour/index.html | 4 ++-- docs/next/community/security/index.html | 4 ++-- docs/next/configuration/alpha-config/index.html | 4 ++-- docs/next/configuration/oauth_provider/index.html | 4 ++-- docs/next/configuration/overview/index.html | 4 ++-- .../next/configuration/session_storage/index.html | 4 ++-- docs/next/configuration/tls/index.html | 4 ++-- docs/next/features/endpoints/index.html | 4 ++-- docs/next/index.html | 4 ++-- docs/next/search-index.json | 2 +- index.html | 4 ++-- search-index.json | 2 +- search/index.html | 4 ++-- 82 files changed, 169 insertions(+), 160 deletions(-) rename assets/js/{121b3f12.1d2ff384.js => 121b3f12.63726df8.js} (57%) rename assets/js/{dc696e54.167ac9d6.js => dc696e54.e6e30379.js} (76%) rename assets/js/{runtime~main.53cfe8ac.js => runtime~main.3f651c82.js} (98%) diff --git a/404.html b/404.html index 83470b64..76e8f85d 100644 --- a/404.html +++ b/404.html @@ -4,13 +4,13 @@ Page Not Found | OAuth2 Proxy - +
Skip to main content

Page Not Found

We could not find what you were looking for.

Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

- + \ No newline at end of file diff --git a/assets/js/121b3f12.1d2ff384.js b/assets/js/121b3f12.63726df8.js similarity index 57% rename from assets/js/121b3f12.1d2ff384.js rename to assets/js/121b3f12.63726df8.js index d1904f99..c5eb88bc 100644 --- a/assets/js/121b3f12.1d2ff384.js +++ b/assets/js/121b3f12.63726df8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[4963],{3905:function(e,t,n){n.d(t,{Zo:function(){return c},kt:function(){return h}});var i=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,i)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var l=i.createContext({}),u=function(e){var t=i.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},c=function(e){var t=u(e.components);return i.createElement(l.Provider,{value:t},e.children)},d="mdxType",p={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},m=i.forwardRef((function(e,t){var n=e.components,o=e.mdxType,r=e.originalType,l=e.parentName,c=a(e,["components","mdxType","originalType","parentName"]),d=u(n),m=o,h=d["".concat(l,".").concat(m)]||d[m]||p[m]||r;return n?i.createElement(h,s(s({ref:t},c),{},{components:n})):i.createElement(h,s({ref:t},c))}));function h(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=n.length,s=new Array(r);s[0]=m;var a={};for(var l in t)hasOwnProperty.call(t,l)&&(a[l]=t[l]);a.originalType=e,a[d]="string"==typeof e?e:o,s[1]=a;for(var u=2;u=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(i=0;i=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var l=i.createContext({}),u=function(e){var t=i.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},c=function(e){var t=u(e.components);return i.createElement(l.Provider,{value:t},e.children)},d="mdxType",p={inlineCode:"code",wrapper:function(e){var t=e.children;return i.createElement(i.Fragment,{},t)}},h=i.forwardRef((function(e,t){var n=e.components,o=e.mdxType,r=e.originalType,l=e.parentName,c=a(e,["components","mdxType","originalType","parentName"]),d=u(n),h=o,k=d["".concat(l,".").concat(h)]||d[h]||p[h]||r;return n?i.createElement(k,s(s({ref:t},c),{},{components:n})):i.createElement(k,s({ref:t},c))}));function k(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=n.length,s=new Array(r);s[0]=h;var a={};for(var l in t)hasOwnProperty.call(t,l)&&(a[l]=t[l]);a.originalType=e,a[d]="string"==typeof e?e:o,s[1]=a;for(var u=2;u=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var p=r.createContext({}),u=function(e){var t=r.useContext(p),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=u(e.components);return r.createElement(p.Provider,{value:t},e.children)},s="mdxType",f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,p=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),s=u(n),m=o,d=s["".concat(p,".").concat(m)]||s[m]||f[m]||a;return n?r.createElement(d,i(i({ref:t},c),{},{components:n})):r.createElement(d,i({ref:t},c))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,i=new Array(a);i[0]=m;var l={};for(var p in t)hasOwnProperty.call(t,p)&&(l[p]=t[p]);l.originalType=e,l[s]="string"==typeof e?e:o,i[1]=l;for(var u=2;u=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var p=r.createContext({}),u=function(e){var t=r.useContext(p),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=u(e.components);return r.createElement(p.Provider,{value:t},e.children)},s="mdxType",f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,p=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),s=u(n),m=o,d=s["".concat(p,".").concat(m)]||s[m]||f[m]||a;return n?r.createElement(d,i(i({ref:t},c),{},{components:n})):r.createElement(d,i({ref:t},c))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,i=new Array(a);i[0]=m;var l={};for(var p in t)hasOwnProperty.call(t,p)&&(l[p]=t[p]);l.originalType=e,l[s]="string"==typeof e?e:o,i[1]=l;for(var u=2;u=d)&&Object.keys(n.O).every((function(e){return n.O[e](c[r])}))?c.splice(r--,1):(b=!1,d0&&e[u-1][2]>d;u--)e[u]=e[u-1];e[u]=[c,a,d]},n.n=function(e){var f=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(f,{a:f}),f},c=Object.getPrototypeOf?function(e){return Object.getPrototypeOf(e)}:function(e){return e.__proto__},n.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var d=Object.create(null);n.r(d);var t={};f=f||[null,c({}),c([]),c(c)];for(var b=2&a&&e;"object"==typeof b&&!~f.indexOf(b);b=c(b))Object.getOwnPropertyNames(b).forEach((function(f){t[f]=function(){return e[f]}}));return t.default=function(){return e},n.d(d,t),d},n.d=function(e,f){for(var c in f)n.o(f,c)&&!n.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:f[c]})},n.f={},n.e=function(e){return Promise.all(Object.keys(n.f).reduce((function(f,c){return n.f[c](e,f),f}),[]))},n.u=function(e){return"assets/js/"+({53:"935f2afb",74:"4ae90ba0",268:"9c6b37b9",507:"8f68f251",707:"76aee1e9",811:"e8c74efb",1169:"a68195a4",1351:"7dcecc8d",1365:"b9702c11",1487:"adcdd4d2",1558:"efec474a",1898:"1999cd7b",2098:"92147208",2114:"6f497b56",2158:"35234f08",2260:"d4a2a59c",2423:"e7cb9657",2439:"cd4a49c1",2506:"03a491a5",2575:"ceef21a3",2593:"300a9996",2598:"5a047177",2608:"9ac82b89",2822:"94285305",2844:"f3976560",2871:"a37c03cb",2960:"d319f4c2",3005:"ab02279c",3085:"1f391b9e",3217:"3b8c55ea",3291:"230aeb34",3358:"be200c4b",3782:"a1bbfb14",3843:"ecc333f0",3938:"65a49553",4024:"f8ffbaca",4042:"08659987",4189:"3def9002",4193:"f69784af",4431:"001ca130",4472:"f4c9d322",4963:"121b3f12",4998:"7b04b1d5",5144:"1737cda1",5322:"00691219",5367:"567d20e7",5410:"9b9cfcc1",5437:"f98fc388",5597:"5dfb0b41",5626:"452b66d6",5679:"4922efd5",5680:"b312ff36",5809:"f5afe1a5",5845:"243cbd97",5874:"ea7cbf6d",5910:"d62b9139",5971:"dc696e54",5995:"cecf159a",6042:"fb908f49",6119:"efc9be4b",6482:"7874e99f",6760:"0721a2c0",7163:"cf2016e4",7165:"3b8e2d60",7240:"0f425520",7250:"41de83de",7356:"64f5dfca",7357:"a916fa41",7401:"63d69a63",7595:"42326c77",7826:"f5839aac",7918:"17896441",7920:"1a4e3797",8249:"585bdad0",8338:"de718920",8447:"ade45c9a",8500:"acde588d",8555:"cbc8963c",8583:"9f61b932",8676:"15098498",8724:"edfc6e1b",8873:"b89e1cb0",8967:"3fa022c7",9267:"357fe94d",9464:"674dcd29",9512:"a991188b",9514:"1be78505",9692:"2c77072c",9890:"8c826f25"}[e]||e)+"."+{53:"862d22e4",74:"cebae3e6",268:"41dab7d7",507:"7848ceac",707:"05f16d16",771:"bdacdc80",811:"f64286db",1169:"ae888680",1351:"0763dc99",1365:"de5d0b80",1487:"3c7def82",1558:"d0e3f62c",1898:"3ecd00cf",2098:"1de08157",2114:"d457a0d1",2158:"48c6f914",2260:"76e984ff",2423:"4a6bd425",2439:"20b20c2d",2506:"11982042",2575:"694477a9",2593:"2e30b5d6",2598:"0bdaacd0",2608:"51751599",2822:"38f228a1",2844:"bdf3da5f",2871:"8ad3ae27",2960:"02dee544",3005:"f5623646",3085:"9c591920",3217:"7493271c",3291:"7834131c",3358:"00fa49ec",3782:"6c38b748",3843:"768cfb55",3938:"ca7af809",4024:"f2a4edc7",4042:"641218f9",4189:"826b0f33",4193:"a1086cd1",4431:"ea995613",4472:"d507f15b",4963:"1d2ff384",4972:"db9d8288",4998:"375b9d33",5144:"6c512bce",5322:"aa22e2bc",5367:"6caf8101",5410:"f7c823cc",5437:"8a99036f",5525:"1a6f6533",5597:"4d1fb146",5626:"7b319d26",5679:"61168aee",5680:"77af369f",5809:"9a5f7e82",5845:"ae844494",5874:"c91bc7e7",5910:"3781e0c3",5971:"167ac9d6",5995:"e4df0ed9",6042:"37db6e23",6119:"4e54fc13",6482:"028314e8",6760:"ea46b094",7163:"e2db5f49",7165:"3395ef0b",7240:"3de858f9",7250:"631a4066",7356:"1ea82678",7357:"dde69632",7401:"9a9115aa",7595:"e5ce8b4a",7826:"59ce1315",7918:"7245005b",7920:"47f2376f",8249:"932687e3",8338:"bcc5d62d",8443:"5a23e88e",8447:"fbddb8f4",8500:"1a77c011",8555:"7aafd148",8583:"72ae2b8d",8676:"cefb25bc",8724:"ced83dc8",8873:"67f13935",8967:"64772e2e",9267:"5394055a",9464:"33fe9b8e",9512:"b91db63a",9514:"1971bfb9",9692:"792c4871",9890:"7f73ac8a"}[e]+".js"},n.miniCssF=function(e){},n.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),n.o=function(e,f){return Object.prototype.hasOwnProperty.call(e,f)},a={},d="docusaurus:",n.l=function(e,f,c,t){if(a[e])a[e].push(f);else{var b,r;if(void 0!==c)for(var o=document.getElementsByTagName("script"),u=0;u=d)&&Object.keys(n.O).every((function(e){return n.O[e](c[r])}))?c.splice(r--,1):(b=!1,d0&&e[u-1][2]>d;u--)e[u]=e[u-1];e[u]=[c,a,d]},n.n=function(e){var f=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(f,{a:f}),f},c=Object.getPrototypeOf?function(e){return Object.getPrototypeOf(e)}:function(e){return e.__proto__},n.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var d=Object.create(null);n.r(d);var t={};f=f||[null,c({}),c([]),c(c)];for(var b=2&a&&e;"object"==typeof b&&!~f.indexOf(b);b=c(b))Object.getOwnPropertyNames(b).forEach((function(f){t[f]=function(){return e[f]}}));return t.default=function(){return e},n.d(d,t),d},n.d=function(e,f){for(var c in f)n.o(f,c)&&!n.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:f[c]})},n.f={},n.e=function(e){return Promise.all(Object.keys(n.f).reduce((function(f,c){return n.f[c](e,f),f}),[]))},n.u=function(e){return"assets/js/"+({53:"935f2afb",74:"4ae90ba0",268:"9c6b37b9",507:"8f68f251",707:"76aee1e9",811:"e8c74efb",1169:"a68195a4",1351:"7dcecc8d",1365:"b9702c11",1487:"adcdd4d2",1558:"efec474a",1898:"1999cd7b",2098:"92147208",2114:"6f497b56",2158:"35234f08",2260:"d4a2a59c",2423:"e7cb9657",2439:"cd4a49c1",2506:"03a491a5",2575:"ceef21a3",2593:"300a9996",2598:"5a047177",2608:"9ac82b89",2822:"94285305",2844:"f3976560",2871:"a37c03cb",2960:"d319f4c2",3005:"ab02279c",3085:"1f391b9e",3217:"3b8c55ea",3291:"230aeb34",3358:"be200c4b",3782:"a1bbfb14",3843:"ecc333f0",3938:"65a49553",4024:"f8ffbaca",4042:"08659987",4189:"3def9002",4193:"f69784af",4431:"001ca130",4472:"f4c9d322",4963:"121b3f12",4998:"7b04b1d5",5144:"1737cda1",5322:"00691219",5367:"567d20e7",5410:"9b9cfcc1",5437:"f98fc388",5597:"5dfb0b41",5626:"452b66d6",5679:"4922efd5",5680:"b312ff36",5809:"f5afe1a5",5845:"243cbd97",5874:"ea7cbf6d",5910:"d62b9139",5971:"dc696e54",5995:"cecf159a",6042:"fb908f49",6119:"efc9be4b",6482:"7874e99f",6760:"0721a2c0",7163:"cf2016e4",7165:"3b8e2d60",7240:"0f425520",7250:"41de83de",7356:"64f5dfca",7357:"a916fa41",7401:"63d69a63",7595:"42326c77",7826:"f5839aac",7918:"17896441",7920:"1a4e3797",8249:"585bdad0",8338:"de718920",8447:"ade45c9a",8500:"acde588d",8555:"cbc8963c",8583:"9f61b932",8676:"15098498",8724:"edfc6e1b",8873:"b89e1cb0",8967:"3fa022c7",9267:"357fe94d",9464:"674dcd29",9512:"a991188b",9514:"1be78505",9692:"2c77072c",9890:"8c826f25"}[e]||e)+"."+{53:"862d22e4",74:"cebae3e6",268:"41dab7d7",507:"7848ceac",707:"05f16d16",771:"bdacdc80",811:"f64286db",1169:"ae888680",1351:"0763dc99",1365:"de5d0b80",1487:"3c7def82",1558:"d0e3f62c",1898:"3ecd00cf",2098:"1de08157",2114:"d457a0d1",2158:"48c6f914",2260:"76e984ff",2423:"4a6bd425",2439:"20b20c2d",2506:"11982042",2575:"694477a9",2593:"2e30b5d6",2598:"0bdaacd0",2608:"51751599",2822:"38f228a1",2844:"bdf3da5f",2871:"8ad3ae27",2960:"02dee544",3005:"f5623646",3085:"9c591920",3217:"7493271c",3291:"7834131c",3358:"00fa49ec",3782:"6c38b748",3843:"768cfb55",3938:"ca7af809",4024:"f2a4edc7",4042:"641218f9",4189:"826b0f33",4193:"a1086cd1",4431:"ea995613",4472:"d507f15b",4963:"63726df8",4972:"db9d8288",4998:"375b9d33",5144:"6c512bce",5322:"aa22e2bc",5367:"6caf8101",5410:"f7c823cc",5437:"8a99036f",5525:"1a6f6533",5597:"4d1fb146",5626:"7b319d26",5679:"61168aee",5680:"77af369f",5809:"9a5f7e82",5845:"ae844494",5874:"c91bc7e7",5910:"3781e0c3",5971:"e6e30379",5995:"e4df0ed9",6042:"37db6e23",6119:"4e54fc13",6482:"028314e8",6760:"ea46b094",7163:"e2db5f49",7165:"3395ef0b",7240:"3de858f9",7250:"631a4066",7356:"1ea82678",7357:"dde69632",7401:"9a9115aa",7595:"e5ce8b4a",7826:"59ce1315",7918:"7245005b",7920:"47f2376f",8249:"932687e3",8338:"bcc5d62d",8443:"5a23e88e",8447:"fbddb8f4",8500:"1a77c011",8555:"7aafd148",8583:"72ae2b8d",8676:"cefb25bc",8724:"ced83dc8",8873:"67f13935",8967:"64772e2e",9267:"5394055a",9464:"33fe9b8e",9512:"b91db63a",9514:"1971bfb9",9692:"792c4871",9890:"7f73ac8a"}[e]+".js"},n.miniCssF=function(e){},n.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),n.o=function(e,f){return Object.prototype.hasOwnProperty.call(e,f)},a={},d="docusaurus:",n.l=function(e,f,c,t){if(a[e])a[e].push(f);else{var b,r;if(void 0!==c)for(var o=document.getElementsByTagName("script"),u=0;u Behaviour | OAuth2 Proxy - +
Version: 6.1.x

Behaviour

  1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
  2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
  3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
  4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful endpoints.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/community/security/index.html b/docs/6.1.x/community/security/index.html index 2a718299..41c4c3fd 100644 --- a/docs/6.1.x/community/security/index.html +++ b/docs/6.1.x/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/configuration/oauth_provider/index.html b/docs/6.1.x/configuration/oauth_provider/index.html index 6cb136b5..329b4d64 100644 --- a/docs/6.1.x/configuration/oauth_provider/index.html +++ b/docs/6.1.x/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -45,7 +45,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/configuration/overview/index.html b/docs/6.1.x/configuration/overview/index.html index 3291fd29..3d1c37a9 100644 --- a/docs/6.1.x/configuration/overview/index.html +++ b/docs/6.1.x/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

{{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

Available variables for request logging:

VariableExampleDescription
Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
Hostdomain.comThe value of the Host header.
ProtocolHTTP/1.0The request protocol.
RequestDuration0.001The time in seconds that a request took to process.
RequestMethodGETThe request method.
RequestURI"/oauth2/auth"The URI path of the request.
ResponseSize12The size in bytes of the response.
StatusCode200The HTTP status code of the response.
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Upstream-The upstream data of the HTTP request.
UserAgent-The full user agent as reported by the requesting client.
Usernameusername@email.comThe email or username of the auth request.

Standard Log Format

All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

[19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

[{{.Timestamp}}] [{{.File}}] {{.Message}}

Available variables for standard logging:

VariableExampleDescription
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Filemain.go:40The file and line number of the logging statement.
MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

Configuring for use with the Nginx auth_request directive

The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

server {
  listen 443 ssl;
  server_name ...;
  include ssl/ssl.conf;

  location /oauth2/ {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
    # or, if you are handling multiple domains:
    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
  }
  location = /oauth2/auth {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Scheme         $scheme;
    # nginx auth_request includes headers but not body
    proxy_set_header Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --pass-access-token, this will pass the token to the backend
    auth_request_set $token  $upstream_http_x_auth_request_access_token;
    proxy_set_header X-Access-Token $token;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;

    # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
    # limit and so the OAuth2 Proxy splits these into multiple parts.
    # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
    # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
    auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

    # Extract the Cookie attributes from the first Set-Cookie header and append them
    # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
    if ($auth_cookie ~* "(; .*)") {
        set $auth_cookie_name_0 $auth_cookie;
        set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
    }

    # Send both Set-Cookie headers now if there was a second part
    if ($auth_cookie_name_upstream_1) {
        add_header Set-Cookie $auth_cookie_name_0;
        add_header Set-Cookie $auth_cookie_name_1;
    }

    proxy_pass http://backend/;
    # or "root /path/to/site;" or "fastcgi_pass ..." etc
  }
}

When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
  auth_request_set $name_upstream_1 $upstream_cookie_name_1;

  access_by_lua_block {
    if ngx.var.name_upstream_1 ~= "" then
      ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
    end
  }

It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

note

If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/configuration/session_storage/index.html b/docs/6.1.x/configuration/session_storage/index.html index 6009e21a..6cdeba42 100644 --- a/docs/6.1.x/configuration/session_storage/index.html +++ b/docs/6.1.x/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -25,7 +25,7 @@ disclosure.

Usage--redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately.

Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/configuration/tls/index.html b/docs/6.1.x/configuration/tls/index.html index 150b2b97..393941b4 100644 --- a/docs/6.1.x/configuration/tls/index.html +++ b/docs/6.1.x/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -15,7 +15,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

server {
    listen 443 default ssl;
    server_name internal.yourcompany.com;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/cert.key;
    add_header Strict-Transport-Security max-age=2592000;

    location / {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}

The command line to run oauth2-proxy in this configuration would look like this:

./oauth2-proxy \
   --email-domain="yourcompany.com"  \
   --upstream=http://127.0.0.1:8080/ \
   --cookie-secret=... \
   --cookie-secure=true \
   --provider=... \
   --reverse-proxy=true \
   --client-id=... \
   --client-secret=...
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/features/endpoints/index.html b/docs/6.1.x/features/endpoints/index.html index 3544c187..722ce58e 100644 --- a/docs/6.1.x/features/endpoints/index.html +++ b/docs/6.1.x/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
Version: 6.1.x

Endpoints

OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

  • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
  • /ping - returns a 200 OK response, which is intended for use with health checks
  • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
  • /oauth2/sign_out - this URL is used to clear the session cookie
  • /oauth2/start - a URL that will redirect to start the OAuth cycle
  • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
  • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
  • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive

Sign out

To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

GET /oauth2/sign_out HTTP/1.1
X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
...

(The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/features/request_signatures/index.html b/docs/6.1.x/features/request_signatures/index.html index 2ad9ffeb..240dabeb 100644 --- a/docs/6.1.x/features/request_signatures/index.html +++ b/docs/6.1.x/features/request_signatures/index.html @@ -4,7 +4,7 @@ Request Signatures | OAuth2 Proxy - + @@ -17,7 +17,7 @@ in oauthproxy.go.

signature_key must be of t following:

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/index.html b/docs/6.1.x/index.html index adbc7a69..7c17a1c9 100644 --- a/docs/6.1.x/index.html +++ b/docs/6.1.x/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
Version: 6.1.x

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v6.1.1)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy which will put the binary in $GOPATH/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

$ sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/6.1.x/search-index.json b/docs/6.1.x/search-index.json index 68b22dd2..1fe376fe 100644 --- a/docs/6.1.x/search-index.json +++ b/docs/6.1.x/search-index.json @@ -1 +1 @@ -[{"documents":[{"i":972,"t":"Installation","u":"/oauth2-proxy/docs/6.1.x/","b":["Docs"]},{"i":974,"t":"Behaviour","u":"/oauth2-proxy/docs/6.1.x/behaviour","b":["Docs"]},{"i":976,"t":"Security","u":"/oauth2-proxy/docs/6.1.x/community/security","b":["Docs","Community"]},{"i":982,"t":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","b":["Docs","Configuration"]},{"i":1016,"t":"Overview","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","b":["Docs","Configuration"]},{"i":1038,"t":"Session Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","b":["Docs","Configuration"]},{"i":1044,"t":"Endpoints","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","b":["Docs","Features"]},{"i":1048,"t":"Request Signatures","u":"/oauth2-proxy/docs/6.1.x/features/request_signatures","b":["Docs","Features"]},{"i":1050,"t":"TLS Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/tls","b":["Docs","Configuration"]}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/972",[0,2.222]],["t/974",[1,2.222]],["t/976",[2,2.222]],["t/982",[3,1.375,4,1.375,5,1.005]],["t/1016",[6,2.222]],["t/1038",[7,1.699,8,1.699]],["t/1044",[9,2.222]],["t/1048",[10,1.699,11,1.699]],["t/1050",[5,1.241,12,1.699]]],"invertedIndex":[["behaviour",{"_index":1,"t":{"974":{"position":[[0,9]]}}}],["configur",{"_index":5,"t":{"982":{"position":[[15,13]]},"1050":{"position":[[4,13]]}}}],["endpoint",{"_index":9,"t":{"1044":{"position":[[0,9]]}}}],["instal",{"_index":0,"t":{"972":{"position":[[0,12]]}}}],["oauth",{"_index":3,"t":{"982":{"position":[[0,5]]}}}],["overview",{"_index":6,"t":{"1016":{"position":[[0,8]]}}}],["provid",{"_index":4,"t":{"982":{"position":[[6,8]]}}}],["request",{"_index":10,"t":{"1048":{"position":[[0,7]]}}}],["secur",{"_index":2,"t":{"976":{"position":[[0,8]]}}}],["session",{"_index":7,"t":{"1038":{"position":[[0,7]]}}}],["signatur",{"_index":11,"t":{"1048":{"position":[[8,10]]}}}],["storag",{"_index":8,"t":{"1038":{"position":[[8,7]]}}}],["tl",{"_index":12,"t":{"1050":{"position":[[0,3]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":978,"t":"Security Disclosures","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#security-disclosures","p":976},{"i":980,"t":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#how-will-we-respond-to-disclosures","p":976},{"i":984,"t":"Google Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#google-auth-provider","p":982},{"i":986,"t":"Azure Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#azure-auth-provider","p":982},{"i":988,"t":"Facebook Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#facebook-auth-provider","p":982},{"i":990,"t":"GitHub Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#github-auth-provider","p":982},{"i":992,"t":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#keycloak-auth-provider","p":982},{"i":994,"t":"GitLab Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitlab-auth-provider","p":982},{"i":996,"t":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#linkedin-auth-provider","p":982},{"i":998,"t":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":982},{"i":1000,"t":"OpenID Connect Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#openid-connect-provider","p":982},{"i":1002,"t":"login.gov Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#logingov-provider","p":982},{"i":1004,"t":"Nextcloud Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#nextcloud-provider","p":982},{"i":1006,"t":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":982},{"i":1008,"t":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":982},{"i":1010,"t":"Gitea Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitea-auth-provider","p":982},{"i":1012,"t":"Email Authentication","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#email-authentication","p":982},{"i":1014,"t":"Adding a new Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#adding-a-new-provider","p":982},{"i":1018,"t":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#generating-a-cookie-secret","p":1016},{"i":1020,"t":"Config File","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#config-file","p":1016},{"i":1022,"t":"Command Line Options","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#command-line-options","p":1016},{"i":1024,"t":"Upstreams Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#upstreams-configuration","p":1016},{"i":1026,"t":"Environment variables","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#environment-variables","p":1016},{"i":1028,"t":"Logging Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#logging-configuration","p":1016},{"i":1030,"t":"Auth Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#auth-log-format","p":1016},{"i":1032,"t":"Request Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#request-log-format","p":1016},{"i":1034,"t":"Standard Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#standard-log-format","p":1016},{"i":1036,"t":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":1016},{"i":1040,"t":"Cookie Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#cookie-storage","p":1038},{"i":1042,"t":"Redis Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#redis-storage","p":1038},{"i":1046,"t":"Sign out","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","h":"#sign-out","p":1044}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/978",[0,3.428,1,2.855]],["t/980",[1,2.855,2,3.428]],["t/984",[3,2.932,4,0.98,5,0.694]],["t/986",[4,0.98,5,0.694,6,2.442]],["t/988",[4,0.98,5,0.694,7,2.932]],["t/990",[4,0.98,5,0.694,8,2.932]],["t/992",[4,0.98,5,0.694,9,2.932]],["t/994",[4,0.98,5,0.694,10,2.932]],["t/996",[4,0.98,5,0.694,11,2.932]],["t/998",[5,0.607,6,2.134,12,2.561,13,2.134]],["t/1000",[5,0.694,14,2.932,15,2.932]],["t/1002",[5,0.812,16,3.428]],["t/1004",[5,0.812,17,3.428]],["t/1006",[4,0.98,5,0.694,18,2.932]],["t/1008",[4,0.98,5,0.694,19,2.932]],["t/1010",[4,0.98,5,0.694,20,2.932]],["t/1012",[21,3.428,22,3.428]],["t/1014",[5,0.694,13,2.442,23,2.932]],["t/1018",[24,2.932,25,2.442,26,2.932]],["t/1020",[27,3.428,28,3.428]],["t/1022",[29,2.932,30,2.932,31,2.932]],["t/1024",[32,3.428,33,2.479]],["t/1026",[34,3.428,35,3.428]],["t/1028",[33,2.479,36,2.197]],["t/1030",[4,0.98,36,1.879,37,2.12]],["t/1032",[36,1.879,37,2.12,38,2.932]],["t/1034",[36,1.879,37,2.12,39,2.932]],["t/1036",[33,1.644,40,2.274,41,2.274,42,2.274,43,2.274]],["t/1040",[25,2.855,44,2.855]],["t/1042",[44,2.855,45,3.428]],["t/1046",[46,3.428,47,3.428]]],"invertedIndex":[["ad",{"_index":13,"t":{"998":{"position":[[16,2]]},"1014":{"position":[[0,6]]}}}],["auth",{"_index":4,"t":{"984":{"position":[[7,4]]},"986":{"position":[[6,4]]},"988":{"position":[[9,4]]},"990":{"position":[[7,4]]},"992":{"position":[[9,4]]},"994":{"position":[[7,4]]},"996":{"position":[[9,4]]},"1006":{"position":[[13,4]]},"1008":{"position":[[10,4]]},"1010":{"position":[[6,4]]},"1030":{"position":[[0,4]]}}}],["auth_request",{"_index":42,"t":{"1036":{"position":[[35,12]]}}}],["authent",{"_index":22,"t":{"1012":{"position":[[6,14]]}}}],["azur",{"_index":6,"t":{"986":{"position":[[0,5]]},"998":{"position":[[10,5]]}}}],["bitbucket",{"_index":19,"t":{"1008":{"position":[[0,9]]}}}],["command",{"_index":29,"t":{"1022":{"position":[[0,7]]}}}],["config",{"_index":27,"t":{"1020":{"position":[[0,6]]}}}],["configur",{"_index":33,"t":{"1024":{"position":[[10,13]]},"1028":{"position":[[8,13]]},"1036":{"position":[[0,11]]}}}],["connect",{"_index":15,"t":{"1000":{"position":[[7,7]]}}}],["cooki",{"_index":25,"t":{"1018":{"position":[[13,6]]},"1040":{"position":[[0,6]]}}}],["digitalocean",{"_index":18,"t":{"1006":{"position":[[0,12]]}}}],["direct",{"_index":43,"t":{"1036":{"position":[[48,9]]}}}],["disclosur",{"_index":1,"t":{"978":{"position":[[9,11]]},"980":{"position":[[23,12]]}}}],["email",{"_index":21,"t":{"1012":{"position":[[0,5]]}}}],["environ",{"_index":34,"t":{"1026":{"position":[[0,11]]}}}],["facebook",{"_index":7,"t":{"988":{"position":[[0,8]]}}}],["file",{"_index":28,"t":{"1020":{"position":[[7,4]]}}}],["format",{"_index":37,"t":{"1030":{"position":[[9,6]]},"1032":{"position":[[12,6]]},"1034":{"position":[[13,6]]}}}],["gener",{"_index":24,"t":{"1018":{"position":[[0,10]]}}}],["gitea",{"_index":20,"t":{"1010":{"position":[[0,5]]}}}],["github",{"_index":8,"t":{"990":{"position":[[0,6]]}}}],["gitlab",{"_index":10,"t":{"994":{"position":[[0,6]]}}}],["googl",{"_index":3,"t":{"984":{"position":[[0,6]]}}}],["keycloak",{"_index":9,"t":{"992":{"position":[[0,8]]}}}],["line",{"_index":30,"t":{"1022":{"position":[[8,4]]}}}],["linkedin",{"_index":11,"t":{"996":{"position":[[0,8]]}}}],["log",{"_index":36,"t":{"1028":{"position":[[0,7]]},"1030":{"position":[[5,3]]},"1032":{"position":[[8,3]]},"1034":{"position":[[9,3]]}}}],["login.gov",{"_index":16,"t":{"1002":{"position":[[0,9]]}}}],["microsoft",{"_index":12,"t":{"998":{"position":[[0,9]]}}}],["new",{"_index":23,"t":{"1014":{"position":[[9,3]]}}}],["nextcloud",{"_index":17,"t":{"1004":{"position":[[0,9]]}}}],["nginx",{"_index":41,"t":{"1036":{"position":[[29,5]]}}}],["openid",{"_index":14,"t":{"1000":{"position":[[0,6]]}}}],["option",{"_index":31,"t":{"1022":{"position":[[13,7]]}}}],["out",{"_index":47,"t":{"1046":{"position":[[5,3]]}}}],["provid",{"_index":5,"t":{"984":{"position":[[12,8]]},"986":{"position":[[11,8]]},"988":{"position":[[14,8]]},"990":{"position":[[12,8]]},"992":{"position":[[14,8]]},"994":{"position":[[12,8]]},"996":{"position":[[14,8]]},"998":{"position":[[19,8]]},"1000":{"position":[[15,8]]},"1002":{"position":[[10,8]]},"1004":{"position":[[10,8]]},"1006":{"position":[[18,8]]},"1008":{"position":[[15,8]]},"1010":{"position":[[11,8]]},"1014":{"position":[[13,8]]}}}],["redi",{"_index":45,"t":{"1042":{"position":[[0,5]]}}}],["request",{"_index":38,"t":{"1032":{"position":[[0,7]]}}}],["respond",{"_index":2,"t":{"980":{"position":[[12,7]]}}}],["secret",{"_index":26,"t":{"1018":{"position":[[20,6]]}}}],["secur",{"_index":0,"t":{"978":{"position":[[0,8]]}}}],["sign",{"_index":46,"t":{"1046":{"position":[[0,4]]}}}],["standard",{"_index":39,"t":{"1034":{"position":[[0,8]]}}}],["storag",{"_index":44,"t":{"1040":{"position":[[7,7]]},"1042":{"position":[[6,7]]}}}],["upstream",{"_index":32,"t":{"1024":{"position":[[0,9]]}}}],["us",{"_index":40,"t":{"1036":{"position":[[16,3]]}}}],["variabl",{"_index":35,"t":{"1026":{"position":[[12,9]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":973,"t":"Choose how to deploy: a. Download Prebuilt Binary (current release is v6.1.1) b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy which will put the binary in $GOPATH/bin c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available) Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. $ sha256sum -c sha256sum.txt 2>&1 | grep OKoauth2-proxy-x.y.z.linux-amd64: OK Select a Provider and Register an OAuth Application with a Provider Configure OAuth2 Proxy using config file, command line options, or environment variables Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)","s":"Installation","u":"/oauth2-proxy/docs/6.1.x/","h":"","p":972},{"i":975,"t":"Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens). If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned) After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) Notice that the proxy also provides a number of useful endpoints.","s":"Behaviour","u":"/oauth2-proxy/docs/6.1.x/behaviour","h":"","p":974},{"i":977,"t":"note OAuth2 Proxy is a community project. Maintainers do not work on this project full time, and as such, while we endeavour to respond to disclosures as quickly as possible, this may take longer than in projects with corporate sponsorship.","s":"Security","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"","p":976},{"i":979,"t":"info If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly. Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintenance team for OAuth2 Proxy, please compose an email and send it to the list of maintainers in our MAINTAINERS file. Please include as much detail as possible. Ideally, your disclosure should include: A reproducible case that can be used to demonstrate the exploit How you discovered this vulnerability A potential fix for the issue (if you have thought of one) Versions affected (if not present in master) Your GitHub ID","s":"Security Disclosures","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#security-disclosures","p":976},{"i":981,"t":"We use GitHub Security Advisories to privately discuss fixes for disclosed vulnerabilities. If you include a GitHub ID with your disclosure we will add you as a collaborator for the advisory so that you can join the discussion and validate any fixes we may propose. For minor issues and previously disclosed vulnerabilities (typically for dependencies), we may use regular PRs for fixes and forego the security advisory. Once a fix has been agreed upon, we will merge the fix and create a new release. If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.","s":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#how-will-we-respond-to-disclosures","p":976},{"i":983,"t":"You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on. Valid providers are : Google default Azure Facebook GitHub Keycloak GitLab LinkedIn Microsoft Azure AD OpenID Connect login.gov Nextcloud DigitalOcean Bitbucket Gitea The provider can be selected using the provider configuration value. Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.","s":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"","p":982},{"i":985,"t":"For Google, the registration steps are: Create a new project: https://console.developers.google.com/project Choose the new project from the top right project dropdown (only if another project is selected) In the project Dashboard center pane, choose \"API Manager\" In the left Nav pane, choose \"Credentials\" In the center pane, choose \"OAuth consent screen\" tab. Fill in \"Product name shown to users\" and hit save. In the center pane, choose \"Credentials\" tab. Open the \"New credentials\" drop down Choose \"OAuth client ID\" Choose \"Web application\" Application name is freeform, choose something appropriate Authorized JavaScript origins is your domain ex: https://internal.yourcompany.com Authorized redirect URIs is the location of oauth2/callback ex: https://internal.yourcompany.com/oauth2/callback Choose \"Create\" Take note of the Client ID and Client Secret It's recommended to refresh sessions on a short interval (1h) with cookie-refresh setting which validates that the account is still authorized. Restrict auth to specific Google groups on your domain. (optional)​ Create a service account: https://developers.google.com/identity/protocols/OAuth2ServiceAccount and make sure to download the json file. Make note of the Client ID for a future step. Under \"APIs & Auth\", choose APIs. Click on Admin SDK and then Enable API. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. Create or choose an existing administrative email address on the Gmail domain to assign to the google-admin-email flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. Create or choose an existing email group and set that email to the google-group flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the google-service-account-json flag. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).","s":"Google Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#google-auth-provider","p":982},{"i":987,"t":"Add an application: go to https://portal.azure.com, choose \"Azure Active Directory\" in the left menu, select \"App registrations\" and then click on \"New app registration\". Pick a name and choose \"Webapp / API\" as application type. Use https://internal.yourcompany.com as Sign-on URL. Click \"Create\". On the \"Settings\" / \"Properties\" page of the app, pick a logo and select \"Multi-tenanted\" if you want to allow users from multiple organizations to access your app. Note down the application ID. Click \"Save\". On the \"Settings\" / \"Required Permissions\" page of the app, click on \"Windows Azure Active Directory\" and then on \"Access the directory as the signed in user\". Hit \"Save\" and then then on \"Grant permissions\" (you might need another admin to do this). On the \"Settings\" / \"Reply URLs\" page of the app, add https://internal.yourcompanycom/oauth2/callback for each host that you want to protect by the oauth2 proxy. Click \"Save\". On the \"Settings\" / \"Keys\" page of the app, add a new key and note down the value after hitting \"Save\". Configure the proxy with --provider=azure --client-id= --client-secret= Note: When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"Azure Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#azure-auth-provider","p":982},{"i":989,"t":"Create a new FB App from https://developers.facebook.com/ Under FB Login, set your Valid OAuth redirect URIs to https://internal.yourcompany.com/oauth2/callback","s":"Facebook Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#facebook-auth-provider","p":982},{"i":991,"t":"Create a new project: https://github.com/settings/developers Under Authorization callback URL enter the correct url ie https://internal.yourcompany.com/oauth2/callback The GitHub auth provider supports two additional ways to restrict authentication to either organization and optional team level access, or to collaborators of a repository. Restricting by these options is normally accompanied with --email-domain=* NOTE: When --github-user is set, the specified users are allowed to login even if they do not belong to the specified org and team or collaborators. To restrict by organization only, include the following flag: -github-org=\"\": restrict logins to members of this organisation To restrict within an organization to specific teams, include the following flag in addition to -github-org: -github-team=\"\": restrict logins to members of any of these teams (slug), separated by a comma If you would rather restrict access to collaborators of a repository, those users must either have push access to a public repository or any access to a private repository: -github-repo=\"\": restrict logins to collaborators of this repository formatted as orgname/repo If you'd like to allow access to users with read only access to a public repository you will need to provide a token for a user that has write access to the repository. The token must be created with at least the public_repo scope: -github-token=\"\": the token to use when verifying repository collaborators To allow a user to login with their username even if they do not belong to the specified org and team or collaborators, separated by a comma -github-user=\"\": allow logins by username, separated by a comma If you are using GitHub enterprise, make sure you set the following to the appropriate url: -login-url=\"http(s):///login/oauth/authorize\"-redeem-url=\"http(s):///login/oauth/access_token\"-validate-url=\"http(s):///api/v3\"","s":"GitHub Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#github-auth-provider","p":982},{"i":993,"t":"Create new client in your Keycloak with Access Type 'confidental' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Make sure you set the following to the appropriate url: -provider=keycloak-client-id=-client-secret=-login-url=\"http(s):///realms//protocol/openid-connect/auth\"-redeem-url=\"http(s):///realms//protocol/openid-connect/token\"-validate-url=\"http(s):///realms//protocol/openid-connect/userinfo\"-keycloak-group= The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.","s":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#keycloak-auth-provider","p":982},{"i":995,"t":"Whether you are using GitLab.com or self-hosting GitLab, follow these steps to add an application. Make sure to enable at least the openid, profile and email scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow these steps --provider=\"gitlab\" --redirect-url=\"https://myapp.com/oauth2/callback\" // Should be the same as the redirect url for the application in gitlab --client-id=GITLAB_CLIENT_ID --client-secret=GITLAB_CLIENT_SECRET --cookie-secret=COOKIE_SECRET Restricting by group membership is possible with the following option: --gitlab-group=\"mygroup,myothergroup\": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: --oidc-issuer-url=\"\"","s":"GitLab Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitlab-auth-provider","p":982},{"i":997,"t":"For LinkedIn, the registration steps are: Create a new project: https://www.linkedin.com/secure/developer In the OAuth User Agreement section: In default scope, select r_basicprofile and r_emailaddress. In \"OAuth 2.0 Redirect URLs\", enter https://internal.yourcompany.com/oauth2/callback Fill in the remaining required fields and Save. Take note of the Consumer Key / API Key and Consumer Secret / Secret Key","s":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#linkedin-auth-provider","p":982},{"i":999,"t":"For adding an application to the Microsoft Azure AD follow these steps to add an application. Take note of your TenantId if applicable for your situation. The TenantId can be used to override the default common authorization server with a tenant specific server.","s":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":982},{"i":1001,"t":"OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. Launch a Dex instance using the getting started guide. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. Login with the fixture use in the dex guide and run the oauth2-proxy with the following args: -provider oidc -provider-display-name \"My OIDC Provider\" -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -cookie-secure=false -email-domain example.com The OpenID Connect Provider (OIDC) can also be used to connect to other Identity Providers such as Okta. To configure the OIDC provider for Okta, perform the following steps: Configuring the OIDC Provider with Okta​ Log in to Okta using an administrative account. It is suggested you try this in preview first, example.oktapreview.com (OPTIONAL) If you want to configure authorization scopes and claims to be passed on to multiple applications, you may wish to configure an authorization server for each application. Otherwise, the provided default will work. Navigate to Security then select API Click Add Authorization Server, if this option is not available you may require an additional license for a custom authorization server. Fill out the Name with something to describe the application you are protecting. e.g. 'Example App'. For Audience, pick the URL of the application you wish to protect: https://example.corp.com Fill out a Description Add any Access Policies you wish to configure to limit application access. The default settings will work for other options. See Okta documentation for more information on Authorization Servers Navigate to Applications then select Add Application. Select Web for the Platform setting. Select OpenID Connect and click Create Pick an Application Name such as Example App. Set the Login redirect URI to https://example.corp.com. Under General set the Allowed grant types to Authorization Code and Refresh Token. Leave the rest as default, taking note of the Client ID and Client Secret. Under Assignments select the users or groups you wish to access your application. Create a configuration file like the following: provider = \"oidc\"redirect_url = \"https://example.corp.com/oauth2/callback\"oidc_issuer_url = \"https://corp.okta.com/oauth2/abCd1234\"upstreams = [ \"https://example.corp.com\"]email_domains = [ \"corp.com\"]client_id = \"XXXXX\"client_secret = \"YYYYY\"pass_access_token = truecookie_secret = \"ZZZZZ\"skip_provider_button = true The oidc_issuer_url is based on URL from your Authorization Server's Issuer field in step 2, or simply https://corp.okta.com The client_id and client_secret are configured in the application settings. Generate a unique client_secret to encrypt the cookie. Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/example.cfg Configuring the OIDC Provider with Okta - localhost​ Signup for developer account: https://developer.okta.com/signup/ Create New Web Application: https://${your-okta-domain}/dev/console/apps/new Example Application Settings for localhost: Name: My Web App Base URIs: http://localhost:4180/ Login redirect URIs: http://localhost:4180/oauth2/callback Logout redirect URIs: http://localhost:4180/ Group assignments: Everyone Grant type allowed: Authorization Code and Refresh Token Make note of the Client ID and Client secret, they are needed in a future step Make note of the default Authorization Server Issuer URI from: https://${your-okta-domain}/admin/oauth2/as Example config file /etc/localhost.cfg provider = \"oidc\"redirect_url = \"http://localhost:4180/oauth2/callback\"oidc_issuer_url = \"https://${your-okta-domain}/oauth2/default\"upstreams = [ \"http://0.0.0.0:8080\"]email_domains = [ \"*\"]client_id = \"XXX\"client_secret = \"YYY\"pass_access_token = truecookie_secret = \"ZZZ\"cookie_secure = falseskip_provider_button = true# Note: use the following for testing within a container# http_address = \"0.0.0.0:4180\" Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/localhost.cfg","s":"OpenID Connect Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#openid-connect-provider","p":982},{"i":1003,"t":"login.gov is an OIDC provider for the US Government. If you are a US Government agency, you can contact the login.gov team through the contact information that you can find on https://login.gov/developers/ and work with them to understand how to get login.gov accounts for integration/test and production access. A developer guide is available here: https://developers.login.gov/, though this proxy handles everything but the data you need to create to register your application in the login.gov dashboard. As a demo, we will assume that you are running your application that you want to secure locally on http://localhost:3000/, that you will be starting your proxy up on http://localhost:4180/, and that you have an agency integration account for testing. First, register your application in the dashboard. The important bits are: Identity protocol: make this Openid connect Issuer: do what they say for OpenID Connect. We will refer to this string as ${LOGINGOV_ISSUER}. Public key: This is a self-signed certificate in .pem format generated from a 2048 bit RSA private key. A quick way to do this is openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/C=US/ST=Washington/L=DC/O=GSA/OU=18F/CN=localhost', The contents of the key.pem shall be referred to as ${OAUTH2_PROXY_JWT_KEY}. Return to App URL: Make this be http://localhost:4180/ Redirect URIs: Make this be http://localhost:4180/oauth2/callback. Attribute Bundle: Make sure that email is selected. Now start the proxy up with the following options: ./oauth2-proxy -provider login.gov \\ -client-id=${LOGINGOV_ISSUER} \\ -redirect-url=http://localhost:4180/oauth2/callback \\ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \\ -cookie-secure=false \\ -email-domain=gsa.gov \\ -upstream=http://localhost:3000/ \\ -cookie-secret=somerandomstring12341234567890AB \\ -cookie-domain=localhost \\ -skip-provider-button=true \\ -pubjwk-url=https://idp.int.identitysandbox.gov/api/openid_connect/certs \\ -profile-url=https://idp.int.identitysandbox.gov/api/openid_connect/userinfo \\ -jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\" You can also set all these options with environment variables, for use in cloud/docker environments. One tricky thing that you may encounter is that some cloud environments will pass in environment variables in a docker env-file, which does not allow multiline variables like a PEM file. If you encounter this, then you can create a jwt_signing_key.pem file in the top level directory of the repo which contains the key in PEM format and then do your docker build. The docker build process will copy that file into your image which you can then access by setting the OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem environment variable, or by setting --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem on the commandline. Once it is running, you should be able to go to http://localhost:4180/ in your browser, get authenticated by the login.gov integration server, and then get proxied on to your application running on http://localhost:3000/. In a real deployment, you would secure your application with a firewall or something so that it was only accessible from the proxy, and you would use real hostnames everywhere. Skip OIDC discovery​ Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the --skip-oidc-discovery option, and supply those required endpoints manually: -provider oidc -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -skip-oidc-discovery -login-url http://127.0.0.1:5556/authorize -redeem-url http://127.0.0.1:5556/token -oidc-jwks-url http://127.0.0.1:5556/keys -cookie-secure=false -email-domain example.com","s":"login.gov Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#logingov-provider","p":982},{"i":1005,"t":"The Nextcloud provider allows you to authenticate against users in your Nextcloud instance. When you are using the Nextcloud provider, you must specify the urls via configuration, environment variable, or command line argument. Depending on whether your Nextcloud instance is using pretty urls your urls may be of the form /index.php/apps/oauth2/* or /apps/oauth2/*. Refer to the OAuth2 documentation to setup the client id and client secret. Your \"Redirection URI\" will be https://internalapp.yourcompany.com/oauth2/callback. -provider nextcloud -client-id -client-secret -login-url=\"/index.php/apps/oauth2/authorize\" -redeem-url=\"/index.php/apps/oauth2/api/v1/token\" -validate-url=\"/ocs/v2.php/cloud/user?format=json\" Note: in all cases the validate-url will not have the index.php.","s":"Nextcloud Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#nextcloud-provider","p":982},{"i":1007,"t":"Create a new OAuth application You can fill in the name, homepage, and description however you wish. In the \"Application callback URL\" field, enter: https://oauth-proxy/oauth2/callback, substituting oauth2-proxy with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=digitalocean --client-id= --client-secret= Alternatively, set the equivalent options in the config file. The redirect URL defaults to https:///oauth2/callback. If you need to change it, you can use the --redirect-url command-line option.","s":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":982},{"i":1009,"t":"Add a new OAuth consumer In \"Callback URL\" use https:///oauth2/callback, substituting with the actual hostname that oauth2-proxy is running on. In Permissions section select: Account -> Email Team membership -> Read Repositories -> Read Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=bitbucket --client-id= --client-secret= The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: --bitbucket-team=. To restrict the access to only these users who has access to one selected repository use --bitbucket-repository=.","s":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":982},{"i":1011,"t":"Create a new application: https://< your gitea host >/user/settings/applications Under Redirect URI enter the correct URL i.e. https:///oauth2/callback Note the Client ID and Client Secret. Pass the following options to the proxy: --provider=\"github\" --redirect-url=\"https:///oauth2/callback\" --provider-display-name=\"Gitea\" --client-id=\"< client_id as generated by Gitea >\" --client-secret=\"< client_secret as generated by Gitea >\" --login-url=\"https://< your gitea host >/login/oauth/authorize\" --redeem-url=\"https://< your gitea host >/login/oauth/access_token\" --validate-url=\"https://< your gitea host >/api/v1\"","s":"Gitea Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitea-auth-provider","p":982},{"i":1013,"t":"To authorize by email domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.","s":"Email Authentication","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#email-authentication","p":982},{"i":1015,"t":"Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.","s":"Adding a new Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#adding-a-new-provider","p":982},{"i":1017,"t":"oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).","s":"Overview","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"","p":1016},{"i":1019,"t":"To generate a strong cookie secret use one of the below commands: Python Bash OpenSSL PowerShell Terraform python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\\n' | tr -- '+/' '-_'; echo openssl rand -base64 32 | tr -- '+/' '-_' # Add System.Web assembly to session, just in caseAdd-Type -AssemblyName System.Web[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace(\"+\",\"-\").Replace(\"/\",\"_\") # Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secretresource \"random_password\" \"cookie_secret\" { length = 32 override_special = \"-_\"}","s":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#generating-a-cookie-secret","p":1016},{"i":1021,"t":"Every command line argument can be specified in a config file by replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the config option should be plural (trailing s). An example oauth2-proxy.cfg config file is in the contrib directory. It can be used by specifying --config=/etc/oauth2-proxy.cfg","s":"Config File","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#config-file","p":1016},{"i":1023,"t":"Option Type Description Default --acr-values string optional, see docs \"\" --approval-prompt string OAuth approval_prompt \"force\" --auth-logging bool Log authentication attempts true --auth-logging-format string Template for authentication log lines see Logging Configuration --authenticated-emails-file string authenticate against emails via file (one per line) --azure-tenant string go to a tenant-specific or common (tenant-independent) endpoint. \"common\" --basic-auth-password string the password to set when passing the HTTP Basic Auth header --client-id string the OAuth Client ID, e.g. \"123456.apps.googleusercontent.com\" --client-secret string the OAuth Client Secret --client-secret-file string the file with OAuth Client Secret --config string path to config file --cookie-domain string | list Optional cookie domains to force cookies to (e.g. .yourcompany.com). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). --cookie-expire duration expire timeframe for cookie 168h0m0s --cookie-httponly bool set HttpOnly cookie flag true --cookie-name string the name of the cookie that the oauth_proxy creates. Should be changed to use a cookie prefix (__Host- or __Secure-) if --cookie-secure is set. \"_oauth2_proxy\" --cookie-path string an optional cookie path to force cookies to (e.g. /poc/) \"/\" --cookie-refresh duration refresh the cookie after this duration; 0 to disable; not supported by all providers [1] --cookie-secret string the seed string for secure cookies (optionally base64 encoded) --cookie-secure bool set secure (HTTPS only) cookie flag true --cookie-samesite string set SameSite cookie attribute (\"lax\", \"strict\", \"none\", or \"\"). \"\" --custom-templates-dir string path to custom html templates --display-htpasswd-form bool display username / password login form if an htpasswd file is provided true --email-domain string | list authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email --errors-to-info-log bool redirects error-level logging to default log channel instead of stderr false --extra-jwt-issuers string if --skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience (see a token's iss, aud fields) pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json) --exclude-logging-path string comma separated list of paths to exclude from logging, e.g. \"/ping,/path2\" \"\" (no paths excluded) --flush-interval duration period between flushing response buffers when streaming responses \"1s\" --force-https bool enforce https redirect false --banner string custom (html) banner string. Use \"-\" to disable default banner. --footer string custom (html) footer string. Use \"-\" to disable default footer. --gcp-healthchecks bool will enable /liveness_check, /readiness_check, and / (with the proper user-agent) endpoints that will make it work well with GCP App Engine and GKE Ingresses false --github-org string restrict logins to members of this organisation --github-team string restrict logins to members of any of these teams (slug), separated by a comma --github-repo string restrict logins to collaborators of this repository formatted as orgname/repo --github-token string the token to use when verifying repository collaborators (must have push access to the repository) --github-user string | list To allow users to login by username even if they do not belong to the specified org and team or collaborators --gitlab-group string | list restrict logins to members of any of these groups (slug), separated by a comma --google-admin-email string the google admin to impersonate for api calls --google-group string restrict logins to members of this google group (may be given multiple times). --google-service-account-json string the path to the service account json credentials --htpasswd-file string additionally authenticate against a htpasswd file. Entries must be created with htpasswd -s for SHA encryption --http-address string [http://]: or unix:// to listen on for HTTP clients \"127.0.0.1:4180\" --https-address string : to listen on for HTTPS clients \":443\" --logging-compress bool Should rotated log files be compressed using gzip false --logging-filename string File to log requests to, empty for stdout \"\" (stdout) --logging-local-time bool Use local time in log files and backup filenames instead of UTC true (local time) --logging-max-age int Maximum number of days to retain old log files 7 --logging-max-backups int Maximum number of old log files to retain; 0 to disable 0 --logging-max-size int Maximum size in megabytes of the log file before rotation 100 --jwt-key string private key in PEM format used to sign JWT, so that you can say something like --jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\": required by login.gov --jwt-key-file string path to the private key file in PEM format used to sign the JWT so that you can say something like --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov --login-url string Authentication endpoint --insecure-oidc-allow-unverified-email bool don't fail if an email address in an id_token is not verified false --insecure-oidc-skip-issuer-verification bool allow the OIDC issuer URL to differ from the expected (currently required for Azure multi-tenant compatibility) false --oidc-issuer-url string the OpenID Connect issuer URL, e.g. \"https://accounts.google.com\" --oidc-jwks-url string OIDC JWKS URI for token verification; required if OIDC discovery is disabled --pass-access-token bool pass OAuth access_token to upstream via X-Forwarded-Access-Token header. When used with --set-xauthrequest this adds the X-Auth-Request-Access-Token header to the response false --pass-authorization-header bool pass OIDC IDToken to upstream via Authorization Bearer header false --pass-basic-auth bool pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --prefer-email-to-user bool Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, e.g. htaccess authentication. Used in conjunction with --pass-basic-auth and --pass-user-headers false --pass-host-header bool pass the request Host Header to upstream true --pass-user-headers bool pass X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --profile-url string Profile access endpoint --prompt string OIDC prompt; if present, approval-prompt is ignored \"\" --provider string OAuth provider google --provider-ca-file string | list Paths to CA certificates that should be used when connecting to the provider. If not specified, the default Go trust sources are used instead. --provider-display-name string Override the provider's name with the given string; used for the sign-in page (depends on provider) --ping-path string the ping endpoint that can be used for basic health checks \"/ping\" --ping-user-agent string a User-Agent that can be used for basic health checks \"\" (don't check user agent) --proxy-prefix string the url root path that this proxy should be nested under (e.g. //sign_in) \"/oauth2\" --proxy-websockets bool enables WebSocket proxying true --pubjwk-url string JWK pubkey access endpoint: required by login.gov --real-client-ip-header string Header used to determine the real IP of the client, requires --reverse-proxy to be set (one of: X-Forwarded-For, X-Real-IP, or X-ProxyUser-IP) X-Real-IP --redeem-url string Token redemption endpoint --redirect-url string the OAuth Redirect URL, e.g. \"https://internalapp.yourcompany.com/oauth2/callback\" --redis-cluster-connection-urls string | list List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster --redis-connection-url string URL of redis server for redis session storage (e.g. redis://HOST[:PORT]) --redis-password string Redis password. Applicable for all Redis configurations. Will override any password set in --redis-connection-url --redis-sentinel-password string Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use --redis-password --redis-sentinel-master-name string Redis sentinel master name. Used in conjunction with --redis-use-sentinel --redis-sentinel-connection-urls string | list List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel --redis-use-cluster bool Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature false --redis-use-sentinel bool Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature false --request-logging bool Log requests true --request-logging-format string Template for request log lines see Logging Configuration --resource string The resource that is protected (Azure AD only) --reverse-proxy bool are we running behind a reverse proxy, controls whether headers like X-Real-IP are accepted false --scope string OAuth scope specification --session-cookie-minimal bool strip OAuth tokens from cookie session stores if they aren't needed (cookie session store only) false --session-store-type string Session data storage backend; redis or cookie cookie --set-xauthrequest bool set X-Auth-Request-User, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode). When used with --pass-access-token, X-Auth-Request-Access-Token is added to response headers. false --set-authorization-header bool set Authorization Bearer response header (useful in Nginx auth_request mode) false --set-basic-auth bool set HTTP Basic Auth information in response (useful in Nginx auth_request mode) false --signature-key string GAP-Signature request signature key (algorithm:secretkey) --silence-ping-logging bool disable logging of requests to ping endpoint false --skip-auth-preflight bool will skip authentication for OPTIONS requests false --skip-auth-regex string bypass authentication for requests paths that match (may be given multiple times) --skip-auth-strip-headers bool strips X-Forwarded-* style authentication headers & Authorization header if they would be set by oauth2-proxy for request paths in --skip-auth-regex false --skip-jwt-bearer-tokens bool will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers) false --skip-oidc-discovery bool bypass OIDC endpoint discovery. --login-url, --redeem-url and --oidc-jwks-url must be configured in this case false --skip-provider-button bool will skip sign-in-page to directly reach the next step: oauth/start false --ssl-insecure-skip-verify bool skip validation of certificates presented when using HTTPS providers false --ssl-upstream-insecure-skip-verify bool skip validation of certificates presented when using HTTPS upstreams false --standard-logging bool Log standard runtime information true --standard-logging-format string Template for standard log lines see Logging Configuration --tls-cert-file string path to certificate file --tls-key-file string path to private key file --upstream string | list the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path --user-id-claim string which claim contains the user ID [\"email\"] --validate-url string Access token validation endpoint --version n/a print version string --whitelist-domain string | list allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (e.g. .example.com) [2] --trusted-ip string | list list of IPs or CIDR ranges to allow to bypass authentication (may be given multiple times). When combined with --reverse-proxy and optionally --real-client-ip-header this will evaluate the trust of the IP stored in an HTTP header by a reverse proxy rather than the layer-3/4 remote address. WARNING: trusting IPs has inherent security flaws, especially when obtaining the IP address from an HTTP header (reverse-proxy mode). Use this option only if you understand the risks and how to manage them. [1]: Only these providers support --cookie-refresh: GitLab, Google and OIDC [2]: When using the whitelist-domain option, any domain prefixed with a . will allow any subdomain of the specified domain as a valid redirect URL. By default, only empty ports are allowed. This translates to allowing the default port of the URL's protocol (80 for HTTP, 443 for HTTPS, etc.) since browsers omit them. To allow only a specific port, add it to the whitelisted domain: example.com:8080. To allow any port, use *: example.com:*. See below for provider specific options","s":"Command Line Options","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#command-line-options","p":1016},{"i":1025,"t":"oauth2-proxy supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as http://127.0.0.1:8080/ for the upstream parameter. This will forward all authenticated requests to the upstream server. If you instead provide http://127.0.0.1:8080/some/path/ then it will only be requests that start with /some/path/ which are forwarded to the upstream. Static file paths are configured as a file:// URL. file:///var/www/static/ will serve the files from that directory at http://[oauth2-proxy url]/var/www/static/, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at, e.g. file:///var/www/static/#/static/ will make /var/www/static/ available at http://[oauth2-proxy url]/static/. Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file. When multiple upstreams are used routing to them will be based on the path they are set up with.","s":"Upstreams Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#upstreams-configuration","p":1016},{"i":1027,"t":"Every command line argument can be specified as an environment variable by prefixing it with OAUTH2_PROXY_, capitalising it, and replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the environment variable should be plural (trailing S). This is particularly useful for storing secrets outside of a configuration file or the command line. For example, the --cookie-secret flag becomes OAUTH2_PROXY_COOKIE_SECRET, and the --email-domain flag becomes OAUTH2_PROXY_EMAIL_DOMAINS.","s":"Environment variables","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#environment-variables","p":1016},{"i":1029,"t":"By default, OAuth2 Proxy logs all output to stdout. Logging can be configured to output to a rotating log file using the --logging-filename command. If logging to a file you can also configure the maximum file size (--logging-max-size), age (--logging-max-age), max backup logs (--logging-max-backups), and if backup logs should be compressed (--logging-compress). There are three different types of logging: standard, authentication, and HTTP requests. These can each be enabled or disabled with --standard-logging, --auth-logging, and --request-logging. Each type of logging has its own configurable format and variables. By default these formats are similar to the Apache Combined Log. Logging of requests to the /ping endpoint (or using --ping-user-agent) can be disabled with --silence-ping-logging reducing log volume. This flag appends the --ping-path to --exclude-logging-paths.","s":"Logging Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#logging-configuration","p":1016},{"i":1031,"t":"Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: - [19/Mar/2015:17:20:19 -0400] [] The status block will contain one of the below strings: AuthSuccess If a user has authenticated successfully by any method AuthFailure If the user failed to authenticate explicitly AuthError If there was an unexpected error during authentication If you require a different format than that, you can configure it with the --auth-logging-format flag. The default format is configured as follows: {{.Client}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}} Available variables for auth logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestMethod GET The request method. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request. Status AuthSuccess The status of the auth request. See above for details. Message Authenticated via OAuth2 The details of the auth attempt.","s":"Auth Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#auth-log-format","p":1016},{"i":1033,"t":"HTTP request logs will output by default in the below format: - [19/Mar/2015:17:20:19 -0400] GET \"/path/\" HTTP/1.1 \"\" If you require a different format than that, you can configure it with the --request-logging-format flag. The default format is configured as follows: {{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}} Available variables for request logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestDuration 0.001 The time in seconds that a request took to process. RequestMethod GET The request method. RequestURI \"/oauth2/auth\" The URI path of the request. ResponseSize 12 The size in bytes of the response. StatusCode 200 The HTTP status code of the response. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. Upstream - The upstream data of the HTTP request. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request.","s":"Request Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#request-log-format","p":1016},{"i":1035,"t":"All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below: [19/Mar/2015:17:20:19 -0400] [main.go:40] If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows: [{{.Timestamp}}] [{{.File}}] {{.Message}} Available variables for standard logging: Variable Example Description Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. File main.go:40 The file and line number of the logging statement. Message HTTP: listening on 127.0.0.1:4180 The details of the log statement.","s":"Standard Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#standard-log-format","p":1016},{"i":1037,"t":"The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: server { listen 443 ssl; server_name ...; include ssl/ssl.conf; location /oauth2/ { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; # or, if you are handling multiple domains: # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # nginx auth_request includes headers but not body proxy_set_header Content-Length \"\"; proxy_pass_request_body off; } location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; # pass information via X-User and X-Email headers to backend, # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; # if you enabled --pass-access-token, this will pass the token to the backend auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb # limit and so the OAuth2 Proxy splits these into multiple parts. # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; # Extract the Cookie attributes from the first Set-Cookie header and append them # to the second part ($upstream_cookie_* variables only contain the raw cookie content) if ($auth_cookie ~* \"(; .*)\") { set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_1 \"auth_cookie_name_1=$auth_cookie_name_upstream_1$1\"; } # Send both Set-Cookie headers now if there was a second part if ($auth_cookie_name_upstream_1) { add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_1; } proxy_pass http://backend/; # or \"root /path/to/site;\" or \"fastcgi_pass ...\" etc }} When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module. nginx.ingress.kubernetes.io/auth-response-headers: Authorizationnginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uringinx.ingress.kubernetes.io/auth-url: https://$host/oauth2/authnginx.ingress.kubernetes.io/configuration-snippet: | auth_request_set $name_upstream_1 $upstream_cookie_name_1; access_by_lua_block { if ngx.var.name_upstream_1 ~= \"\" then ngx.header[\"Set-Cookie\"] = \"name_1=\" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match(\"(; .*)\") end } It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure). You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be \"$upstream_cookie__oauth2_proxy_1\" instead of \"$upstream_cookie_name_1\" and the new cookie-name should be \"_oauth2_proxy_1=\" instead of \"name_1=\". note If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.","s":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":1016},{"i":1039,"t":"Sessions allow a user's authentication to be tracked between multiple HTTP requests to a service. The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type): cookie (default) redis","s":"Session Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"","p":1038},{"i":1041,"t":"The Cookie storage backend is the default backend implementation and has been used in the OAuth2 Proxy historically. With the Cookie storage backend, all session information is stored in client side cookies and transferred with each and every request. The following should be known when using this implementation: Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless Cookies are signed server side to prevent modification client-side It is mandatory to set a cookie-secret which will ensure data is encrypted within the cookie data. Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate","s":"Cookie Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#cookie-storage","p":1038},{"i":1043,"t":"The Redis Storage backend stores sessions, encrypted, in redis. Instead sending all the information back the client for storage, as in the Cookie storage, a ticket is sent back to the user as the cookie value instead. A ticket is composed as the following: {CookieName}-{ticketID}.{secret} Where: The CookieName is the OAuth2 cookie name (_oauth2_proxy by default) The ticketID is a 128 bit random number, hex-encoded The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session. The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from disclosure. Usage​ When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number]. You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately. Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately. Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.","s":"Redis Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#redis-storage","p":1038},{"i":1045,"t":"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable. /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info /ping - returns a 200 OK response, which is intended for use with health checks /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) /oauth2/sign_out - this URL is used to clear the session cookie /oauth2/start - a URL that will redirect to start the OAuth cycle /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. /oauth2/userinfo - the URL is used to return user's email from the session in JSON format. /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive","s":"Endpoints","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","h":"","p":1044},{"i":1047,"t":"To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!): /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page Alternatively, include the redirect URL in the X-Auth-Request-Redirect header: GET /oauth2/sign_out HTTP/1.1X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page... (The \"sign_out_page\" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.","s":"Sign out","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","h":"#sign-out","p":1044},{"i":1049,"t":"If signature_key is defined, proxied requests will be signed with the GAP-Signature header, which is a Hash-based Message Authentication Code (HMAC) of selected request information and the request body see SIGNATURE_HEADERS in oauthproxy.go. signature_key must be of the form algorithm:secretkey, (ie: signature_key = \"sha1:secret0\") For more information about HMAC request signature validation, read the following: Amazon Web Services: Signing and Authenticating REST Requests rc3.org: Using HMAC to authenticate Web service requests","s":"Request Signatures","u":"/oauth2-proxy/docs/6.1.x/features/request_signatures","h":"","p":1048},{"i":1051,"t":"There are two recommended configurations. Configure SSL Termination with OAuth2 Proxy by providing a --tls-cert-file=/path/to/cert.pem and --tls-key-file=/path/to/cert.key. The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --tls-cert-file=/path/to/cert.pem \\ --tls-key-file=/path/to/cert.key \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --client-id=... \\ --client-secret=... Configure SSL Termination with Nginx (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... Because oauth2-proxy listens on 127.0.0.1:4180 by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use --http-address=\"0.0.0.0:4180\" or --http-address=\"http://:4180\". Nginx will listen on port 443 and handle SSL connections while proxying to oauth2-proxy on port 4180. oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/. An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS: server { listen 443 default ssl; server_name internal.yourcompany.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/cert.key; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_connect_timeout 1; proxy_send_timeout 30; proxy_read_timeout 30; }} The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --reverse-proxy=true \\ --client-id=... \\ --client-secret=...","s":"TLS Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/tls","h":"","p":1050}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/973",[0,2.909,1,4.302,2,3.307,3,5.655,4,5.655,5,2.909,6,4.302,7,3.91,8,3.91,9,3.307,10,1.103,11,2.612,12,3.91,13,5.087,14,0.86,15,3.91,16,3.91,17,4.302,18,0.311,19,3.307,20,3.307,21,3.91,22,5.087,23,3.91,24,3.91,25,3.91,26,1.729,27,1.404,28,3.307,29,1.777,30,2.909,31,2.375,32,5.087,33,3.91,34,1.441,35,2.375,36,2.375,37,2.909,38,3.91,39,3.91,40,3.91,41,3.91,42,3.91,43,3.91,44,3.307,45,1.729,46,2.909,47,1.404,48,1.313,49,0.993,50,0.561,51,1.503,52,1.61,53,1.61,54,1.15,55,2.375,56,1.503,57,3.398,58,3.307,59,1.729,60,1.503,61,2.177]],["t/975",[10,1.019,14,0.749,18,0.249,34,1.386,47,1.461,49,1.019,59,1.799,62,2.069,63,1.461,64,2.718,65,3.027,66,3.883,67,1.676,68,3.441,69,2.718,70,2.718,71,1.874,72,1.673,73,1.676,74,1.564,75,3.883,76,2.547,77,2.089,78,3.441,79,1.462,80,1.676,81,4.069,82,1.256,83,4.069,84,1.935,85,1.12,86,4.069,87,4.069,88,2.718,89,1.799,90,2.718,91,4.069,92,2.089,93,3.027,94,3.027,95,3.486,96,2.483,97,2.471,98,0.914,99,3.027,100,2.265,101,1.799,102,2.265,103,2.718,104,1.935,105,2.471,106,3.441,107,2.718]],["t/977",[14,0.726,50,0.726,108,1.392,109,5.059,110,3.856,111,3.763,112,2.816,113,3.763,114,2.236,115,3.763,116,5.059,117,4.278,118,3.379,119,5.059,120,3.763,121,2.816,122,5.059,123,5.059,124,5.059]],["t/979",[14,0.769,18,0.259,29,1.333,37,3.155,50,0.769,89,1.875,92,2.178,103,2.833,105,2.576,111,3.987,118,3.58,120,3.155,125,4.241,126,5.359,127,4.532,128,2.833,129,5.22,130,3.155,131,4.968,132,3.586,133,3.254,134,4.241,135,3.987,136,4.241,137,2.361,138,4.241,139,2.576,140,4.241,141,4.241,142,4.241,143,2.576,144,3.586,145,1.247,146,3.155,147,2.833,148,2.984,149,4.241,150,4.241,151,4.241,152,4.241,153,4.241,154,4.241,155,4.241,156,3.586,157,4.241,158,4.241,159,3.155,160,3.155,161,1.523]],["t/981",[6,4.554,18,0.329,27,1.535,105,2.596,111,3.18,118,2.855,127,4.554,131,4.554,132,3.614,133,3.27,137,3.283,139,2.596,148,2.38,156,5.593,161,1.535,162,5.897,163,5.386,164,5.386,165,1.889,166,3.18,167,4.274,168,4.274,169,4.274,170,4.274,171,4.274,172,4.274,173,4.274,174,3.18,175,4.274,176,4.274,177,5.386,178,1.535,179,1.435,180,1.642,181,4.274,182,4.274,183,4.274,184,4.274,185,4.274,186,4.274,187,4.274,188,4.274,189,4.274]],["t/983",[5,3.242,10,0.851,14,0.626,18,0.266,27,1.565,34,1.598,45,1.927,46,3.242,47,1.565,48,1.464,49,1.064,50,0.626,85,1.199,102,2.427,108,1.199,129,3.686,133,3.311,190,1.675,191,3.642,192,3.242,193,4.359,194,1.795,195,3.686,196,2.073,197,1.282,198,3.311,199,4.359,200,3.686,201,3.242,202,3.686,203,3.686,204,3.311,205,3.035,206,3.242,207,3.686,208,4.359,209,3.686,210,3.686,211,2.073,212,3.035,213,3.642,214,4.359]],["t/985",[0,4.677,2,3.163,10,0.871,14,0.537,27,0.904,29,1.553,31,2.272,34,0.606,45,1.113,47,1.603,48,1.256,50,0.537,54,0.74,63,0.904,67,1.54,69,2.498,71,0.904,72,0.693,73,1.54,76,1.113,77,1.293,79,0.606,82,1.074,85,0.693,98,1.003,108,1.36,110,3.207,114,1.113,121,1.402,130,1.873,145,1.553,147,1.681,161,1.774,174,1.873,178,1.896,179,1.499,180,0.967,191,3.527,192,1.873,194,1.838,215,1.873,216,2.942,217,2.517,218,2.129,219,2.517,220,2.517,221,2.129,222,4.464,223,4.942,224,3.207,225,1.681,226,2.129,227,2.517,228,3.321,229,2.517,230,2.517,231,3.163,232,1.681,233,2.129,234,2.517,235,2.129,236,1.873,237,2.517,238,3.163,239,1.424,240,1.873,241,2.517,242,1.529,243,1.529,244,2.123,245,2.517,246,2.129,247,3.741,248,1.873,249,1.113,250,1.873,251,2.129,252,1.529,253,0.648,254,2.517,255,1.873,256,2.711,257,2.517,258,2.129,259,2.517,260,2.711,261,2.129,262,1.529,263,1.681,264,3.36,265,2.498,266,2.517,267,2.123,268,1.529,269,3.321,270,2.129,271,1.402,272,1.873,273,3.001,274,3.741,275,2.272,276,0.935,277,2.517,278,2.517,279,2.517,280,2.517,281,1.873,282,1.402,283,2.517,284,2.517,285,1.037,286,2.783,287,2.129,288,1.529,289,2.517,290,2.129,291,2.035,292,2.129,293,2.129,294,2.517,295,2.517,296,2.517,297,1.681,298,1.402,299,2.129,300,1.873,301,1.873,302,1.681,303,1.402,304,2.517,305,1.529,306,2.517,307,2.517]],["t/987",[0,3.351,10,1.14,11,2.179,14,0.647,18,0.275,34,0.785,35,1.981,45,1.991,48,1.733,49,0.637,50,0.468,61,2.508,63,1.171,64,2.179,67,1.343,71,1.618,72,1.24,73,1.343,74,1.254,80,1.343,82,1.084,96,1.552,97,1.981,98,1.25,108,1.42,161,1.618,165,2.281,178,1.171,179,1.513,180,1.254,190,1.254,192,2.427,198,3.134,211,1.552,215,3.351,216,2.313,224,1.981,226,2.759,235,3.81,236,4.14,238,3.81,239,1.159,248,2.427,272,4.344,273,1.981,285,1.855,300,3.351,308,3.262,309,4.505,310,3.447,311,3.262,312,3.446,313,3.81,314,3.262,315,1.552,316,2.313,317,1.084,318,3.262,319,3.717,320,3.262,321,2.759,322,2.427,323,2.508,324,2.759,325,3.262,326,2.759,327,3.262,328,3.262,329,1.442,330,2.179,331,2.508,332,3.262,333,3.262,334,3.262,335,3.262,336,3.262,337,2.759,338,2.759,339,3.262,340,3.262,341,3.262,342,3.262,343,2.427,344,1.981,345,3.262]],["t/989",[27,1.877,47,1.877,85,1.438,98,1.174,178,1.877,179,1.755,249,2.31,252,3.174,271,2.91,312,2.91,346,6.084,347,5.227,348,2.009]],["t/991",[18,0.261,27,1.088,30,2.253,34,1.029,54,1.258,67,1.247,74,2.071,76,2.382,79,0.729,82,1.459,98,0.961,108,0.833,110,1.839,128,2.023,133,3.957,139,1.839,143,3.582,145,0.891,148,2.382,166,4.388,178,1.536,179,1.017,190,1.164,194,1.247,212,1.687,243,1.839,244,1.441,252,1.839,262,3.76,263,2.023,267,1.441,268,1.839,271,1.687,276,1.039,282,1.687,285,2.497,291,1.762,302,2.023,305,2.598,317,1.193,324,4.194,348,2.33,349,3.029,350,1.839,351,2.023,352,2.253,353,2.561,354,2.253,355,2.857,356,2.561,357,2.253,358,4.606,359,2.561,360,3.029,361,2.547,362,3.617,363,3.617,364,4.556,365,2.561,366,2.253,367,3.312,368,3.312,369,2.561,370,2.561,371,3.617,372,2.253,373,1.441,374,2.561,375,3.029,376,3.029,377,3.029,378,2.857,379,3.029,380,4.959,381,3.029,382,1.687,383,3.029,384,3.029]],["t/993",[18,0.249,27,1.879,73,2.154,76,1.805,85,1.124,98,0.918,108,1.124,121,2.274,178,2.186,179,1.372,200,5.322,211,1.943,213,2.728,225,2.728,228,3.038,231,3.454,239,1.567,243,2.48,249,1.805,252,2.48,253,1.347,264,3.822,267,1.943,268,2.48,273,3.177,276,0.856,285,1.682,315,2.489,317,0.983,348,1.569,382,2.274,385,4.084,386,5.232,387,3.038,388,4.084,389,3.038,390,4.084,391,4.084,392,5.773,393,5.773,394,5.773,395,4.084,396,4.084,397,4.084,398,4.084,399,4.084,400,3.038]],["t/995",[10,0.777,18,0.314,47,1.429,48,1.915,51,1.53,54,1.171,72,1.416,85,1.569,98,1.281,112,2.216,120,2.961,145,1.171,165,1.76,201,4.645,204,2.417,216,2.643,239,1.325,243,2.417,253,1.025,262,3.125,264,3.125,267,2.448,268,3.125,275,2.417,276,1.308,282,2.216,305,2.417,317,1.502,329,2.275,348,1.53,366,2.961,367,2.659,368,2.659,387,2.961,401,2.961,402,3.981,403,4.352,404,2.961,405,2.417,406,3.981,407,3.366,408,3.981,409,3.981,410,3.981,411,3.981,412,3.981,413,3.981,414,3.981,415,3.981,416,2.417,417,2.659,418,3.366]],["t/997",[10,1.111,45,2.066,47,2.044,80,1.924,82,1.124,85,1.286,108,1.286,110,2.838,121,2.602,178,1.678,179,1.569,197,1.374,202,3.951,215,3.476,216,2.399,224,2.838,232,3.121,236,3.476,252,2.838,253,1.465,282,2.602,317,1.124,331,3.417,351,3.121,419,4.673,420,4.673,421,3.951,422,4.673,423,4.673,424,3.951,425,4.673,426,3.121,427,4.813]],["t/999",[18,0.305,48,2.12,101,2.617,102,3.296,108,1.373,121,2.778,165,2.206,197,1.467,198,3.03,203,4.22,216,2.562,244,2.374,263,3.333,276,1.046,322,3.712,428,5.921,429,4.99,430,4.22,431,4.22]],["t/1001",[10,1.282,14,0.765,18,0.314,26,0.82,29,0.929,31,1.127,34,1.449,35,1.127,36,2.239,45,2.031,47,0.666,48,1.966,49,1.04,50,0.737,51,1.417,54,1.084,60,1.765,63,0.666,72,0.814,73,1.732,74,1.137,76,1.307,77,0.953,80,0.764,82,0.447,84,0.883,85,1.157,98,1.1,101,2.031,108,1.157,110,1.127,112,1.647,115,2.2,121,1.033,128,1.24,130,1.381,137,1.033,145,0.546,161,1.324,165,1.63,178,1.324,179,0.623,180,0.713,190,0.713,194,0.764,196,0.883,197,1.351,204,2.239,205,2.342,213,1.24,216,1.893,224,1.127,232,1.976,239,1.26,240,2.743,242,1.127,244,2.614,246,1.57,249,2.031,253,0.949,256,1.796,260,1.796,264,1.796,267,1.407,270,1.57,271,1.647,272,2.2,276,0.881,281,1.381,282,1.033,285,1.518,287,1.57,290,2.501,297,1.24,312,2.053,313,2.501,315,1.407,317,1.012,323,1.033,326,2.501,330,1.976,343,1.381,348,1.417,350,1.127,352,1.381,355,1.24,405,1.127,416,3.118,417,2.463,424,1.57,426,1.24,432,1.856,433,2.501,434,1.856,435,1.856,436,1.856,437,1.57,438,1.856,439,1.856,440,3.688,441,1.856,442,1.856,443,2.501,444,1.57,445,1.381,446,1.856,447,1.856,448,1.381,449,1.57,450,1.57,451,1.57,452,1.381,453,5.495,454,1.856,455,1.856,456,1.856,457,1.856,458,1.381,459,1.856,460,3.557,461,1.57,462,2.958,463,1.856,464,1.381,465,1.976,466,1.856,467,1.856,468,2.958,469,1.033,470,1.856,471,1.57,472,1.57,473,1.381,474,0.883,475,1.57,476,1.976,477,2.2,478,1.856,479,1.57,480,2.958,481,1.856,482,1.856,483,1.856,484,1.856,485,1.856,486,1.856,487,2.958,488,1.856,489,1.976,490,1.856,491,1.976,492,1.856,493,1.57,494,1.856,495,2.501,496,2.501,497,1.57,498,1.24,499,1.856,500,2.958,501,1.856,502,1.57,503,1.856,504,3.688,505,1.856,506,2.501,507,1.57,508,1.856,509,1.57,510,1.856,511,2.958,512,1.856,513,1.856,514,1.856,515,1.856,516,1.856,517,1.856,518,1.856,519,1.57,520,1.127,521,1.856,522,1.856]],["t/1003",[1,1.835,9,2.827,10,1.187,11,1.45,14,0.828,18,0.204,19,3.449,20,1.835,26,0.959,29,1.44,34,1.19,36,2.03,45,0.959,46,2.487,48,1.662,50,0.586,54,1.199,55,3.005,56,1.761,59,1.478,63,0.779,64,1.45,66,3.409,72,1.261,74,0.834,75,2.487,76,0.959,79,0.522,80,0.894,85,1.122,89,0.959,92,1.114,95,1.45,98,1.029,101,0.959,112,1.208,137,1.862,139,1.318,143,1.318,145,1.199,161,0.779,174,1.615,178,1.201,190,0.834,194,0.894,196,1.94,204,2.03,205,1.862,206,3.889,212,1.208,218,1.835,221,2.827,233,1.835,239,1.05,242,1.318,244,1.032,249,1.478,253,0.559,260,2.03,267,2.18,268,1.318,276,0.455,285,1.679,310,1.45,312,1.208,316,1.114,317,1.31,323,1.208,331,2.551,337,1.835,348,0.834,356,1.835,357,1.615,369,1.835,371,1.835,372,1.615,373,1.59,382,1.208,403,1.835,404,1.615,416,3.503,417,3.06,433,1.835,443,1.835,449,1.835,450,1.835,451,2.827,452,1.615,458,1.615,465,1.45,474,1.032,476,1.45,493,1.835,502,1.835,506,3.449,507,1.835,519,1.835,520,1.318,523,3.344,524,3.344,525,3.344,526,2.17,527,1.835,528,2.17,529,2.17,530,2.17,531,2.17,532,1.45,533,2.17,534,1.318,535,2.17,536,2.17,537,1.835,538,3.344,539,2.487,540,3.344,541,1.835,542,2.827,543,1.45,544,2.827,545,1.615,546,2.17,547,1.835,548,3.449,549,2.17,550,2.17,551,2.17,552,1.835,553,2.17,554,2.17,555,2.17,556,2.17,557,2.17,558,3.344,559,2.17,560,1.835,561,2.17,562,1.835,563,2.17,564,2.17,565,1.835,566,2.17,567,2.17,568,1.615,569,2.17,570,1.835,571,2.17,572,2.17,573,2.17,574,2.17,575,2.17,576,2.17,577,2.17,578,2.17,579,1.835,580,2.17,581,2.17,582,1.835,583,2.17,584,2.17,585,2.17,586,3.344,587,1.835,588,2.17,589,2.17,590,2.17,591,1.615,592,1.835,593,2.17,594,1.835,595,2.17,596,1.835,597,1.862,598,2.17,599,1.615,600,2.17,601,3.409,602,1.032,603,2.17,604,2.827,605,1.45,606,1.835,607,1.835,608,1.835,609,2.17,610,2.17,611,2.17]],["t/1005",[18,0.323,27,1.897,31,2.517,34,1.399,49,0.809,50,0.595,52,1.707,53,1.707,55,2.517,56,1.593,74,1.593,79,0.997,82,0.997,85,1.141,92,2.129,105,2.517,108,1.141,161,1.897,207,5.722,239,1.575,249,1.833,253,1.359,273,3.208,297,3.528,317,1.473,348,1.593,361,2.129,382,2.308,401,3.084,418,4.916,444,3.506,472,3.506,544,3.506,602,1.972,612,3.084,613,4.146,614,3.084,615,4.146,616,4.146,617,3.506,618,4.146,619,4.146,620,4.146,621,4.146]],["t/1007",[14,0.76,18,0.323,29,1.308,34,1.001,47,1.494,48,1.778,49,0.812,50,0.836,51,1.599,52,1.714,53,1.714,54,1.712,63,1.494,65,3.095,70,2.779,73,1.714,85,1.602,98,0.935,108,1.145,161,1.901,178,1.494,179,1.397,190,1.599,196,1.979,197,1.224,232,2.779,239,1.578,253,1.363,276,0.872,317,1.523,329,1.839,350,2.527,351,2.779,389,3.095,426,2.779,460,3.519,469,2.317,599,3.095,622,4.161,623,4.161,624,4.161,625,3.095,626,3.095,627,4.161,628,3.519,629,3.519,630,4.161,631,4.161,632,4.161,633,3.095]],["t/1009",[10,1.121,14,0.746,18,0.37,34,0.972,45,2.296,47,1.45,49,1.014,50,0.746,54,1.528,63,1.45,73,2.139,74,1.552,79,0.972,82,0.972,89,1.786,108,1.111,143,3.155,145,1.188,161,1.865,165,1.786,179,1.356,196,1.921,197,1.188,209,4.856,239,1.56,253,1.337,260,3.155,262,3.155,276,0.846,285,2.365,300,3.005,302,3.47,305,2.453,317,0.972,350,2.453,355,2.698,358,3.865,387,3.005,389,3.005,421,3.416,427,3.416,509,3.416,599,3.005,625,3.005,626,3.005,628,3.416,634,4.039,635,4.039,636,4.039,637,4.039,638,4.039]],["t/1011",[10,1.056,14,0.618,27,1.547,34,1.036,48,1.447,54,1.267,63,1.547,85,1.489,88,2.877,108,1.185,161,1.943,178,1.547,179,1.447,210,5.52,239,1.598,249,1.904,253,1.393,271,2.398,276,0.903,317,1.036,329,2.744,348,1.655,351,2.877,352,3.204,382,2.398,448,3.204,476,3.615,495,3.642,496,3.642,639,2.049,640,4.308,641,4.308,642,5.412,643,4.308,644,4.308,645,4.308,646,5.918,647,4.308,648,4.308,649,4.308]],["t/1013",[18,0.386,53,2.055,79,1.2,89,2.206,145,2.008,194,2.438,244,3.003,288,3.595,650,4.99,651,4.99,652,4.99,653,4.22]],["t/1015",[14,0.736,18,0.313,34,1.536,50,0.736,60,1.971,74,1.971,92,2.634,165,2.267,179,2.145,276,1.075,297,3.426,400,3.816,654,5.129,655,5.129]],["t/1017",[14,0.707,29,1.845,49,1.146,50,0.707,51,1.892,52,2.419,53,2.419,54,1.727,55,3.812,56,2.412,88,3.288,98,1.106,602,2.342,656,4.923,657,4.923,658,4.923,659,5.873]],["t/1019",[10,1.342,17,3.391,18,0.245,27,1.44,52,1.651,71,1.44,72,1.103,89,1.773,98,0.901,165,1.773,253,1.032,315,1.907,317,0.965,476,2.678,541,3.391,552,4.372,660,4.01,661,2.233,662,5.171,663,4.01,664,4.01,665,4.01,666,4.01,667,4.01,668,4.01,669,4.01,670,4.01,671,4.01,672,4.01,673,4.839,674,5.723,675,4.01,676,4.01,677,4.257,678,4.01,679,4.01,680,5.723,681,4.01,682,4.01,683,4.01,684,4.01,685,4.01,686,4.01,687,4.372,688,2.678,689,4.01,690,4.01,691,4.01,692,4.01,693,4.01,694,4.01,695,4.01,696,3.391,697,4.01]],["t/1021",[10,1.131,18,0.294,29,1.821,50,0.691,51,2.389,52,1.983,53,1.983,54,1.416,60,1.851,114,2.129,180,1.851,310,3.216,361,3.193,612,4.312,677,3.582,698,4.072,699,4.072,700,4.072,701,4.072,702,4.072,703,3.582,704,5.796,705,4.816,706,4.816]],["t/1023",[5,0.476,10,1.064,11,0.786,14,0.538,18,0.355,27,0.85,29,1.576,30,1.761,31,0.715,34,0.939,37,0.875,47,1.214,48,0.215,49,0.521,50,0.169,51,0.452,53,0.834,54,1.051,57,0.786,58,0.541,59,1.656,61,0.909,62,1.623,63,1.545,65,1.507,66,3.285,67,1.902,68,0.995,69,1.091,71,0.958,72,1.475,73,1.208,74,1.44,75,2.904,76,1.902,77,1.37,78,2.002,79,1.006,80,1.099,82,1.006,84,2.653,85,0.734,89,0.722,90,0.428,92,0.329,96,0.964,97,3.225,98,1.037,99,2.516,100,1.989,101,0.283,102,0.655,103,0.428,104,2.353,105,0.389,107,0.786,112,0.356,114,1.297,133,1.438,137,1.318,139,0.992,143,0.992,145,1.265,147,2.874,159,1.215,160,1.215,161,0.85,165,0.52,166,1.215,178,0.423,180,0.779,190,0.452,191,1.959,194,1.667,196,0.305,197,0.863,198,0.992,201,0.875,204,0.389,205,2.254,206,1.215,211,0.305,212,0.655,213,0.786,216,0.329,224,0.389,225,0.428,228,0.476,239,1.005,242,0.715,244,1.126,249,0.283,253,0.609,256,0.992,258,0.541,260,0.715,262,1.438,263,1.353,264,1.23,265,0.786,267,0.305,269,0.875,271,0.356,273,0.715,275,0.715,281,0.875,282,0.655,285,1.393,288,1.62,291,0.485,292,0.541,293,0.541,298,0.356,301,0.875,303,2.571,305,1.23,312,0.356,315,0.56,316,1.04,317,1.252,319,0.786,321,0.541,322,1.507,329,0.722,330,0.428,331,1.883,344,0.715,348,1.3,357,0.476,358,1.215,361,1.04,362,0.541,363,0.541,364,0.995,365,0.541,366,0.875,367,1.091,368,1.091,370,0.541,372,0.476,373,1.269,374,0.541,378,1.959,382,0.655,401,0.476,404,0.875,405,2.371,416,2.459,417,1.959,426,0.428,430,0.995,431,0.995,437,0.541,445,1.507,448,1.215,452,0.875,464,1.507,469,0.356,474,1.126,489,2.502,491,0.428,498,0.428,520,0.389,527,0.541,534,0.389,537,1.381,543,0.428,545,4.764,547,1.713,548,0.995,560,0.541,562,0.541,568,0.476,579,0.541,582,0.541,594,0.541,596,0.541,597,1.485,601,1.215,602,0.964,604,1.713,605,0.428,614,0.875,617,0.541,633,0.476,639,2.15,653,0.541,661,0.356,673,0.541,688,0.428,703,0.476,707,0.64,708,0.64,709,1.177,710,2.026,711,0.64,712,1.713,713,5.615,714,0.541,715,2.368,716,0.64,717,3.382,718,3.573,719,0.64,720,0.64,721,0.64,722,0.64,723,0.64,724,1.177,725,2.026,726,0.64,727,0.64,728,1.177,729,0.64,730,1.507,731,0.64,732,0.64,733,0.541,734,0.64,735,1.633,736,2.256,737,0.64,738,1.177,739,0.64,740,0.541,741,0.64,742,0.64,743,1.633,744,2.368,745,2.368,746,0.875,747,0.64,748,1.091,749,0.64,750,5.082,751,2.026,752,0.64,753,0.64,754,0.64,755,1.177,756,0.541,757,1.381,758,0.64,759,0.64,760,1.381,761,0.64,762,1.177,763,0.64,764,0.541,765,2.117,766,0.64,767,0.64,768,0.64,769,0.64,770,1.633,771,1.633,772,1.177,773,0.64,774,0.64,775,0.64,776,0.64,777,1.23,778,0.64,779,0.64,780,0.541,781,0.64,782,0.64,783,0.64,784,0.64,785,0.64,786,0.786,787,0.476,788,0.64,789,0.875,790,0.995,791,0.875,792,0.64,793,0.995,794,1.177,795,0.995,796,0.995,797,0.64,798,1.215,799,0.541,800,1.633,801,1.381,802,1.177,803,1.177,804,0.64,805,0.875,806,0.64,807,0.64,808,0.64,809,2.026,810,0.64,811,0.995,812,0.541,813,0.64,814,1.177,815,0.541,816,0.64,817,0.64,818,0.64,819,2.571,820,0.995,821,0.64,822,2.368,823,0.64,824,0.64,825,2.026,826,0.541,827,1.177,828,2.026,829,1.985,830,0.995,831,0.541,832,0.64,833,0.64,834,1.177,835,0.64,836,2.371,837,0.64,838,1.782,839,0.64,840,0.64,841,2.256,842,1.633,843,3.424,844,1.177,845,1.177,846,0.64,847,0.64,848,1.633,849,0.64,850,0.389,851,1.215,852,2.026,853,1.381,854,0.541,855,0.541,856,0.541,857,0.64,858,1.633,859,0.64,860,0.64,861,0.541,862,0.64,863,0.64,864,0.64,865,1.507,866,0.64,867,0.995,868,0.541,869,0.64,870,0.995,871,0.64,872,0.541,873,0.64,874,0.64,875,1.381,876,1.177,877,0.64,878,0.64,879,0.541,880,0.64,881,0.64,882,0.64,883,0.64,884,0.64,885,0.64,886,0.64,887,0.64,888,0.64,889,0.64,890,0.64,891,0.64,892,0.64,893,0.541,894,0.64,895,0.64]],["t/1025",[14,0.79,18,0.3,26,2.433,29,2.04,34,1.41,36,2.247,49,1.144,50,0.531,51,1.422,54,1.088,62,1.976,63,1.329,79,0.89,98,0.831,99,3.65,100,3.615,101,2.169,102,2.06,114,1.636,115,2.753,147,3.277,180,2.252,211,1.76,212,2.06,267,1.76,303,3.263,310,2.471,317,1.324,323,2.06,361,1.9,367,2.471,368,2.471,405,2.247,491,2.471,539,2.753,607,4.149,639,2.334,748,2.471,870,4.149,872,3.129,896,3.7,897,3.7,898,4.906,899,3.7,900,3.7,901,4.094,902,3.7,903,3.7,904,3.7,905,4.906,906,3.7,907,4.906,908,3.7,909,3.7,910,3.7]],["t/1027",[10,1.096,18,0.279,29,1.438,49,0.893,52,2.314,53,2.314,55,3.412,56,2.159,60,1.758,72,1.259,96,2.177,114,2.023,145,1.346,180,1.758,194,1.884,253,1.446,291,2.314,361,2.885,612,4.18,677,3.404,698,3.869,699,3.869,700,3.869,701,3.869,702,3.869,703,3.404,730,3.404,911,4.576,912,4.576,913,4.576,914,3.869,915,5.619,916,4.576,917,4.576]],["t/1029",[10,1.153,14,0.542,18,0.304,29,1.747,35,3.02,49,1.085,50,0.542,52,1.555,56,1.451,59,1.669,62,1.996,67,1.555,79,0.908,82,0.908,84,3.315,197,1.462,275,2.293,291,1.555,298,2.103,303,2.768,315,2.365,373,2.365,639,1.796,736,4.205,760,3.193,777,2.293,790,4.205,791,2.809,793,3.193,795,3.193,796,4.701,798,4.395,799,4.205,801,3.193,805,3.699,829,4.395,856,3.193,865,3.699,879,3.193,918,3.321,919,3.776,920,3.776,921,3.776,922,3.776,923,3.776,924,3.193]],["t/1031",[10,0.658,14,0.484,18,0.206,26,1.491,49,0.899,50,0.484,56,1.771,60,1.296,62,2.122,67,2.433,77,1.732,79,1.467,80,1.389,82,1.358,84,2.902,89,1.491,98,0.758,104,2.192,113,2.508,114,1.491,135,3.428,145,1.355,197,1.355,211,1.604,239,1.351,276,0.707,286,2.508,288,2.799,291,1.389,298,1.877,329,2.037,373,2.684,378,3.769,469,1.877,489,2.252,520,2.799,543,3.078,545,2.508,597,1.877,602,1.604,661,2.566,714,3.897,746,2.508,777,2.048,812,2.851,819,1.877,836,2.799,838,2.252,918,2.252,925,3.372,926,2.851,927,2.851,928,3.428,929,3.428,930,4.997,931,3.906,932,3.372,933,4.609,934,3.372,935,3.897,936,3.372,937,3.372,938,3.372,939,3.372,940,3.372,941,3.428,942,2.851,943,2.851,944,2.851,945,2.851,946,2.851,947,2.508,948,2.508,949,2.851,950,2.851,951,2.851,952,2.851]],["t/1033",[10,0.666,14,0.49,18,0.208,26,1.509,49,0.907,56,1.786,60,1.312,62,2.348,67,1.406,80,1.406,82,0.821,84,2.698,98,0.767,100,2.942,104,2.211,113,2.539,114,2.054,145,1.004,197,1.367,211,1.624,239,1.36,249,1.509,276,0.715,286,2.539,288,2.073,291,1.406,298,1.901,303,2.588,329,2.336,373,2.698,378,3.529,469,1.901,477,2.539,489,2.28,534,2.073,543,3.529,591,2.539,597,1.901,639,2.513,661,1.901,687,2.887,765,3.104,777,2.073,805,2.539,819,1.901,836,2.822,838,2.28,918,2.28,926,2.887,927,2.887,928,3.457,929,3.457,930,2.887,935,2.887,941,3.457,942,2.887,943,2.887,944,2.887,945,2.887,946,3.93,947,2.539,948,2.539,949,3.93,950,2.887,951,2.887,953,3.414,954,3.414,955,3.414,956,3.414,957,3.414,958,3.414,959,3.414,960,4.648,961,4.648,962,4.648,963,4.648,964,3.414,965,2.887,966,3.414,967,2.539,968,3.414,969,2.887]],["t/1035",[26,1.839,29,1.83,49,1.136,53,1.714,56,2.035,60,1.599,71,1.494,80,1.714,84,3.165,107,2.779,114,1.839,135,3.095,148,2.317,197,1.557,276,0.872,291,1.714,298,2.317,315,1.979,354,3.095,373,3.011,469,2.317,474,1.979,639,1.979,661,2.317,746,3.095,786,2.779,787,3.095,865,4.332,914,3.519,918,2.779,928,3.939,929,3.939,931,4.332,941,3.939,947,3.095,948,3.095,952,3.519,970,4.161,971,4.161,972,4.161,973,5.295,974,5.295]],["t/1037",[10,1.335,14,0.435,18,0.285,28,2.56,29,0.6,34,0.46,49,0.591,50,0.614,51,0.734,54,0.562,56,1.444,57,1.276,59,0.845,60,0.734,61,2.892,62,1.535,63,1.35,64,1.276,67,1.548,70,1.276,71,0.686,72,1.719,73,1.919,74,0.734,76,2.191,79,0.46,80,0.787,82,1.029,85,0.833,90,1.276,93,2.252,94,1.421,95,1.276,96,0.909,98,1.362,101,0.845,104,2.47,108,0.833,112,1.064,145,1.257,146,1.421,148,2.38,179,0.642,180,1.163,190,1.163,194,0.787,196,0.909,198,1.16,239,0.779,244,0.909,250,3.181,253,0.967,255,1.421,256,1.16,275,1.838,276,0.4,285,1.246,291,1.246,317,0.46,329,1.89,338,1.616,355,1.276,359,1.616,405,1.16,458,2.252,464,1.421,471,1.616,474,0.909,520,1.16,532,1.276,539,1.421,565,2.56,568,1.421,570,1.616,591,2.252,592,1.616,597,1.685,602,2.034,605,1.276,608,1.616,625,1.421,626,1.421,696,1.616,748,2.022,765,2.856,780,3.178,786,1.276,789,1.421,791,1.421,811,1.616,815,1.616,819,3.228,820,1.616,831,1.616,836,1.838,850,1.838,851,3.467,893,1.616,901,1.421,924,1.616,965,2.56,967,2.252,975,1.616,976,1.616,977,1.911,978,1.616,979,1.911,980,3.615,981,2.56,982,4.987,983,2.56,984,3.615,985,1.911,986,1.911,987,1.616,988,1.911,989,1.911,990,1.616,991,5.194,992,1.911,993,1.911,994,1.911,995,4.276,996,1.911,997,3.178,998,1.911,999,3.027,1000,1.911,1001,3.759,1002,1.911,1003,3.027,1004,1.911,1005,1.911,1006,1.911,1007,3.027,1008,3.027,1009,1.911,1010,1.911,1011,1.911,1012,1.911,1013,1.911,1014,1.911,1015,1.911,1016,3.759,1017,3.027,1018,3.027,1019,1.911,1020,1.911,1021,1.911,1022,1.911,1023,1.911,1024,1.911,1025,1.911,1026,1.911,1027,3.027,1028,1.911,1029,3.027,1030,1.911,1031,3.027,1032,1.911,1033,1.616,1034,1.616,1035,1.911,1036,1.911,1037,1.911,1038,1.911,1039,1.911,1040,1.616]],["t/1039",[14,0.682,18,0.29,26,2.542,50,0.682,62,1.707,63,1.707,71,2.362,72,1.582,74,1.827,79,1.143,82,1.143,89,2.101,96,2.735,97,2.886,159,3.536,180,1.827,197,1.398,265,3.175,315,2.261,344,2.886,534,2.886,639,2.261,764,4.019,850,3.492,1041,4.019,1042,5.751]],["t/1041",[14,0.829,18,0.32,35,2.48,50,0.829,62,1.879,71,2.186,72,1.772,79,0.983,82,0.983,96,2.489,98,0.918,101,1.805,128,2.728,180,1.569,197,1.201,239,1.486,253,1.051,256,2.48,276,0.856,299,3.454,316,2.097,343,4.294,344,3.506,407,3.454,474,1.943,498,2.728,534,3.177,712,3.454,850,3.697,1040,3.454,1043,4.084,1044,6.088,1045,4.084,1046,4.084,1047,4.084,1048,4.084,1049,4.084,1050,4.084,1051,4.084,1052,4.084,1053,4.084,1054,4.084,1055,4.084,1056,4.084,1057,3.454]],["t/1043",[18,0.366,26,1.405,49,0.993,50,0.456,52,1.309,71,2.207,72,1.4,73,1.822,76,1.405,82,0.764,92,1.632,96,2.981,97,4.09,98,0.714,107,3.399,108,0.874,118,2.122,144,2.687,146,2.364,160,2.364,190,1.221,197,0.934,205,3.064,211,1.511,239,0.818,243,2.686,253,1.31,276,0.666,291,2.382,317,1.224,323,1.769,330,2.122,331,1.769,344,3.09,361,1.632,474,1.511,497,3.741,498,3.399,532,2.122,542,3.741,602,2.104,688,3.399,733,2.687,748,2.955,756,2.687,757,4.303,841,3.741,843,4.303,850,2.686,1034,2.687,1058,4.424,1059,5.089,1060,3.178,1061,5.089,1062,3.178,1063,4.424,1064,4.424,1065,4.424,1066,3.178,1067,3.178,1068,3.178,1069,3.178,1070,3.178,1071,3.178,1072,3.178,1073,3.178,1074,3.178,1075,4.424,1076,3.178,1077,4.424,1078,3.178,1079,3.178]],["t/1045",[14,0.802,18,0.376,36,2.317,44,4.233,47,2.006,49,0.745,50,0.719,51,1.466,56,1.466,59,2.213,61,2.124,69,2.548,71,1.798,72,1.378,77,1.959,79,0.918,82,0.918,85,1.05,90,2.548,93,2.838,94,2.838,95,3.962,100,2.124,103,2.548,117,3.226,145,1.122,195,3.226,251,3.226,269,2.838,276,0.799,303,2.124,312,2.124,316,1.959,317,1.482,319,3.344,348,1.466,350,2.317,373,1.815,465,2.548,473,2.838,633,2.838,730,3.724,765,3.962,777,2.317,829,2.838,830,3.226,851,2.838,861,3.226,967,2.838,969,4.233,975,3.226,976,3.226,990,3.226,1033,3.226,1041,3.226,1080,3.816,1081,3.816,1082,3.816,1083,3.816,1084,5.006,1085,3.226,1086,3.816,1087,5.006,1088,3.816]],["t/1047",[18,0.238,34,1.221,48,1.308,49,0.76,50,0.559,54,1.146,59,1.722,60,1.497,62,1.823,67,2.09,70,2.603,71,1.399,72,1.072,79,1.221,82,1.439,84,1.853,85,1.807,88,3.39,102,2.169,104,1.853,106,3.295,148,2.169,190,1.497,194,2.09,212,2.169,225,2.603,242,2.366,261,3.295,285,1.605,316,2.606,317,1.221,319,2.603,323,2.169,348,1.497,416,3.632,461,3.295,465,3.39,601,2.899,605,2.603,606,3.295,629,3.295,688,2.603,819,2.169,826,3.295,875,3.295,901,2.899,1057,3.295,1085,4.292,1089,3.897,1090,3.897,1091,3.897,1092,3.897,1093,3.897,1094,3.897,1095,3.897,1096,3.897,1097,3.897,1098,3.897,1099,3.897,1100,3.897,1101,3.897,1102,3.897,1103,3.897]],["t/1049",[10,0.868,14,0.638,18,0.272,27,1.597,45,1.966,62,2.363,77,2.283,79,1.444,104,2.115,240,4.106,265,3.687,276,0.932,302,2.97,316,2.835,353,3.76,400,3.308,473,3.308,474,2.626,477,3.308,479,3.76,491,2.97,614,3.308,853,4.668,854,3.76,855,3.76,931,3.308,987,3.76,1104,6.004,1105,4.447,1106,6.004,1107,4.447,1108,4.447,1109,4.447,1110,3.76,1111,4.447]],["t/1051",[10,1.323,14,0.886,18,0.289,34,1.138,48,0.935,49,1.074,50,0.869,51,1.548,52,1.659,53,1.659,57,3.675,59,1.231,60,1.818,61,2.635,62,1.446,72,1.427,79,0.67,100,1.55,101,1.231,104,1.324,108,0.766,137,2.242,145,1.184,161,1.446,190,1.07,191,2.69,196,1.916,197,1.184,205,1.55,239,1.335,248,2.071,250,2.071,253,1.335,255,2.071,276,0.583,301,2.071,329,1.78,331,2.242,354,2.071,445,2.996,475,3.406,532,1.86,587,2.354,597,1.55,602,1.324,639,1.916,661,1.55,740,3.406,786,3.464,787,2.071,789,2.996,798,2.071,819,2.242,836,1.691,838,1.86,867,4.385,868,3.406,978,2.354,980,2.354,981,2.354,982,4.002,983,2.354,984,3.406,997,2.354,1110,3.406,1112,4.028,1113,4.028,1114,4.028,1115,4.028,1116,4.028,1117,4.028,1118,4.028,1119,4.028,1120,4.732,1121,4.732,1122,2.784,1123,4.028,1124,2.784,1125,2.784,1126,2.784,1127,4.028,1128,2.784,1129,2.784,1130,2.784,1131,2.784,1132,2.784,1133,2.784,1134,2.784,1135,2.784,1136,2.784,1137,2.784,1138,4.028,1139,2.784,1140,2.784]]],"invertedIndex":[["",{"_index":10,"t":{"973":{"position":[[92,1],[459,1],[493,1]]},"975":{"position":[[119,1],[559,4]]},"983":{"position":[[209,1]]},"985":{"position":[[1269,1],[2550,1],[2571,2]]},"987":{"position":[[202,1],[317,1],[526,1],[777,1],[953,1]]},"995":{"position":[[448,2]]},"997":{"position":[[366,1],[396,1]]},"1001":{"position":[[39,1],[2366,1],[2387,1],[2447,1],[2498,1],[2500,1],[2543,1],[2545,1],[2568,1],[2591,1],[2618,1],[2638,1],[2668,1],[3726,1],[3747,1],[3804,1],[3860,1],[3862,1],[3900,1],[3902,1],[3918,1],[3939,1],[3964,1],[3984,1],[4005,1],[4033,1],[4110,1]]},"1003":{"position":[[1584,1],[1616,1],[1670,1],[1726,1],[1749,1],[1773,1],[1808,1],[1858,1],[1885,1],[1914,1],[1989,1],[2068,1]]},"1009":{"position":[[213,1],[238,1],[259,1]]},"1011":{"position":[[400,2],[458,2]]},"1019":{"position":[[239,1],[248,1],[264,1],[272,4],[277,1],[312,1],[320,4],[325,1],[330,1],[570,1],[697,1],[706,1],[728,1],[730,1]]},"1021":{"position":[[83,1],[85,1]]},"1023":{"position":[[71,2],[796,1],[1237,1],[1360,3],[1711,4],[1716,2],[1825,1],[1906,1],[1994,1],[2456,2],[2673,1],[2675,1],[2753,1],[2755,1],[2859,1],[3380,1],[3519,1],[4332,2],[6580,2],[6649,1],[7095,2],[7737,1],[8393,1],[10239,1],[10270,1],[11299,1],[11637,1],[11719,1],[11785,1],[12438,1],[12790,2]]},"1027":{"position":[[147,1],[149,1]]},"1029":{"position":[[215,1],[241,1],[278,1],[343,1]]},"1031":{"position":[[895,1]]},"1033":{"position":[[750,1]]},"1037":{"position":[[242,1],[272,4],[317,1],[513,1],[557,1],[629,1],[640,1],[655,1],[796,1],[879,3],[912,1],[923,1],[925,1],[969,1],[988,1],[1050,1],[1282,1],[1468,1],[1644,1],[1737,1],[1803,1],[1901,1],[2080,1],[2161,1],[2266,2],[2269,3],[2273,5],[2279,1],[2396,1],[2398,1],[2494,1],[2582,1],[2612,1],[2656,4],[2665,2],[3338,1],[3419,1],[3448,2],[3451,2],[3484,1],[3496,2],[3523,2],[3556,5],[3566,1]]},"1049":{"position":[[316,1]]},"1051":{"position":[[269,1],[304,1],[340,1],[376,1],[411,1],[433,1],[456,1],[473,1],[491,1],[627,4],[1264,1],[1465,1],[1467,1],[1679,2],[1778,1],[1813,1],[1849,1],[1871,1],[1894,1],[1911,1],[1934,1],[1952,1]]}}}],["0",{"_index":735,"t":{"1023":{"position":[[1430,1],[4592,1],[4605,1]]}}}],["0.0.0.0:4180",{"_index":522,"t":{"1001":{"position":[[4112,14]]}}}],["0.001",{"_index":964,"t":{"1033":{"position":[[884,5]]}}}],["0400",{"_index":929,"t":{"1031":{"position":[[241,5],[1083,4]]},"1033":{"position":[[122,5],[1171,4]]},"1035":{"position":[[267,5],[593,4]]}}}],["1",{"_index":301,"t":{"985":{"position":[[2289,1]]},"1023":{"position":[[1475,3],[12290,4]]},"1051":{"position":[[1630,2]]}}}],["100",{"_index":808,"t":{"1023":{"position":[[4688,3]]}}}],["12",{"_index":968,"t":{"1033":{"position":[[1048,2]]}}}],["123456.apps.googleusercontent.com",{"_index":719,"t":{"1023":{"position":[[592,35]]}}}],["127.0.0.1:4180",{"_index":787,"t":{"1023":{"position":[[4092,16]]},"1035":{"position":[[732,14]]},"1051":{"position":[[664,14]]}}}],["128",{"_index":1064,"t":{"1043":{"position":[[383,3],[434,3]]}}}],["168h0m0",{"_index":727,"t":{"1023":{"position":[[1039,8]]}}}],["19/mar/2015:17:20:19",{"_index":928,"t":{"1031":{"position":[[218,21],[1061,20]]},"1033":{"position":[[99,21],[1149,20]]},"1035":{"position":[[244,21],[571,20]]}}}],["192",{"_index":692,"t":{"1019":{"position":[[644,3]]}}}],["1h",{"_index":259,"t":{"985":{"position":[[919,4]]}}}],["1s",{"_index":768,"t":{"1023":{"position":[[2571,4]]}}}],["2",{"_index":281,"t":{"985":{"position":[[1510,1]]},"1001":{"position":[[2765,2]]},"1023":{"position":[[11761,3],[12366,4]]}}}],["2.0",{"_index":424,"t":{"997":{"position":[[213,3]]},"1001":{"position":[[35,3]]}}}],["200",{"_index":969,"t":{"1033":{"position":[[1097,3]]},"1045":{"position":[[223,3],[336,3]]}}}],["202",{"_index":976,"t":{"1037":{"position":[[131,3]]},"1045":{"position":[[868,3]]}}}],["2048",{"_index":549,"t":{"1003":{"position":[[1052,4]]}}}],["24",{"_index":690,"t":{"1019":{"position":[[630,2]]}}}],["2>&1",{"_index":40,"t":{"973":{"position":[[488,4]]}}}],["2>/dev/nul",{"_index":672,"t":{"1019":{"position":[[227,11]]}}}],["3",{"_index":334,"t":{"987":{"position":[[1119,2]]}}}],["3/4",{"_index":882,"t":{"1023":{"position":[[12063,3]]}}}],["30",{"_index":1138,"t":{"1051":{"position":[[1652,3],[1675,3]]}}}],["32",{"_index":680,"t":{"1019":{"position":[[309,2],[578,2],[708,2]]}}}],["3650",{"_index":561,"t":{"1003":{"position":[[1175,4]]}}}],["401",{"_index":93,"t":{"975":{"position":[[403,3]]},"1037":{"position":[[158,3],[965,3]]},"1045":{"position":[[895,3]]}}}],["4180",{"_index":1126,"t":{"1051":{"position":[[979,5]]}}}],["443",{"_index":789,"t":{"1023":{"position":[[4177,6],[12637,3]]},"1037":{"position":[[251,3]]},"1051":{"position":[[909,3],[1273,3]]}}}],["4kb",{"_index":999,"t":{"1037":{"position":[[1733,3],[1938,4]]}}}],["5",{"_index":295,"t":{"985":{"position":[[1988,1]]}}}],["6",{"_index":336,"t":{"987":{"position":[[1155,2]]}}}],["7",{"_index":804,"t":{"1023":{"position":[[4521,1]]}}}],["74.125.224.72",{"_index":942,"t":{"1031":{"position":[[808,13]]},"1033":{"position":[[663,13]]}}}],["80",{"_index":892,"t":{"1023":{"position":[[12623,3]]}}}],["_",{"_index":677,"t":{"1019":{"position":[[279,3],[327,2],[732,3]]},"1021":{"position":[[104,4]]},"1027":{"position":[[168,4]]}}}],["__host",{"_index":731,"t":{"1023":{"position":[[1216,7]]}}}],["__secur",{"_index":732,"t":{"1023":{"position":[[1228,8]]}}}],["_oauth2_proxi",{"_index":733,"t":{"1023":{"position":[[1266,15]]},"1043":{"position":[[338,14]]}}}],["_oauth2_proxy_1",{"_index":1038,"t":{"1037":{"position":[[3951,18]]}}}],["abov",{"_index":952,"t":{"1031":{"position":[[1324,5]]},"1035":{"position":[[45,5]]}}}],["accept",{"_index":90,"t":{"975":{"position":[[363,7]]},"1023":{"position":[[9089,8]]},"1037":{"position":[[135,8]]},"1045":{"position":[[872,8]]}}}],["access",{"_index":285,"t":{"985":{"position":[[1746,7]]},"987":{"position":[[447,6],[622,7]]},"991":{"position":[[296,7],[924,6],[999,6],[1036,6],[1186,6],[1217,6],[1306,6]]},"993":{"position":[[40,6]]},"1001":{"position":[[1651,6],[1710,7],[2284,6]]},"1003":{"position":[[305,7],[2650,6],[3170,10]]},"1009":{"position":[[528,6],[638,6],[673,6]]},"1023":{"position":[[3333,6],[5560,6],[5630,6],[5714,6],[6496,6],[7324,6],[9542,6],[9571,6],[11543,6]]},"1037":{"position":[[1306,6],[1447,6]]},"1047":{"position":[[214,9]]}}}],["access_by_lua_block",{"_index":1028,"t":{"1037":{"position":[[3399,19]]}}}],["access_token",{"_index":818,"t":{"1023":{"position":[[5589,12]]}}}],["accompani",{"_index":360,"t":{"991":{"position":[[382,11]]}}}],["account",{"_index":260,"t":{"985":{"position":[[977,7],[1091,8],[2388,7]]},"1001":{"position":[[948,8],[3087,8]]},"1003":{"position":[[260,8],[737,7]]},"1009":{"position":[[204,7],[487,7]]},"1023":{"position":[[3797,7],[3841,7]]}}}],["acr",{"_index":707,"t":{"1023":{"position":[[34,3]]}}}],["activ",{"_index":309,"t":{"987":{"position":[[66,6],[592,6]]}}}],["actual",{"_index":626,"t":{"1007":{"position":[[221,6]]},"1009":{"position":[[124,6]]},"1037":{"position":[[3721,6]]}}}],["ad",{"_index":102,"t":{"975":{"position":[[637,5]]},"983":{"position":[[289,2]]},"999":{"position":[[4,6],[49,2]]},"1023":{"position":[[8976,2],[9587,5]]},"1025":{"position":[[750,6]]},"1047":{"position":[[939,5]]}}}],["add",{"_index":165,"t":{"981":{"position":[[148,3]]},"987":{"position":[[0,3],[809,3],[979,3]]},"995":{"position":[[79,3]]},"999":{"position":[[74,3]]},"1001":{"position":[[1296,3],[1643,3],[1874,3]]},"1009":{"position":[[0,3]]},"1015":{"position":[[80,3]]},"1019":{"position":[[332,3]]},"1023":{"position":[[5690,4],[12715,3]]}}}],["add_head",{"_index":997,"t":{"1037":{"position":[[1608,10],[2496,10],[2539,10]]},"1051":{"position":[[1402,10]]}}}],["addit",{"_index":355,"t":{"991":{"position":[[206,10],[775,8]]},"1001":{"position":[[1373,10]]},"1009":{"position":[[559,10]]},"1037":{"position":[[1968,10]]}}}],["addition",{"_index":781,"t":{"1023":{"position":[[3889,12]]}}}],["addr>:/oauth2/callback",{"_index":632,"t":{"1007":{"position":[[611,24]]}}}],["health",{"_index":830,"t":{"1023":{"position":[[6994,6],[7081,6]]},"1045":{"position":[[384,6]]}}}],["healthcheck",{"_index":773,"t":{"1023":{"position":[[2790,12]]}}}],["here",{"_index":529,"t":{"1003":{"position":[[344,5]]}}}],["hex",{"_index":1066,"t":{"1043":{"position":[[406,3]]}}}],["histor",{"_index":1043,"t":{"1041":{"position":[[103,13]]}}}],["hit",{"_index":235,"t":{"985":{"position":[[404,3]]},"987":{"position":[[668,3],[1023,7]]}}}],["hmac",{"_index":1106,"t":{"1049":{"position":[[142,6],[361,4],[493,4]]}}}],["homepag",{"_index":622,"t":{"1007":{"position":[[57,9]]}}}],["host",{"_index":329,"t":{"987":{"position":[[870,4]]},"995":{"position":[[41,7],[827,6]]},"1007":{"position":[[606,4]]},"1011":{"position":[[47,4],[495,4],[560,4],[630,4]]},"1023":{"position":[[914,4],[6274,4],[6308,4]]},"1031":{"position":[[927,4],[960,4]]},"1033":{"position":[[443,9],[782,4],[815,4]]},"1037":{"position":[[370,4],[375,6],[708,4],[713,6]]},"1051":{"position":[[1520,4],[1525,6]]}}}],["host>/api/v3",{"_index":384,"t":{"991":{"position":[[1953,13]]}}}],["host>/login/oauth/access_token",{"_index":383,"t":{"991":{"position":[[1878,31]]}}}],["host>/login/oauth/author",{"_index":381,"t":{"991":{"position":[[1808,28]]}}}],["host>/oauth2/callback",{"_index":642,"t":{"1011":{"position":[[144,21],[298,22]]}}}],["host>/realms/:/sign_in",{"_index":833,"t":{"1023":{"position":[[7208,18]]}}}],["oauth2_proxy_",{"_index":911,"t":{"1027":{"position":[[93,14]]}}}],["oauth2_proxy_cookie_secret",{"_index":916,"t":{"1027":{"position":[[425,27]]}}}],["oauth2_proxy_email_domain",{"_index":917,"t":{"1027":{"position":[[489,27]]}}}],["oauth2_proxy_jwt_key",{"_index":567,"t":{"1003":{"position":[[1299,24]]}}}],["oauth2_proxy_jwt_key_file=/etc/ssl/private/jwt_signing_key.pem",{"_index":593,"t":{"1003":{"position":[[2672,62]]}}}],["oauth_proxi",{"_index":729,"t":{"1023":{"position":[[1154,11]]}}}],["oauthproxy.go",{"_index":1108,"t":{"1049":{"position":[[227,14]]}}}],["obtain",{"_index":888,"t":{"1023":{"position":[[12150,9]]}}}],["occur",{"_index":972,"t":{"1035":{"position":[[187,5]]}}}],["oidc",{"_index":416,"t":{"995":{"position":[[900,4]]},"1001":{"position":[[463,4],[495,4],[608,4],[721,6],[815,4],[884,4],[3029,4]]},"1003":{"position":[[16,4],[1673,4],[3247,4],[3293,4],[3480,4],[3559,4],[3662,4],[3706,4],[3805,4]]},"1023":{"position":[[5097,4],[5209,4],[5254,4],[5364,4],[5455,4],[5476,4],[5526,4],[5794,4],[6528,4],[10572,4],[10599,4],[10656,4],[12361,4]]},"1047":{"position":[[481,4],[667,4],[780,4],[889,4]]}}}],["oidc\"redirect_url",{"_index":480,"t":{"1001":{"position":[[2368,18],[3728,18]]}}}],["oidc_issuer_url",{"_index":490,"t":{"1001":{"position":[[2679,15]]}}}],["ok",{"_index":44,"t":{"973":{"position":[[534,2]]},"1045":{"position":[[227,2],[340,2]]}}}],["okoauth2",{"_index":42,"t":{"973":{"position":[[500,8]]}}}],["okta",{"_index":453,"t":{"1001":{"position":[[792,5],[833,5],[903,5],[919,4],[1772,4],[3048,4],[3174,4],[3649,4],[3822,4]]}}}],["old",{"_index":803,"t":{"1023":{"position":[[4507,3],[4567,3]]}}}],["omit",{"_index":894,"t":{"1023":{"position":[[12673,4]]}}}],["on",{"_index":89,"t":{"975":{"position":[[354,3]]},"979":{"position":[[674,4]]},"1003":{"position":[[2206,3]]},"1009":{"position":[[683,3]]},"1013":{"position":[[156,3]]},"1019":{"position":[[39,3]]},"1023":{"position":[[347,4],[7481,4],[10517,3]]},"1031":{"position":[[298,3]]},"1039":{"position":[[187,3]]}}}],["onc",{"_index":174,"t":{"981":{"position":[[421,4]]},"985":{"position":[[2558,4]]},"1003":{"position":[[2843,4]]}}}],["open",{"_index":130,"t":{"979":{"position":[[113,4]]},"985":{"position":[[460,4]]},"1001":{"position":[[106,4]]}}}],["openid",{"_index":204,"t":{"983":{"position":[[292,6],[544,6]]},"995":{"position":[[132,7]]},"1001":{"position":[[0,6],[697,6],[1935,6]]},"1003":{"position":[[862,6],[906,6]]},"1023":{"position":[[5391,6]]}}}],["openssl",{"_index":552,"t":{"1003":{"position":[[1104,7]]},"1019":{"position":[[78,7],[288,7]]}}}],["option",{"_index":54,"t":{"973":{"position":[[660,8]]},"985":{"position":[[1062,11]]},"991":{"position":[[276,8],[362,7]]},"995":{"position":[[679,7]]},"1001":{"position":[[1028,10],[1330,6],[1759,8]]},"1003":{"position":[[1540,8],[2132,7],[3495,7]]},"1007":{"position":[[407,8],[530,7],[706,7]]},"1009":{"position":[[344,8],[584,7]]},"1011":{"position":[[223,7]]},"1017":{"position":[[48,8],[148,7]]},"1021":{"position":[[169,6]]},"1023":{"position":[[0,6],[52,9],[803,8],[1306,8],[1537,11],[10059,7],[11923,10],[12226,6],[12403,7],[12840,7]]},"1025":{"position":[[61,6]]},"1037":{"position":[[4097,6]]},"1047":{"position":[[985,6]]}}}],["order",{"_index":657,"t":{"1017":{"position":[[109,5]]}}}],["org",{"_index":364,"t":{"991":{"position":[[534,3],[635,7],[795,4],[1559,3]]},"1023":{"position":[[2981,3],[3467,3]]}}}],["organ",{"_index":324,"t":{"987":{"position":[[430,13]]},"991":{"position":[[259,12],[580,12],[713,12]]}}}],["organis",{"_index":365,"t":{"991":{"position":[[678,12]]},"1023":{"position":[[3027,12]]}}}],["orgname/repo",{"_index":374,"t":{"991":{"position":[[1150,12]]},"1023":{"position":[[3225,12]]}}}],["origin",{"_index":246,"t":{"985":{"position":[[628,7]]},"1001":{"position":[[146,10]]}}}],["os,base64",{"_index":666,"t":{"1019":{"position":[[125,10]]}}}],["otherwis",{"_index":461,"t":{"1001":{"position":[[1210,10]]},"1047":{"position":[[992,9]]}}}],["out",{"_index":465,"t":{"1001":{"position":[[1432,3],[1625,3]]},"1003":{"position":[[1156,3]]},"1045":{"position":[[461,3]]},"1047":{"position":[[17,4],[325,3]]}}}],["output",{"_index":918,"t":{"1029":{"position":[[34,6],[81,6]]},"1031":{"position":[[142,6]]},"1033":{"position":[[23,6]]},"1035":{"position":[[80,6]]}}}],["outsid",{"_index":914,"t":{"1027":{"position":[[326,7]]},"1035":{"position":[[193,7]]}}}],["overrid",{"_index":430,"t":{"999":{"position":[[183,8]]},"1023":{"position":[[6830,8],[8044,8]]}}}],["override_speci",{"_index":697,"t":{"1019":{"position":[[711,16]]}}}],["overwrit",{"_index":659,"t":{"1017":{"position":[[161,9],[224,9]]}}}],["packag",{"_index":654,"t":{"1015":{"position":[[37,7]]}}}],["pad",{"_index":1068,"t":{"1043":{"position":[[479,9]]}}}],["page",{"_index":319,"t":{"987":{"position":[[332,4],[551,4],[792,4],[962,4]]},"1023":{"position":[[6903,4],[10754,4]]},"1045":{"position":[[426,5],[465,4]]},"1047":{"position":[[329,4]]}}}],["pair",{"_index":756,"t":{"1023":{"position":[[2256,5]]},"1043":{"position":[[533,4]]}}}],["pane",{"_index":223,"t":{"985":{"position":[[237,5],[280,5],[321,5],[428,5]]}}}],["paramet",{"_index":901,"t":{"1025":{"position":[[258,10],[1096,10],[1121,9]]},"1037":{"position":[[3773,10]]},"1047":{"position":[[364,10]]}}}],["part",{"_index":1001,"t":{"1037":{"position":[[1796,6],[2177,4],[2455,4]]}}}],["particularli",{"_index":913,"t":{"1027":{"position":[[286,12]]}}}],["pass",{"_index":63,"t":{"975":{"position":[[12,7]]},"985":{"position":[[2104,4]]},"987":{"position":[[1292,6]]},"1001":{"position":[[1102,6]]},"1003":{"position":[[2283,4]]},"1007":{"position":[[388,4]]},"1009":{"position":[[325,4]]},"1011":{"position":[[204,4]]},"1023":{"position":[[512,7],[5555,4],[5578,4],[5758,4],[5789,4],[5859,4],[5880,4],[6083,7],[6221,4],[6243,4],[6269,4],[6291,4],[6339,4],[6362,4],[9537,4]]},"1025":{"position":[[71,4]]},"1037":{"position":[[990,4],[1301,4],[1330,4]]},"1039":{"position":[[276,6]]}}}],["password",{"_index":718,"t":{"1023":{"position":[[471,8],[491,8],[1827,8],[7966,8],[7988,9],[8057,8],[8113,8],[8144,9],[8204,9],[8234,8]]}}}],["patch",{"_index":185,"t":{"981":{"position":[[601,7]]}}}],["path",{"_index":303,"t":{"985":{"position":[[2349,4]]},"1023":{"position":[[753,4],[1291,4],[1322,4],[1749,4],[2369,4],[2405,5],[2463,5],[3821,4],[4869,4],[6656,5],[6937,4],[7158,4],[10142,5],[10342,5],[11209,4],[11256,4],[11356,5],[11450,4]]},"1025":{"position":[[501,5],[703,4],[852,4],[1256,4]]},"1029":{"position":[[854,4],[880,6]]},"1033":{"position":[[162,8],[1014,4]]},"1045":{"position":[[279,6]]}}}],["path/to/cert.key",{"_index":1134,"t":{"1051":{"position":[[1383,18]]}}}],["path/to/cert.pem",{"_index":1132,"t":{"1051":{"position":[[1344,18]]}}}],["path/to/sit",{"_index":1012,"t":{"1037":{"position":[[2623,15]]}}}],["pem",{"_index":548,"t":{"1003":{"position":[[1023,4],[2383,3],[2528,3]]},"1023":{"position":[[4724,3],[4901,3]]}}}],["per",{"_index":653,"t":{"1013":{"position":[[166,3]]},"1023":{"position":[[352,3]]}}}],["perform",{"_index":454,"t":{"1001":{"position":[[839,7]]}}}],["period",{"_index":763,"t":{"1023":{"position":[[2505,6]]}}}],["permiss",{"_index":300,"t":{"985":{"position":[[2239,11]]},"987":{"position":[[538,12],[703,12]]},"1009":{"position":[[176,11]]}}}],["pick",{"_index":313,"t":{"987":{"position":[[171,4],[349,4]]},"1001":{"position":[[1542,4],[1967,4]]}}}],["pin",{"_index":1128,"t":{"1051":{"position":[[1227,3]]}}}],["ping",{"_index":829,"t":{"1023":{"position":[[6932,4],[6953,4],[7008,7],[7018,4],[9934,4],[9983,4]]},"1029":{"position":[[716,5],[743,4],[791,4],[849,4]]},"1045":{"position":[[318,5]]}}}],["ping,/path2",{"_index":761,"t":{"1023":{"position":[[2441,14]]}}}],["plain",{"_index":1019,"t":{"1037":{"position":[[2894,5]]}}}],["platform",{"_index":475,"t":{"1001":{"position":[[1910,8]]},"1051":{"position":[[599,8],[790,8]]}}}],["pleas",{"_index":129,"t":{"979":{"position":[[99,6],[144,6],[346,6],[434,6]]},"983":{"position":[[425,6]]}}}],["plural",{"_index":701,"t":{"1021":{"position":[[186,6]]},"1027":{"position":[[257,6]]}}}],["poc",{"_index":734,"t":{"1023":{"position":[[1353,6]]}}}],["polici",{"_index":470,"t":{"1001":{"position":[[1658,8]]}}}],["port",{"_index":445,"t":{"1001":{"position":[[338,5]]},"1023":{"position":[[12537,5],[12596,4],[12709,5],[12780,5]]},"1051":{"position":[[904,4],[974,4]]}}}],["possibl",{"_index":120,"t":{"977":{"position":[[165,9]]},"979":{"position":[[467,9]]},"995":{"position":[[651,8]]}}}],["post",{"_index":134,"t":{"979":{"position":[[158,4]]}}}],["potenti",{"_index":155,"t":{"979":{"position":[[622,9]]}}}],["powershel",{"_index":664,"t":{"1019":{"position":[[86,10]]}}}],["pr",{"_index":132,"t":{"979":{"position":[[130,2]]},"981":{"position":[[373,3]]}}}],["prebuilt",{"_index":3,"t":{"973":{"position":[[34,8],[192,8],[288,8]]}}}],["preced",{"_index":658,"t":{"1017":{"position":[[118,11]]}}}],["prefer",{"_index":822,"t":{"1023":{"position":[[5954,9],[6004,6],[6030,6],[6419,9],[9447,9]]}}}],["preferred_usernam",{"_index":214,"t":{"983":{"position":[[484,18]]}}}],["prefix",{"_index":730,"t":{"1023":{"position":[[1209,6],[7131,6],[11698,6],[12422,8]]},"1027":{"position":[[75,9]]},"1045":{"position":[[136,6],[175,6]]}}}],["preflight",{"_index":857,"t":{"1023":{"position":[[10015,9]]}}}],["present",{"_index":159,"t":{"979":{"position":[[705,7]]},"1023":{"position":[[6544,8],[10874,9],[10990,9]]},"1039":{"position":[[237,7]]}}}],["pretti",{"_index":613,"t":{"1005":{"position":[[282,6]]}}}],["prevent",{"_index":1051,"t":{"1041":{"position":[[460,7]]}}}],["preview",{"_index":457,"t":{"1001":{"position":[[989,7]]}}}],["previou",{"_index":188,"t":{"981":{"position":[[652,8]]}}}],["previous",{"_index":170,"t":{"981":{"position":[[287,10]]}}}],["print",{"_index":874,"t":{"1023":{"position":[[11590,5]]}}}],["print(base64.urlsafe_b64encode(os.urandom(32)).decod",{"_index":667,"t":{"1019":{"position":[[136,57]]}}}],["privat",{"_index":139,"t":{"979":{"position":[[222,8]]},"981":{"position":[[37,9]]},"991":{"position":[[1048,7]]},"1003":{"position":[[1065,7]]},"1023":{"position":[[4709,7],[4881,7],[11264,7]]}}}],["process",{"_index":591,"t":{"1003":{"position":[[2587,7]]},"1033":{"position":[[933,8]]},"1037":{"position":[[2934,9],[2980,9]]}}}],["product",{"_index":233,"t":{"985":{"position":[[370,8]]},"1003":{"position":[[294,10]]}}}],["profil",{"_index":404,"t":{"995":{"position":[[140,7]]},"1003":{"position":[[1992,7]]},"1023":{"position":[[6469,7],[6488,7]]}}}],["project",{"_index":110,"t":{"977":{"position":[[33,8],[74,7],[204,8]]},"985":{"position":[[53,8],[123,7],[150,7],[184,7],[212,7]]},"991":{"position":[[13,8]]},"997":{"position":[[55,8]]},"1001":{"position":[[118,9]]}}}],["prompt",{"_index":710,"t":{"1023":{"position":[[85,6],[6514,6],[6533,7],[6562,6]]}}}],["proper",{"_index":776,"t":{"1023":{"position":[[2871,6]]}}}],["properli",{"_index":408,"t":{"995":{"position":[[325,9]]}}}],["properti",{"_index":318,"t":{"987":{"position":[[319,12]]}}}],["propos",{"_index":168,"t":{"981":{"position":[[257,8]]}}}],["protect",{"_index":330,"t":{"987":{"position":[[892,7]]},"1001":{"position":[[1496,11],[1586,8]]},"1023":{"position":[[8959,9]]},"1043":{"position":[[774,8]]}}}],["protocol",{"_index":543,"t":{"1003":{"position":[[842,9]]},"1023":{"position":[[12614,8]]},"1031":{"position":[[973,8],[1003,9]]},"1033":{"position":[[502,13],[828,8],[858,9]]}}}],["provid",{"_index":34,"t":{"973":{"position":[[403,8],[546,8],[596,8],[749,8]]},"975":{"position":[[309,8],[473,9],[740,8]]},"983":{"position":[[54,8],[90,10],[195,9],[360,8],[395,8],[450,9],[559,9]]},"985":{"position":[[2208,8]]},"987":{"position":[[1190,8]]},"991":{"position":[[184,8],[1264,7]]},"1001":{"position":[[84,9],[133,8],[307,8],[454,8],[469,8],[500,9],[712,8],[774,9],[820,8],[889,8],[1225,8],[2357,8],[3034,8],[3717,8]]},"1003":{"position":[[21,8],[1565,8],[1893,8],[3268,9],[3550,8]]},"1005":{"position":[[14,8],[125,9],[528,8]]},"1007":{"position":[[378,9]]},"1009":{"position":[[315,9]]},"1011":{"position":[[323,8]]},"1015":{"position":[[27,9],[61,8],[151,9]]},"1023":{"position":[[1465,9],[1870,8],[6585,8],[6607,8],[6625,8],[6724,9],[6801,8],[6920,9],[10715,8],[10901,9],[12306,9],[12822,8]]},"1025":{"position":[[194,9],[353,7],[691,7],[1149,9]]},"1037":{"position":[[4023,8]]},"1047":{"position":[[169,8],[785,8]]},"1051":{"position":[[89,9],[460,12],[1898,12]]}}}],["provider'",{"_index":605,"t":{"1003":{"position":[[3422,10]]},"1023":{"position":[[6843,10]]},"1037":{"position":[[1699,10]]},"1047":{"position":[[309,10]]}}}],["provider.example.com",{"_index":1103,"t":{"1047":{"position":[[894,20]]}}}],["provider.example.com%2fsign_out_pag",{"_index":1096,"t":{"1047":{"position":[[486,36]]}}}],["provider/sign_out_pag",{"_index":1099,"t":{"1047":{"position":[[672,25]]}}}],["provider=\"github",{"_index":643,"t":{"1011":{"position":[[247,17]]}}}],["provider=\"gitlab",{"_index":409,"t":{"995":{"position":[[379,17]]}}}],["provider=azur",{"_index":332,"t":{"987":{"position":[[1066,14]]}}}],["provider=bitbucket",{"_index":636,"t":{"1009":{"position":[[355,18]]}}}],["provider=digitalocean",{"_index":627,"t":{"1007":{"position":[[418,21]]}}}],["provider=keycloak",{"_index":388,"t":{"993":{"position":[[341,17]]}}}],["providers.new",{"_index":655,"t":{"1015":{"position":[[98,15]]}}}],["proxi",{"_index":14,"t":{"973":{"position":[[132,5],[242,5],[509,5],[622,5]]},"975":{"position":[[32,5],[729,5]]},"977":{"position":[[12,5]]},"979":{"position":[[65,5],[339,6]]},"983":{"position":[[179,5]]},"985":{"position":[[2306,5],[2422,6]]},"987":{"position":[[914,6],[1053,5]]},"1001":{"position":[[284,5],[422,5],[528,5],[549,5],[2961,5],[2981,5],[4157,5],[4177,5]]},"1003":{"position":[[393,5],[661,5],[1512,5],[1558,5],[2999,7],[3190,6],[3340,5],[3582,5],[3603,5]]},"1007":{"position":[[206,5],[249,5]]},"1009":{"position":[[108,6],[152,5]]},"1011":{"position":[[238,6]]},"1015":{"position":[[130,5]]},"1017":{"position":[[7,5]]},"1023":{"position":[[7125,5],[7173,5],[7239,5],[7279,8],[7465,5],[8995,5],[9038,6],[10324,5],[11913,5],[12035,5],[12204,5]]},"1025":{"position":[[7,5],[623,5],[978,5]]},"1029":{"position":[[19,5]]},"1031":{"position":[[905,5]]},"1033":{"position":[[760,5]]},"1037":{"position":[[192,8],[1763,5]]},"1039":{"position":[[109,5]]},"1041":{"position":[[97,5],[396,5],[655,6]]},"1045":{"position":[[7,5],[87,7],[169,5]]},"1049":{"position":[[29,7]]},"1051":{"position":[[80,5],[204,5],[263,5],[647,5],[946,8],[965,5],[992,5],[1713,5],[1772,5]]}}}],["proxy'",{"_index":70,"t":{"975":{"position":[[96,7]]},"1007":{"position":[[296,7]]},"1037":{"position":[[86,7]]},"1047":{"position":[[91,7]]}}}],["proxy.cfg",{"_index":704,"t":{"1021":{"position":[[225,9],[326,9]]}}}],["proxy/oauth2",{"_index":13,"t":{"973":{"position":[[119,12],[229,12]]}}}],["proxy/oauth2/callback",{"_index":624,"t":{"1007":{"position":[[163,22]]}}}],["proxy=tru",{"_index":1140,"t":{"1051":{"position":[[1923,10]]}}}],["proxy>/oauth2/callback",{"_index":635,"t":{"1009":{"position":[[63,23]]}}}],["proxy_buffer_s",{"_index":342,"t":{"987":{"position":[[1333,17]]}}}],["proxy_connect_timeout",{"_index":1136,"t":{"1051":{"position":[[1608,21]]}}}],["proxy_pass",{"_index":980,"t":{"1037":{"position":[[319,10],[657,10],[2584,10],[2948,10]]},"1051":{"position":[[1469,10]]}}}],["proxy_pass_request_bodi",{"_index":988,"t":{"1037":{"position":[[883,23]]}}}],["proxy_read_timeout",{"_index":1139,"t":{"1051":{"position":[[1656,18]]}}}],["proxy_send_timeout",{"_index":1137,"t":{"1051":{"position":[[1633,18]]}}}],["proxy_set_head",{"_index":982,"t":{"1037":{"position":[[353,16],[382,16],[423,16],[458,16],[559,16],[691,16],[720,16],[761,16],[847,16],[1218,16],[1249,16],[1428,16]]},"1051":{"position":[[1503,16],[1532,16],[1573,16]]}}}],["proxyus",{"_index":839,"t":{"1023":{"position":[[7523,9]]}}}],["pubjwk",{"_index":579,"t":{"1003":{"position":[[1917,6]]},"1023":{"position":[[7295,6]]}}}],["pubkey",{"_index":835,"t":{"1023":{"position":[[7317,6]]}}}],["public",{"_index":371,"t":{"991":{"position":[[1011,6],[1229,6]]},"1003":{"position":[[974,6]]}}}],["public_repo",{"_index":377,"t":{"991":{"position":[[1376,11]]}}}],["publicli",{"_index":136,"t":{"979":{"position":[[175,9]]}}}],["push",{"_index":370,"t":{"991":{"position":[[994,4]]},"1023":{"position":[[3328,4]]}}}],["put",{"_index":15,"t":{"973":{"position":[[149,3]]}}}],["python",{"_index":662,"t":{"1019":{"position":[[66,6],[107,6]]}}}],["quay.io/oauth2",{"_index":21,"t":{"973":{"position":[[214,14]]}}}],["queri",{"_index":1094,"t":{"1047":{"position":[[358,5]]}}}],["quick",{"_index":551,"t":{"1003":{"position":[[1080,5]]}}}],["quickli",{"_index":119,"t":{"977":{"position":[[154,7]]}}}],["r_basicprofil",{"_index":422,"t":{"997":{"position":[[168,14]]}}}],["r_emailaddress",{"_index":423,"t":{"997":{"position":[[187,15]]}}}],["rand",{"_index":679,"t":{"1019":{"position":[[296,4]]}}}],["random",{"_index":1065,"t":{"1043":{"position":[[391,6],[442,6]]}}}],["random_password",{"_index":694,"t":{"1019":{"position":[[663,17]]}}}],["rang",{"_index":878,"t":{"1023":{"position":[[11812,6]]}}}],["raw",{"_index":1006,"t":{"1037":{"position":[[2229,3]]}}}],["rc3.org",{"_index":1111,"t":{"1049":{"position":[[478,8]]}}}],["rd",{"_index":1093,"t":{"1047":{"position":[[355,2]]}}}],["re",{"_index":1057,"t":{"1041":{"position":[[799,2]]},"1047":{"position":[[200,2]]}}}],["reach",{"_index":862,"t":{"1023":{"position":[[10771,5]]}}}],["read",{"_index":302,"t":{"985":{"position":[[2323,4]]},"991":{"position":[[1207,4]]},"1009":{"position":[[240,4],[261,4]]},"1049":{"position":[[396,4]]}}}],["readi",{"_index":186,"t":{"981":{"position":[[613,6]]}}}],["readiness_check",{"_index":775,"t":{"1023":{"position":[[2837,17]]}}}],["real",{"_index":597,"t":{"1003":{"position":[[3070,4],[3215,4]]},"1023":{"position":[[7365,4],[7423,4],[7509,4],[7539,4],[9077,4],[11936,4]]},"1031":{"position":[[867,4]]},"1033":{"position":[[722,4]]},"1037":{"position":[[401,4],[739,4]]},"1051":{"position":[[1551,4]]}}}],["realm>/protocol/openid",{"_index":394,"t":{"993":{"position":[[482,22],[570,22],[661,22]]}}}],["reason",{"_index":296,"t":{"985":{"position":[[1998,6]]}}}],["recommend",{"_index":255,"t":{"985":{"position":[[867,11]]},"1037":{"position":[[3574,11]]},"1051":{"position":[[14,11]]}}}],["redeem",{"_index":382,"t":{"991":{"position":[[1837,6]]},"993":{"position":[[519,6]]},"1003":{"position":[[3765,6]]},"1005":{"position":[[686,6]]},"1011":{"position":[[527,6]]},"1023":{"position":[[7549,6],[10639,6]]}}}],["redempt",{"_index":840,"t":{"1023":{"position":[[7573,10]]}}}],["redi",{"_index":97,"t":{"975":{"position":[[552,6]]},"987":{"position":[[1380,5]]},"1023":{"position":[[7700,5],[7752,5],[7837,5],[7857,5],[7892,5],[7909,5],[7960,5],[7982,5],[8017,5],[8075,5],[8098,5],[8129,5],[8193,5],[8228,5],[8245,5],[8279,5],[8334,5],[8355,5],[8408,5],[8494,5],[8515,5],[8549,5],[8575,5],[8633,5],[8668,5],[8700,5],[8733,5],[9335,5]]},"1039":{"position":[[326,5]]},"1043":{"position":[[4,5],[57,6],[606,5],[711,5],[873,5],[936,5],[964,5],[1055,5],[1112,5],[1175,5],[1208,5],[1254,5],[1357,5],[1412,5],[1475,5],[1505,5]]}}}],["redirect",{"_index":85,"t":{"975":{"position":[[276,10]]},"983":{"position":[[123,8]]},"985":{"position":[[699,8]]},"989":{"position":[[95,8]]},"993":{"position":[[76,8]]},"995":{"position":[[178,8],[399,8],[477,8]]},"997":{"position":[[217,8]]},"1001":{"position":[[556,8],[2027,8],[3309,8],[3369,8]]},"1003":{"position":[[1379,8],[1619,8],[3610,8]]},"1005":{"position":[[448,12]]},"1007":{"position":[[315,8],[562,8],[680,8]]},"1011":{"position":[[87,8],[267,8]]},"1023":{"position":[[2048,9],[2609,8],[7595,8],[7625,8],[11664,11],[12500,8]]},"1037":{"position":[[490,8],[591,8]]},"1045":{"position":[[586,8]]},"1047":{"position":[[22,8],[269,8],[380,8],[550,8],[585,8],[646,9],[873,8],[1006,8]]}}}],["redis://host[:port",{"_index":842,"t":{"1023":{"position":[[7788,21],[7937,20],[8445,21]]}}}],["reduc",{"_index":922,"t":{"1029":{"position":[[804,8]]}}}],["refer",{"_index":544,"t":{"1003":{"position":[[930,5],[1284,8]]},"1005":{"position":[[367,5]]}}}],["refresh",{"_index":256,"t":{"985":{"position":[[882,7],[936,7],[2540,9]]},"1001":{"position":[[2137,7],[3478,7]]},"1023":{"position":[[1373,7],[1390,7],[12333,8]]},"1037":{"position":[[1494,8]]},"1041":{"position":[[734,10]]}}}],["refresh/access/id",{"_index":1072,"t":{"1043":{"position":[[787,17]]}}}],["regex",{"_index":68,"t":{"975":{"position":[[70,6]]},"1023":{"position":[[10094,5],[10363,5]]}}}],["regist",{"_index":46,"t":{"973":{"position":[[559,8]]},"983":{"position":[[17,8]]},"1003":{"position":[[453,8],[765,8]]}}}],["registr",{"_index":215,"t":{"985":{"position":[[16,12]]},"987":{"position":[[114,14],[156,14]]},"997":{"position":[[18,12]]}}}],["regular",{"_index":172,"t":{"981":{"position":[[365,7]]}}}],["releas",{"_index":6,"t":{"973":{"position":[[59,7],[421,7]]},"981":{"position":[[493,8],[661,9]]}}}],["reload",{"_index":1039,"t":{"1037":{"position":[[4107,6]]}}}],["remain",{"_index":425,"t":{"997":{"position":[[300,9]]}}}],["remot",{"_index":883,"t":{"1023":{"position":[[12067,6]]}}}],["remote_addr",{"_index":983,"t":{"1037":{"position":[[409,13],[747,13]]},"1051":{"position":[[1559,13]]}}}],["remote_address",{"_index":926,"t":{"1031":{"position":[[181,16]]},"1033":{"position":[[62,16]]}}}],["remov",{"_index":1089,"t":{"1047":{"position":[[76,7]]}}}],["replac",{"_index":698,"t":{"1021":{"position":[[65,9]]},"1027":{"position":[[129,9]]}}}],["replace(\"/\",\"_",{"_index":686,"t":{"1019":{"position":[[550,19]]}}}],["repli",{"_index":327,"t":{"987":{"position":[[779,6]]}}}],["repo",{"_index":372,"t":{"991":{"position":[[1076,8]]},"1003":{"position":[[2497,4]]},"1023":{"position":[[3148,4]]}}}],["report",{"_index":950,"t":{"1031":{"position":[[1163,8]]},"1033":{"position":[[1301,8]]}}}],["repositori",{"_index":358,"t":{"991":{"position":[[329,11],[953,11],[1018,10],[1056,11],[1126,10],[1236,10],[1320,11],[1445,10]]},"1009":{"position":[[245,12],[696,10]]},"1023":{"position":[[3201,10],[3292,10],[3347,11]]}}}],["repository=/index.php/apps/oauth2/api/v1/token",{"_index":619,"t":{"1005":{"position":[[714,40]]}}}],["url>/index.php/apps/oauth2/author",{"_index":618,"t":{"1005":{"position":[[647,37]]}}}],["url>/ocs/v2.php/cloud/user?format=json",{"_index":620,"t":{"1005":{"position":[[786,39]]}}}],["url]/stat",{"_index":910,"t":{"1025":{"position":[[984,13]]}}}],["url]/var/www/stat",{"_index":906,"t":{"1025":{"position":[[629,21]]}}}],["us",{"_index":18,"t":{"973":{"position":[[182,5],[628,5]]},"975":{"position":[[761,6]]},"979":{"position":[[550,4]]},"981":{"position":[[3,3],[361,3]]},"983":{"position":[[385,5]]},"987":{"position":[[230,3],[1169,5]]},"991":{"position":[[1426,3],[1686,5]]},"993":{"position":[[766,5]]},"995":{"position":[[16,5],[816,5]]},"999":{"position":[[175,4]]},"1001":{"position":[[194,3],[238,5],[320,5],[382,3],[740,4],[924,5],[4047,3]]},"1003":{"position":[[2172,3],[3211,3]]},"1005":{"position":[[105,5],[276,5]]},"1007":{"position":[[370,3],[670,3]]},"1009":{"position":[[43,3],[307,3],[555,3],[707,3]]},"1013":{"position":[[29,3],[105,3],[209,3]]},"1015":{"position":[[139,3]]},"1019":{"position":[[35,3]]},"1021":{"position":[[286,4]]},"1023":{"position":[[927,4],[1196,3],[1990,3],[2669,3],[2749,3],[3273,3],[4247,5],[4370,3],[4735,4],[4912,4],[5656,4],[6040,3],[6126,3],[6194,4],[6696,4],[6785,4],[6882,4],[6979,4],[7066,4],[7401,4],[7810,4],[7843,3],[8154,4],[8222,3],[8307,4],[8340,3],[8467,4],[8500,3],[8521,3],[8608,3],[8639,3],[8767,3],[9483,7],[9525,4],[9693,7],[9801,7],[10889,5],[11005,5],[12217,3],[12376,5],[12786,3]]},"1025":{"position":[[830,4],[1214,4]]},"1027":{"position":[[299,6]]},"1029":{"position":[[111,5],[735,5]]},"1031":{"position":[[857,3]]},"1033":{"position":[[712,3]]},"1037":{"position":[[1651,5],[2677,3],[2719,3],[3589,3],[4070,3]]},"1039":{"position":[[115,4]]},"1041":{"position":[[78,4],[287,5]]},"1043":{"position":[[863,5],[1102,3],[1118,3],[1363,3],[1481,3],[1511,3]]},"1045":{"position":[[375,3],[521,4],[647,4],[777,4],[926,3]]},"1047":{"position":[[345,5]]},"1049":{"position":[[487,5]]},"1051":{"position":[[732,5],[815,3],[1184,3]]}}}],["usag",{"_index":1073,"t":{"1043":{"position":[[851,6]]}}}],["user",{"_index":82,"t":{"975":{"position":[[248,4],[643,4]]},"985":{"position":[[393,6],[2171,4],[2439,4]]},"987":{"position":[[410,5],[661,6]]},"991":{"position":[[436,4],[463,5],[971,5],[1196,5],[1286,4],[1481,4],[1619,8]]},"997":{"position":[[119,4]]},"1001":{"position":[[2256,5]]},"1005":{"position":[[58,5]]},"1009":{"position":[[659,5]]},"1023":{"position":[[2878,4],[3368,4],[3396,5],[5914,5],[6020,4],[6248,4],[6344,4],[6379,5],[7023,4],[7043,4],[7111,4],[9401,5],[11457,4],[11503,4]]},"1029":{"position":[[748,4]]},"1031":{"position":[[94,4],[341,4],[410,4],[1149,4]]},"1033":{"position":[[1287,4]]},"1037":{"position":[[1013,4],[1115,5],[1237,4],[1242,6]]},"1039":{"position":[[138,4]]},"1041":{"position":[[790,5]]},"1043":{"position":[[184,4]]},"1045":{"position":[[258,4]]},"1047":{"position":[[12,4],[121,4],[282,4],[393,4]]}}}],["user'",{"_index":1041,"t":{"1039":{"position":[[17,6]]},"1045":{"position":[[792,6]]}}}],["user/settings/appl",{"_index":640,"t":{"1011":{"position":[[52,28]]}}}],["user@domain.com",{"_index":927,"t":{"1031":{"position":[[200,17]]},"1033":{"position":[[81,17]]}}}],["user_ag",{"_index":956,"t":{"1033":{"position":[[180,14]]}}}],["userag",{"_index":949,"t":{"1031":{"position":[[1128,9]]},"1033":{"position":[[516,14],[1266,9]]}}}],["usernam",{"_index":378,"t":{"991":{"position":[[1506,8],[1644,9]]},"1023":{"position":[[1816,8],[3414,8],[5964,8],[6069,8],[6130,8],[6429,8],[9457,8]]},"1031":{"position":[[63,8],[676,13],[1198,8],[1239,8]]},"1033":{"position":[[412,13],[1336,8],[1377,8]]}}}],["username@email.com",{"_index":951,"t":{"1031":{"position":[[1207,18]]},"1033":{"position":[[1345,18]]}}}],["utc",{"_index":797,"t":{"1023":{"position":[[4430,3]]}}}],["v3.0.0",{"_index":38,"t":{"973":{"position":[[451,7]]}}}],["v6.1.1",{"_index":7,"t":{"973":{"position":[[70,7]]}}}],["valid",{"_index":27,"t":{"973":{"position":[[313,9]]},"981":{"position":[[231,8]]},"983":{"position":[[189,5]]},"985":{"position":[[958,9]]},"989":{"position":[[83,5]]},"991":{"position":[[1910,8]]},"993":{"position":[[70,5],[608,8]]},"1005":{"position":[[756,8],[849,8]]},"1011":{"position":[[595,8]]},"1019":{"position":[[572,5]]},"1023":{"position":[[10847,10],[10963,10],[11523,8],[11556,10],[12494,5]]},"1049":{"position":[[384,11]]}}}],["valu",{"_index":211,"t":{"983":{"position":[[418,6]]},"987":{"position":[[1011,5]]},"993":{"position":[[865,5]]},"1023":{"position":[[38,6]]},"1025":{"position":[[795,5]]},"1031":{"position":[[947,5]]},"1033":{"position":[[802,5]]},"1043":{"position":[[203,5]]}}}],["var/www/stat",{"_index":909,"t":{"1025":{"position":[[933,16]]}}}],["variabl",{"_index":56,"t":{"973":{"position":[[684,9]]},"1003":{"position":[[2157,10],[2303,9],[2366,9],[2747,9]]},"1005":{"position":[[192,9]]},"1017":{"position":[[69,9],[183,9],[209,9]]},"1027":{"position":[[63,8],[238,8]]},"1029":{"position":[[613,10]]},"1031":{"position":[[744,9],[772,8]]},"1033":{"position":[[596,9],[627,8]]},"1035":{"position":[[500,9],[532,8]]},"1037":{"position":[[2202,9],[2838,9],[3826,8]]},"1045":{"position":[[189,9]]}}}],["verif",{"_index":814,"t":{"1023":{"position":[[5226,12],[5500,13]]}}}],["verifi",{"_index":30,"t":{"973":{"position":[[350,9]]},"991":{"position":[[1435,9]]},"1023":{"position":[[3282,9],[5183,8],[10434,8],[10830,6],[10946,6]]}}}],["version",{"_index":37,"t":{"973":{"position":[[443,7]]},"979":{"position":[[679,8]]},"1023":{"position":[[11578,7],[11596,7]]}}}],["via",{"_index":602,"t":{"1003":{"position":[[3308,3]]},"1005":{"position":[[161,3]]},"1017":{"position":[[31,3]]},"1023":{"position":[[338,3],[5614,3],[5819,3],[8674,3]]},"1031":{"position":[[1365,3]]},"1037":{"position":[[71,3],[1007,3],[2944,3],[3755,3]]},"1043":{"position":[[717,3],[958,3]]},"1051":{"position":[[1247,3]]}}}],["volum",{"_index":923,"t":{"1029":{"position":[[817,7]]}}}],["vulner",{"_index":127,"t":{"979":{"position":[[37,13],[606,13]]},"981":{"position":[[75,16],[308,15]]}}}],["want",{"_index":323,"t":{"987":{"position":[[396,4],[884,4]]},"1001":{"position":[[1046,4]]},"1003":{"position":[[580,4]]},"1025":{"position":[[677,5]]},"1043":{"position":[[1094,4]]},"1047":{"position":[[865,4]]}}}],["warn",{"_index":884,"t":{"1023":{"position":[[12083,8]]}}}],["way",{"_index":356,"t":{"991":{"position":[[217,4]]},"1003":{"position":[[1086,3]]}}}],["web",{"_index":240,"t":{"985":{"position":[[529,4]]},"1001":{"position":[[1898,3],[3142,3],[3261,3]]},"1049":{"position":[[423,3],[514,3]]}}}],["webapp",{"_index":314,"t":{"987":{"position":[[194,7]]}}}],["websocket",{"_index":834,"t":{"1023":{"position":[[7245,10],[7269,9]]}}}],["well",{"_index":757,"t":{"1023":{"position":[[2290,5],[2328,5],[2923,4]]},"1043":{"position":[[924,4],[1145,4],[1308,5]]}}}],["whether",{"_index":401,"t":{"995":{"position":[[0,7]]},"1005":{"position":[[241,7]]},"1023":{"position":[[9054,7]]}}}],["whitelist",{"_index":875,"t":{"1023":{"position":[[11613,9],[12386,9],[12729,11]]},"1047":{"position":[[954,9]]}}}],["wide_authority_to_your_service_account",{"_index":279,"t":{"985":{"position":[[1438,38]]}}}],["window",{"_index":325,"t":{"987":{"position":[[577,8]]}}}],["wish",{"_index":460,"t":{"1001":{"position":[[1146,4],[1578,4],[1671,4],[2276,4]]},"1007":{"position":[[95,5]]}}}],["within",{"_index":128,"t":{"979":{"position":[[51,6]]},"991":{"position":[[703,6]]},"1001":{"position":[[4077,6]]},"1041":{"position":[[568,6]]}}}],["without",{"_index":977,"t":{"1037":{"position":[[184,7]]}}}],["work",{"_index":112,"t":{"977":{"position":[[61,4]]},"995":{"position":[[320,4]]},"1001":{"position":[[1247,5],[1744,4]]},"1003":{"position":[[210,4]]},"1023":{"position":[[2918,4]]},"1037":{"position":[[1528,4]]}}}],["write",{"_index":376,"t":{"991":{"position":[[1300,5]]}}}],["x",{"_index":819,"t":{"1023":{"position":[[5618,1],[5699,1],[5902,1],[5920,1],[5942,1],[6367,1],[6385,1],[6407,1],[7490,1],[7507,1],[7521,1],[7537,1],[9075,1],[9386,1],[9407,1],[9432,1],[9556,1],[10227,1]]},"1031":{"position":[[865,1]]},"1033":{"position":[[720,1]]},"1037":{"position":[[399,1],[440,1],[475,1],[576,1],[737,1],[778,1],[1011,1],[1022,1],[1235,1],[1266,1],[1445,1]]},"1047":{"position":[[570,1]]},"1051":{"position":[[1549,1],[1590,1]]}}}],["x.y.z.linux",{"_index":43,"t":{"973":{"position":[[515,11]]}}}],["x509",{"_index":554,"t":{"1003":{"position":[[1117,4]]}}}],["xauthrequest",{"_index":820,"t":{"1023":{"position":[[5672,12],[9364,12]]},"1037":{"position":[[1080,12]]}}}],["xxx\"client_secret",{"_index":515,"t":{"1001":{"position":[[3920,18]]}}}],["xxxxx\"client_secret",{"_index":485,"t":{"1001":{"position":[[2570,20]]}}}],["you'd",{"_index":375,"t":{"991":{"position":[[1166,5]]}}}],["yourcompany.com",{"_index":720,"t":{"1023":{"position":[[853,18]]}}}],["yyy\"pass_access_token",{"_index":516,"t":{"1001":{"position":[[3941,22]]}}}],["yyyyy\"pass_access_token",{"_index":486,"t":{"1001":{"position":[[2593,24]]}}}],["zzz\"cookie_secur",{"_index":517,"t":{"1001":{"position":[[3986,18]]}}}],["zzzzz\"skip_provider_button",{"_index":488,"t":{"1001":{"position":[[2640,27]]}}}]],"pipeline":["stemmer"]}}] \ No newline at end of file +[{"documents":[{"i":972,"t":"Installation","u":"/oauth2-proxy/docs/6.1.x/","b":["Docs"]},{"i":974,"t":"Behaviour","u":"/oauth2-proxy/docs/6.1.x/behaviour","b":["Docs"]},{"i":976,"t":"Security","u":"/oauth2-proxy/docs/6.1.x/community/security","b":["Docs","Community"]},{"i":982,"t":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","b":["Docs","Configuration"]},{"i":1016,"t":"Overview","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","b":["Docs","Configuration"]},{"i":1038,"t":"Session Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","b":["Docs","Configuration"]},{"i":1044,"t":"TLS Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/tls","b":["Docs","Configuration"]},{"i":1046,"t":"Endpoints","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","b":["Docs","Features"]},{"i":1050,"t":"Request Signatures","u":"/oauth2-proxy/docs/6.1.x/features/request_signatures","b":["Docs","Features"]}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/972",[0,2.222]],["t/974",[1,2.222]],["t/976",[2,2.222]],["t/982",[3,1.375,4,1.375,5,1.005]],["t/1016",[6,2.222]],["t/1038",[7,1.699,8,1.699]],["t/1044",[5,1.241,9,1.699]],["t/1046",[10,2.222]],["t/1050",[11,1.699,12,1.699]]],"invertedIndex":[["behaviour",{"_index":1,"t":{"974":{"position":[[0,9]]}}}],["configur",{"_index":5,"t":{"982":{"position":[[15,13]]},"1044":{"position":[[4,13]]}}}],["endpoint",{"_index":10,"t":{"1046":{"position":[[0,9]]}}}],["instal",{"_index":0,"t":{"972":{"position":[[0,12]]}}}],["oauth",{"_index":3,"t":{"982":{"position":[[0,5]]}}}],["overview",{"_index":6,"t":{"1016":{"position":[[0,8]]}}}],["provid",{"_index":4,"t":{"982":{"position":[[6,8]]}}}],["request",{"_index":11,"t":{"1050":{"position":[[0,7]]}}}],["secur",{"_index":2,"t":{"976":{"position":[[0,8]]}}}],["session",{"_index":7,"t":{"1038":{"position":[[0,7]]}}}],["signatur",{"_index":12,"t":{"1050":{"position":[[8,10]]}}}],["storag",{"_index":8,"t":{"1038":{"position":[[8,7]]}}}],["tl",{"_index":9,"t":{"1044":{"position":[[0,3]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":978,"t":"Security Disclosures","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#security-disclosures","p":976},{"i":980,"t":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#how-will-we-respond-to-disclosures","p":976},{"i":984,"t":"Google Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#google-auth-provider","p":982},{"i":986,"t":"Azure Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#azure-auth-provider","p":982},{"i":988,"t":"Facebook Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#facebook-auth-provider","p":982},{"i":990,"t":"GitHub Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#github-auth-provider","p":982},{"i":992,"t":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#keycloak-auth-provider","p":982},{"i":994,"t":"GitLab Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitlab-auth-provider","p":982},{"i":996,"t":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#linkedin-auth-provider","p":982},{"i":998,"t":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":982},{"i":1000,"t":"OpenID Connect Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#openid-connect-provider","p":982},{"i":1002,"t":"login.gov Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#logingov-provider","p":982},{"i":1004,"t":"Nextcloud Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#nextcloud-provider","p":982},{"i":1006,"t":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":982},{"i":1008,"t":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":982},{"i":1010,"t":"Gitea Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitea-auth-provider","p":982},{"i":1012,"t":"Email Authentication","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#email-authentication","p":982},{"i":1014,"t":"Adding a new Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#adding-a-new-provider","p":982},{"i":1018,"t":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#generating-a-cookie-secret","p":1016},{"i":1020,"t":"Config File","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#config-file","p":1016},{"i":1022,"t":"Command Line Options","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#command-line-options","p":1016},{"i":1024,"t":"Upstreams Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#upstreams-configuration","p":1016},{"i":1026,"t":"Environment variables","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#environment-variables","p":1016},{"i":1028,"t":"Logging Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#logging-configuration","p":1016},{"i":1030,"t":"Auth Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#auth-log-format","p":1016},{"i":1032,"t":"Request Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#request-log-format","p":1016},{"i":1034,"t":"Standard Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#standard-log-format","p":1016},{"i":1036,"t":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":1016},{"i":1040,"t":"Cookie Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#cookie-storage","p":1038},{"i":1042,"t":"Redis Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#redis-storage","p":1038},{"i":1048,"t":"Sign out","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","h":"#sign-out","p":1046}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/978",[0,3.428,1,2.855]],["t/980",[1,2.855,2,3.428]],["t/984",[3,2.932,4,0.98,5,0.694]],["t/986",[4,0.98,5,0.694,6,2.442]],["t/988",[4,0.98,5,0.694,7,2.932]],["t/990",[4,0.98,5,0.694,8,2.932]],["t/992",[4,0.98,5,0.694,9,2.932]],["t/994",[4,0.98,5,0.694,10,2.932]],["t/996",[4,0.98,5,0.694,11,2.932]],["t/998",[5,0.607,6,2.134,12,2.561,13,2.134]],["t/1000",[5,0.694,14,2.932,15,2.932]],["t/1002",[5,0.812,16,3.428]],["t/1004",[5,0.812,17,3.428]],["t/1006",[4,0.98,5,0.694,18,2.932]],["t/1008",[4,0.98,5,0.694,19,2.932]],["t/1010",[4,0.98,5,0.694,20,2.932]],["t/1012",[21,3.428,22,3.428]],["t/1014",[5,0.694,13,2.442,23,2.932]],["t/1018",[24,2.932,25,2.442,26,2.932]],["t/1020",[27,3.428,28,3.428]],["t/1022",[29,2.932,30,2.932,31,2.932]],["t/1024",[32,3.428,33,2.479]],["t/1026",[34,3.428,35,3.428]],["t/1028",[33,2.479,36,2.197]],["t/1030",[4,0.98,36,1.879,37,2.12]],["t/1032",[36,1.879,37,2.12,38,2.932]],["t/1034",[36,1.879,37,2.12,39,2.932]],["t/1036",[33,1.644,40,2.274,41,2.274,42,2.274,43,2.274]],["t/1040",[25,2.855,44,2.855]],["t/1042",[44,2.855,45,3.428]],["t/1048",[46,3.428,47,3.428]]],"invertedIndex":[["ad",{"_index":13,"t":{"998":{"position":[[16,2]]},"1014":{"position":[[0,6]]}}}],["auth",{"_index":4,"t":{"984":{"position":[[7,4]]},"986":{"position":[[6,4]]},"988":{"position":[[9,4]]},"990":{"position":[[7,4]]},"992":{"position":[[9,4]]},"994":{"position":[[7,4]]},"996":{"position":[[9,4]]},"1006":{"position":[[13,4]]},"1008":{"position":[[10,4]]},"1010":{"position":[[6,4]]},"1030":{"position":[[0,4]]}}}],["auth_request",{"_index":42,"t":{"1036":{"position":[[35,12]]}}}],["authent",{"_index":22,"t":{"1012":{"position":[[6,14]]}}}],["azur",{"_index":6,"t":{"986":{"position":[[0,5]]},"998":{"position":[[10,5]]}}}],["bitbucket",{"_index":19,"t":{"1008":{"position":[[0,9]]}}}],["command",{"_index":29,"t":{"1022":{"position":[[0,7]]}}}],["config",{"_index":27,"t":{"1020":{"position":[[0,6]]}}}],["configur",{"_index":33,"t":{"1024":{"position":[[10,13]]},"1028":{"position":[[8,13]]},"1036":{"position":[[0,11]]}}}],["connect",{"_index":15,"t":{"1000":{"position":[[7,7]]}}}],["cooki",{"_index":25,"t":{"1018":{"position":[[13,6]]},"1040":{"position":[[0,6]]}}}],["digitalocean",{"_index":18,"t":{"1006":{"position":[[0,12]]}}}],["direct",{"_index":43,"t":{"1036":{"position":[[48,9]]}}}],["disclosur",{"_index":1,"t":{"978":{"position":[[9,11]]},"980":{"position":[[23,12]]}}}],["email",{"_index":21,"t":{"1012":{"position":[[0,5]]}}}],["environ",{"_index":34,"t":{"1026":{"position":[[0,11]]}}}],["facebook",{"_index":7,"t":{"988":{"position":[[0,8]]}}}],["file",{"_index":28,"t":{"1020":{"position":[[7,4]]}}}],["format",{"_index":37,"t":{"1030":{"position":[[9,6]]},"1032":{"position":[[12,6]]},"1034":{"position":[[13,6]]}}}],["gener",{"_index":24,"t":{"1018":{"position":[[0,10]]}}}],["gitea",{"_index":20,"t":{"1010":{"position":[[0,5]]}}}],["github",{"_index":8,"t":{"990":{"position":[[0,6]]}}}],["gitlab",{"_index":10,"t":{"994":{"position":[[0,6]]}}}],["googl",{"_index":3,"t":{"984":{"position":[[0,6]]}}}],["keycloak",{"_index":9,"t":{"992":{"position":[[0,8]]}}}],["line",{"_index":30,"t":{"1022":{"position":[[8,4]]}}}],["linkedin",{"_index":11,"t":{"996":{"position":[[0,8]]}}}],["log",{"_index":36,"t":{"1028":{"position":[[0,7]]},"1030":{"position":[[5,3]]},"1032":{"position":[[8,3]]},"1034":{"position":[[9,3]]}}}],["login.gov",{"_index":16,"t":{"1002":{"position":[[0,9]]}}}],["microsoft",{"_index":12,"t":{"998":{"position":[[0,9]]}}}],["new",{"_index":23,"t":{"1014":{"position":[[9,3]]}}}],["nextcloud",{"_index":17,"t":{"1004":{"position":[[0,9]]}}}],["nginx",{"_index":41,"t":{"1036":{"position":[[29,5]]}}}],["openid",{"_index":14,"t":{"1000":{"position":[[0,6]]}}}],["option",{"_index":31,"t":{"1022":{"position":[[13,7]]}}}],["out",{"_index":47,"t":{"1048":{"position":[[5,3]]}}}],["provid",{"_index":5,"t":{"984":{"position":[[12,8]]},"986":{"position":[[11,8]]},"988":{"position":[[14,8]]},"990":{"position":[[12,8]]},"992":{"position":[[14,8]]},"994":{"position":[[12,8]]},"996":{"position":[[14,8]]},"998":{"position":[[19,8]]},"1000":{"position":[[15,8]]},"1002":{"position":[[10,8]]},"1004":{"position":[[10,8]]},"1006":{"position":[[18,8]]},"1008":{"position":[[15,8]]},"1010":{"position":[[11,8]]},"1014":{"position":[[13,8]]}}}],["redi",{"_index":45,"t":{"1042":{"position":[[0,5]]}}}],["request",{"_index":38,"t":{"1032":{"position":[[0,7]]}}}],["respond",{"_index":2,"t":{"980":{"position":[[12,7]]}}}],["secret",{"_index":26,"t":{"1018":{"position":[[20,6]]}}}],["secur",{"_index":0,"t":{"978":{"position":[[0,8]]}}}],["sign",{"_index":46,"t":{"1048":{"position":[[0,4]]}}}],["standard",{"_index":39,"t":{"1034":{"position":[[0,8]]}}}],["storag",{"_index":44,"t":{"1040":{"position":[[7,7]]},"1042":{"position":[[6,7]]}}}],["upstream",{"_index":32,"t":{"1024":{"position":[[0,9]]}}}],["us",{"_index":40,"t":{"1036":{"position":[[16,3]]}}}],["variabl",{"_index":35,"t":{"1026":{"position":[[12,9]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":973,"t":"Choose how to deploy: a. Download Prebuilt Binary (current release is v6.1.1) b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy which will put the binary in $GOPATH/bin c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available) Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. $ sha256sum -c sha256sum.txt 2>&1 | grep OKoauth2-proxy-x.y.z.linux-amd64: OK Select a Provider and Register an OAuth Application with a Provider Configure OAuth2 Proxy using config file, command line options, or environment variables Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)","s":"Installation","u":"/oauth2-proxy/docs/6.1.x/","h":"","p":972},{"i":975,"t":"Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens). If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned) After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) Notice that the proxy also provides a number of useful endpoints.","s":"Behaviour","u":"/oauth2-proxy/docs/6.1.x/behaviour","h":"","p":974},{"i":977,"t":"note OAuth2 Proxy is a community project. Maintainers do not work on this project full time, and as such, while we endeavour to respond to disclosures as quickly as possible, this may take longer than in projects with corporate sponsorship.","s":"Security","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"","p":976},{"i":979,"t":"info If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly. Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintenance team for OAuth2 Proxy, please compose an email and send it to the list of maintainers in our MAINTAINERS file. Please include as much detail as possible. Ideally, your disclosure should include: A reproducible case that can be used to demonstrate the exploit How you discovered this vulnerability A potential fix for the issue (if you have thought of one) Versions affected (if not present in master) Your GitHub ID","s":"Security Disclosures","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#security-disclosures","p":976},{"i":981,"t":"We use GitHub Security Advisories to privately discuss fixes for disclosed vulnerabilities. If you include a GitHub ID with your disclosure we will add you as a collaborator for the advisory so that you can join the discussion and validate any fixes we may propose. For minor issues and previously disclosed vulnerabilities (typically for dependencies), we may use regular PRs for fixes and forego the security advisory. Once a fix has been agreed upon, we will merge the fix and create a new release. If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.","s":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/6.1.x/community/security","h":"#how-will-we-respond-to-disclosures","p":976},{"i":983,"t":"You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on. Valid providers are : Google default Azure Facebook GitHub Keycloak GitLab LinkedIn Microsoft Azure AD OpenID Connect login.gov Nextcloud DigitalOcean Bitbucket Gitea The provider can be selected using the provider configuration value. Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.","s":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"","p":982},{"i":985,"t":"For Google, the registration steps are: Create a new project: https://console.developers.google.com/project Choose the new project from the top right project dropdown (only if another project is selected) In the project Dashboard center pane, choose \"API Manager\" In the left Nav pane, choose \"Credentials\" In the center pane, choose \"OAuth consent screen\" tab. Fill in \"Product name shown to users\" and hit save. In the center pane, choose \"Credentials\" tab. Open the \"New credentials\" drop down Choose \"OAuth client ID\" Choose \"Web application\" Application name is freeform, choose something appropriate Authorized JavaScript origins is your domain ex: https://internal.yourcompany.com Authorized redirect URIs is the location of oauth2/callback ex: https://internal.yourcompany.com/oauth2/callback Choose \"Create\" Take note of the Client ID and Client Secret It's recommended to refresh sessions on a short interval (1h) with cookie-refresh setting which validates that the account is still authorized. Restrict auth to specific Google groups on your domain. (optional)​ Create a service account: https://developers.google.com/identity/protocols/OAuth2ServiceAccount and make sure to download the json file. Make note of the Client ID for a future step. Under \"APIs & Auth\", choose APIs. Click on Admin SDK and then Enable API. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. Create or choose an existing administrative email address on the Gmail domain to assign to the google-admin-email flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. Create or choose an existing email group and set that email to the google-group flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the google-service-account-json flag. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).","s":"Google Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#google-auth-provider","p":982},{"i":987,"t":"Add an application: go to https://portal.azure.com, choose \"Azure Active Directory\" in the left menu, select \"App registrations\" and then click on \"New app registration\". Pick a name and choose \"Webapp / API\" as application type. Use https://internal.yourcompany.com as Sign-on URL. Click \"Create\". On the \"Settings\" / \"Properties\" page of the app, pick a logo and select \"Multi-tenanted\" if you want to allow users from multiple organizations to access your app. Note down the application ID. Click \"Save\". On the \"Settings\" / \"Required Permissions\" page of the app, click on \"Windows Azure Active Directory\" and then on \"Access the directory as the signed in user\". Hit \"Save\" and then then on \"Grant permissions\" (you might need another admin to do this). On the \"Settings\" / \"Reply URLs\" page of the app, add https://internal.yourcompanycom/oauth2/callback for each host that you want to protect by the oauth2 proxy. Click \"Save\". On the \"Settings\" / \"Keys\" page of the app, add a new key and note down the value after hitting \"Save\". Configure the proxy with --provider=azure --client-id= --client-secret= Note: When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"Azure Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#azure-auth-provider","p":982},{"i":989,"t":"Create a new FB App from https://developers.facebook.com/ Under FB Login, set your Valid OAuth redirect URIs to https://internal.yourcompany.com/oauth2/callback","s":"Facebook Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#facebook-auth-provider","p":982},{"i":991,"t":"Create a new project: https://github.com/settings/developers Under Authorization callback URL enter the correct url ie https://internal.yourcompany.com/oauth2/callback The GitHub auth provider supports two additional ways to restrict authentication to either organization and optional team level access, or to collaborators of a repository. Restricting by these options is normally accompanied with --email-domain=* NOTE: When --github-user is set, the specified users are allowed to login even if they do not belong to the specified org and team or collaborators. To restrict by organization only, include the following flag: -github-org=\"\": restrict logins to members of this organisation To restrict within an organization to specific teams, include the following flag in addition to -github-org: -github-team=\"\": restrict logins to members of any of these teams (slug), separated by a comma If you would rather restrict access to collaborators of a repository, those users must either have push access to a public repository or any access to a private repository: -github-repo=\"\": restrict logins to collaborators of this repository formatted as orgname/repo If you'd like to allow access to users with read only access to a public repository you will need to provide a token for a user that has write access to the repository. The token must be created with at least the public_repo scope: -github-token=\"\": the token to use when verifying repository collaborators To allow a user to login with their username even if they do not belong to the specified org and team or collaborators, separated by a comma -github-user=\"\": allow logins by username, separated by a comma If you are using GitHub enterprise, make sure you set the following to the appropriate url: -login-url=\"http(s):///login/oauth/authorize\"-redeem-url=\"http(s):///login/oauth/access_token\"-validate-url=\"http(s):///api/v3\"","s":"GitHub Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#github-auth-provider","p":982},{"i":993,"t":"Create new client in your Keycloak with Access Type 'confidental' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Make sure you set the following to the appropriate url: -provider=keycloak-client-id=-client-secret=-login-url=\"http(s):///realms//protocol/openid-connect/auth\"-redeem-url=\"http(s):///realms//protocol/openid-connect/token\"-validate-url=\"http(s):///realms//protocol/openid-connect/userinfo\"-keycloak-group= The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.","s":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#keycloak-auth-provider","p":982},{"i":995,"t":"Whether you are using GitLab.com or self-hosting GitLab, follow these steps to add an application. Make sure to enable at least the openid, profile and email scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow these steps --provider=\"gitlab\" --redirect-url=\"https://myapp.com/oauth2/callback\" // Should be the same as the redirect url for the application in gitlab --client-id=GITLAB_CLIENT_ID --client-secret=GITLAB_CLIENT_SECRET --cookie-secret=COOKIE_SECRET Restricting by group membership is possible with the following option: --gitlab-group=\"mygroup,myothergroup\": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: --oidc-issuer-url=\"\"","s":"GitLab Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitlab-auth-provider","p":982},{"i":997,"t":"For LinkedIn, the registration steps are: Create a new project: https://www.linkedin.com/secure/developer In the OAuth User Agreement section: In default scope, select r_basicprofile and r_emailaddress. In \"OAuth 2.0 Redirect URLs\", enter https://internal.yourcompany.com/oauth2/callback Fill in the remaining required fields and Save. Take note of the Consumer Key / API Key and Consumer Secret / Secret Key","s":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#linkedin-auth-provider","p":982},{"i":999,"t":"For adding an application to the Microsoft Azure AD follow these steps to add an application. Take note of your TenantId if applicable for your situation. The TenantId can be used to override the default common authorization server with a tenant specific server.","s":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":982},{"i":1001,"t":"OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. Launch a Dex instance using the getting started guide. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. Login with the fixture use in the dex guide and run the oauth2-proxy with the following args: -provider oidc -provider-display-name \"My OIDC Provider\" -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -cookie-secure=false -email-domain example.com The OpenID Connect Provider (OIDC) can also be used to connect to other Identity Providers such as Okta. To configure the OIDC provider for Okta, perform the following steps: Configuring the OIDC Provider with Okta​ Log in to Okta using an administrative account. It is suggested you try this in preview first, example.oktapreview.com (OPTIONAL) If you want to configure authorization scopes and claims to be passed on to multiple applications, you may wish to configure an authorization server for each application. Otherwise, the provided default will work. Navigate to Security then select API Click Add Authorization Server, if this option is not available you may require an additional license for a custom authorization server. Fill out the Name with something to describe the application you are protecting. e.g. 'Example App'. For Audience, pick the URL of the application you wish to protect: https://example.corp.com Fill out a Description Add any Access Policies you wish to configure to limit application access. The default settings will work for other options. See Okta documentation for more information on Authorization Servers Navigate to Applications then select Add Application. Select Web for the Platform setting. Select OpenID Connect and click Create Pick an Application Name such as Example App. Set the Login redirect URI to https://example.corp.com. Under General set the Allowed grant types to Authorization Code and Refresh Token. Leave the rest as default, taking note of the Client ID and Client Secret. Under Assignments select the users or groups you wish to access your application. Create a configuration file like the following: provider = \"oidc\"redirect_url = \"https://example.corp.com/oauth2/callback\"oidc_issuer_url = \"https://corp.okta.com/oauth2/abCd1234\"upstreams = [ \"https://example.corp.com\"]email_domains = [ \"corp.com\"]client_id = \"XXXXX\"client_secret = \"YYYYY\"pass_access_token = truecookie_secret = \"ZZZZZ\"skip_provider_button = true The oidc_issuer_url is based on URL from your Authorization Server's Issuer field in step 2, or simply https://corp.okta.com The client_id and client_secret are configured in the application settings. Generate a unique client_secret to encrypt the cookie. Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/example.cfg Configuring the OIDC Provider with Okta - localhost​ Signup for developer account: https://developer.okta.com/signup/ Create New Web Application: https://${your-okta-domain}/dev/console/apps/new Example Application Settings for localhost: Name: My Web App Base URIs: http://localhost:4180/ Login redirect URIs: http://localhost:4180/oauth2/callback Logout redirect URIs: http://localhost:4180/ Group assignments: Everyone Grant type allowed: Authorization Code and Refresh Token Make note of the Client ID and Client secret, they are needed in a future step Make note of the default Authorization Server Issuer URI from: https://${your-okta-domain}/admin/oauth2/as Example config file /etc/localhost.cfg provider = \"oidc\"redirect_url = \"http://localhost:4180/oauth2/callback\"oidc_issuer_url = \"https://${your-okta-domain}/oauth2/default\"upstreams = [ \"http://0.0.0.0:8080\"]email_domains = [ \"*\"]client_id = \"XXX\"client_secret = \"YYY\"pass_access_token = truecookie_secret = \"ZZZ\"cookie_secure = falseskip_provider_button = true# Note: use the following for testing within a container# http_address = \"0.0.0.0:4180\" Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/localhost.cfg","s":"OpenID Connect Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#openid-connect-provider","p":982},{"i":1003,"t":"login.gov is an OIDC provider for the US Government. If you are a US Government agency, you can contact the login.gov team through the contact information that you can find on https://login.gov/developers/ and work with them to understand how to get login.gov accounts for integration/test and production access. A developer guide is available here: https://developers.login.gov/, though this proxy handles everything but the data you need to create to register your application in the login.gov dashboard. As a demo, we will assume that you are running your application that you want to secure locally on http://localhost:3000/, that you will be starting your proxy up on http://localhost:4180/, and that you have an agency integration account for testing. First, register your application in the dashboard. The important bits are: Identity protocol: make this Openid connect Issuer: do what they say for OpenID Connect. We will refer to this string as ${LOGINGOV_ISSUER}. Public key: This is a self-signed certificate in .pem format generated from a 2048 bit RSA private key. A quick way to do this is openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/C=US/ST=Washington/L=DC/O=GSA/OU=18F/CN=localhost', The contents of the key.pem shall be referred to as ${OAUTH2_PROXY_JWT_KEY}. Return to App URL: Make this be http://localhost:4180/ Redirect URIs: Make this be http://localhost:4180/oauth2/callback. Attribute Bundle: Make sure that email is selected. Now start the proxy up with the following options: ./oauth2-proxy -provider login.gov \\ -client-id=${LOGINGOV_ISSUER} \\ -redirect-url=http://localhost:4180/oauth2/callback \\ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \\ -cookie-secure=false \\ -email-domain=gsa.gov \\ -upstream=http://localhost:3000/ \\ -cookie-secret=somerandomstring12341234567890AB \\ -cookie-domain=localhost \\ -skip-provider-button=true \\ -pubjwk-url=https://idp.int.identitysandbox.gov/api/openid_connect/certs \\ -profile-url=https://idp.int.identitysandbox.gov/api/openid_connect/userinfo \\ -jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\" You can also set all these options with environment variables, for use in cloud/docker environments. One tricky thing that you may encounter is that some cloud environments will pass in environment variables in a docker env-file, which does not allow multiline variables like a PEM file. If you encounter this, then you can create a jwt_signing_key.pem file in the top level directory of the repo which contains the key in PEM format and then do your docker build. The docker build process will copy that file into your image which you can then access by setting the OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem environment variable, or by setting --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem on the commandline. Once it is running, you should be able to go to http://localhost:4180/ in your browser, get authenticated by the login.gov integration server, and then get proxied on to your application running on http://localhost:3000/. In a real deployment, you would secure your application with a firewall or something so that it was only accessible from the proxy, and you would use real hostnames everywhere. Skip OIDC discovery​ Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the --skip-oidc-discovery option, and supply those required endpoints manually: -provider oidc -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -skip-oidc-discovery -login-url http://127.0.0.1:5556/authorize -redeem-url http://127.0.0.1:5556/token -oidc-jwks-url http://127.0.0.1:5556/keys -cookie-secure=false -email-domain example.com","s":"login.gov Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#logingov-provider","p":982},{"i":1005,"t":"The Nextcloud provider allows you to authenticate against users in your Nextcloud instance. When you are using the Nextcloud provider, you must specify the urls via configuration, environment variable, or command line argument. Depending on whether your Nextcloud instance is using pretty urls your urls may be of the form /index.php/apps/oauth2/* or /apps/oauth2/*. Refer to the OAuth2 documentation to setup the client id and client secret. Your \"Redirection URI\" will be https://internalapp.yourcompany.com/oauth2/callback. -provider nextcloud -client-id -client-secret -login-url=\"/index.php/apps/oauth2/authorize\" -redeem-url=\"/index.php/apps/oauth2/api/v1/token\" -validate-url=\"/ocs/v2.php/cloud/user?format=json\" Note: in all cases the validate-url will not have the index.php.","s":"Nextcloud Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#nextcloud-provider","p":982},{"i":1007,"t":"Create a new OAuth application You can fill in the name, homepage, and description however you wish. In the \"Application callback URL\" field, enter: https://oauth-proxy/oauth2/callback, substituting oauth2-proxy with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=digitalocean --client-id= --client-secret= Alternatively, set the equivalent options in the config file. The redirect URL defaults to https:///oauth2/callback. If you need to change it, you can use the --redirect-url command-line option.","s":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":982},{"i":1009,"t":"Add a new OAuth consumer In \"Callback URL\" use https:///oauth2/callback, substituting with the actual hostname that oauth2-proxy is running on. In Permissions section select: Account -> Email Team membership -> Read Repositories -> Read Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=bitbucket --client-id= --client-secret= The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: --bitbucket-team=. To restrict the access to only these users who has access to one selected repository use --bitbucket-repository=.","s":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":982},{"i":1011,"t":"Create a new application: https://< your gitea host >/user/settings/applications Under Redirect URI enter the correct URL i.e. https:///oauth2/callback Note the Client ID and Client Secret. Pass the following options to the proxy: --provider=\"github\" --redirect-url=\"https:///oauth2/callback\" --provider-display-name=\"Gitea\" --client-id=\"< client_id as generated by Gitea >\" --client-secret=\"< client_secret as generated by Gitea >\" --login-url=\"https://< your gitea host >/login/oauth/authorize\" --redeem-url=\"https://< your gitea host >/login/oauth/access_token\" --validate-url=\"https://< your gitea host >/api/v1\"","s":"Gitea Auth Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#gitea-auth-provider","p":982},{"i":1013,"t":"To authorize by email domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.","s":"Email Authentication","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#email-authentication","p":982},{"i":1015,"t":"Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.","s":"Adding a new Provider","u":"/oauth2-proxy/docs/6.1.x/configuration/oauth_provider","h":"#adding-a-new-provider","p":982},{"i":1017,"t":"oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).","s":"Overview","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"","p":1016},{"i":1019,"t":"To generate a strong cookie secret use one of the below commands: Python Bash OpenSSL PowerShell Terraform python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\\n' | tr -- '+/' '-_'; echo openssl rand -base64 32 | tr -- '+/' '-_' # Add System.Web assembly to session, just in caseAdd-Type -AssemblyName System.Web[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace(\"+\",\"-\").Replace(\"/\",\"_\") # Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secretresource \"random_password\" \"cookie_secret\" { length = 32 override_special = \"-_\"}","s":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#generating-a-cookie-secret","p":1016},{"i":1021,"t":"Every command line argument can be specified in a config file by replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the config option should be plural (trailing s). An example oauth2-proxy.cfg config file is in the contrib directory. It can be used by specifying --config=/etc/oauth2-proxy.cfg","s":"Config File","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#config-file","p":1016},{"i":1023,"t":"Option Type Description Default --acr-values string optional, see docs \"\" --approval-prompt string OAuth approval_prompt \"force\" --auth-logging bool Log authentication attempts true --auth-logging-format string Template for authentication log lines see Logging Configuration --authenticated-emails-file string authenticate against emails via file (one per line) --azure-tenant string go to a tenant-specific or common (tenant-independent) endpoint. \"common\" --basic-auth-password string the password to set when passing the HTTP Basic Auth header --client-id string the OAuth Client ID, e.g. \"123456.apps.googleusercontent.com\" --client-secret string the OAuth Client Secret --client-secret-file string the file with OAuth Client Secret --config string path to config file --cookie-domain string | list Optional cookie domains to force cookies to (e.g. .yourcompany.com). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). --cookie-expire duration expire timeframe for cookie 168h0m0s --cookie-httponly bool set HttpOnly cookie flag true --cookie-name string the name of the cookie that the oauth_proxy creates. Should be changed to use a cookie prefix (__Host- or __Secure-) if --cookie-secure is set. \"_oauth2_proxy\" --cookie-path string an optional cookie path to force cookies to (e.g. /poc/) \"/\" --cookie-refresh duration refresh the cookie after this duration; 0 to disable; not supported by all providers [1] --cookie-secret string the seed string for secure cookies (optionally base64 encoded) --cookie-secure bool set secure (HTTPS only) cookie flag true --cookie-samesite string set SameSite cookie attribute (\"lax\", \"strict\", \"none\", or \"\"). \"\" --custom-templates-dir string path to custom html templates --display-htpasswd-form bool display username / password login form if an htpasswd file is provided true --email-domain string | list authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email --errors-to-info-log bool redirects error-level logging to default log channel instead of stderr false --extra-jwt-issuers string if --skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience (see a token's iss, aud fields) pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json) --exclude-logging-path string comma separated list of paths to exclude from logging, e.g. \"/ping,/path2\" \"\" (no paths excluded) --flush-interval duration period between flushing response buffers when streaming responses \"1s\" --force-https bool enforce https redirect false --banner string custom (html) banner string. Use \"-\" to disable default banner. --footer string custom (html) footer string. Use \"-\" to disable default footer. --gcp-healthchecks bool will enable /liveness_check, /readiness_check, and / (with the proper user-agent) endpoints that will make it work well with GCP App Engine and GKE Ingresses false --github-org string restrict logins to members of this organisation --github-team string restrict logins to members of any of these teams (slug), separated by a comma --github-repo string restrict logins to collaborators of this repository formatted as orgname/repo --github-token string the token to use when verifying repository collaborators (must have push access to the repository) --github-user string | list To allow users to login by username even if they do not belong to the specified org and team or collaborators --gitlab-group string | list restrict logins to members of any of these groups (slug), separated by a comma --google-admin-email string the google admin to impersonate for api calls --google-group string restrict logins to members of this google group (may be given multiple times). --google-service-account-json string the path to the service account json credentials --htpasswd-file string additionally authenticate against a htpasswd file. Entries must be created with htpasswd -s for SHA encryption --http-address string [http://]: or unix:// to listen on for HTTP clients \"127.0.0.1:4180\" --https-address string : to listen on for HTTPS clients \":443\" --logging-compress bool Should rotated log files be compressed using gzip false --logging-filename string File to log requests to, empty for stdout \"\" (stdout) --logging-local-time bool Use local time in log files and backup filenames instead of UTC true (local time) --logging-max-age int Maximum number of days to retain old log files 7 --logging-max-backups int Maximum number of old log files to retain; 0 to disable 0 --logging-max-size int Maximum size in megabytes of the log file before rotation 100 --jwt-key string private key in PEM format used to sign JWT, so that you can say something like --jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\": required by login.gov --jwt-key-file string path to the private key file in PEM format used to sign the JWT so that you can say something like --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov --login-url string Authentication endpoint --insecure-oidc-allow-unverified-email bool don't fail if an email address in an id_token is not verified false --insecure-oidc-skip-issuer-verification bool allow the OIDC issuer URL to differ from the expected (currently required for Azure multi-tenant compatibility) false --oidc-issuer-url string the OpenID Connect issuer URL, e.g. \"https://accounts.google.com\" --oidc-jwks-url string OIDC JWKS URI for token verification; required if OIDC discovery is disabled --pass-access-token bool pass OAuth access_token to upstream via X-Forwarded-Access-Token header. When used with --set-xauthrequest this adds the X-Auth-Request-Access-Token header to the response false --pass-authorization-header bool pass OIDC IDToken to upstream via Authorization Bearer header false --pass-basic-auth bool pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --prefer-email-to-user bool Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, e.g. htaccess authentication. Used in conjunction with --pass-basic-auth and --pass-user-headers false --pass-host-header bool pass the request Host Header to upstream true --pass-user-headers bool pass X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --profile-url string Profile access endpoint --prompt string OIDC prompt; if present, approval-prompt is ignored \"\" --provider string OAuth provider google --provider-ca-file string | list Paths to CA certificates that should be used when connecting to the provider. If not specified, the default Go trust sources are used instead. --provider-display-name string Override the provider's name with the given string; used for the sign-in page (depends on provider) --ping-path string the ping endpoint that can be used for basic health checks \"/ping\" --ping-user-agent string a User-Agent that can be used for basic health checks \"\" (don't check user agent) --proxy-prefix string the url root path that this proxy should be nested under (e.g. //sign_in) \"/oauth2\" --proxy-websockets bool enables WebSocket proxying true --pubjwk-url string JWK pubkey access endpoint: required by login.gov --real-client-ip-header string Header used to determine the real IP of the client, requires --reverse-proxy to be set (one of: X-Forwarded-For, X-Real-IP, or X-ProxyUser-IP) X-Real-IP --redeem-url string Token redemption endpoint --redirect-url string the OAuth Redirect URL, e.g. \"https://internalapp.yourcompany.com/oauth2/callback\" --redis-cluster-connection-urls string | list List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster --redis-connection-url string URL of redis server for redis session storage (e.g. redis://HOST[:PORT]) --redis-password string Redis password. Applicable for all Redis configurations. Will override any password set in --redis-connection-url --redis-sentinel-password string Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use --redis-password --redis-sentinel-master-name string Redis sentinel master name. Used in conjunction with --redis-use-sentinel --redis-sentinel-connection-urls string | list List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel --redis-use-cluster bool Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature false --redis-use-sentinel bool Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature false --request-logging bool Log requests true --request-logging-format string Template for request log lines see Logging Configuration --resource string The resource that is protected (Azure AD only) --reverse-proxy bool are we running behind a reverse proxy, controls whether headers like X-Real-IP are accepted false --scope string OAuth scope specification --session-cookie-minimal bool strip OAuth tokens from cookie session stores if they aren't needed (cookie session store only) false --session-store-type string Session data storage backend; redis or cookie cookie --set-xauthrequest bool set X-Auth-Request-User, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode). When used with --pass-access-token, X-Auth-Request-Access-Token is added to response headers. false --set-authorization-header bool set Authorization Bearer response header (useful in Nginx auth_request mode) false --set-basic-auth bool set HTTP Basic Auth information in response (useful in Nginx auth_request mode) false --signature-key string GAP-Signature request signature key (algorithm:secretkey) --silence-ping-logging bool disable logging of requests to ping endpoint false --skip-auth-preflight bool will skip authentication for OPTIONS requests false --skip-auth-regex string bypass authentication for requests paths that match (may be given multiple times) --skip-auth-strip-headers bool strips X-Forwarded-* style authentication headers & Authorization header if they would be set by oauth2-proxy for request paths in --skip-auth-regex false --skip-jwt-bearer-tokens bool will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers) false --skip-oidc-discovery bool bypass OIDC endpoint discovery. --login-url, --redeem-url and --oidc-jwks-url must be configured in this case false --skip-provider-button bool will skip sign-in-page to directly reach the next step: oauth/start false --ssl-insecure-skip-verify bool skip validation of certificates presented when using HTTPS providers false --ssl-upstream-insecure-skip-verify bool skip validation of certificates presented when using HTTPS upstreams false --standard-logging bool Log standard runtime information true --standard-logging-format string Template for standard log lines see Logging Configuration --tls-cert-file string path to certificate file --tls-key-file string path to private key file --upstream string | list the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path --user-id-claim string which claim contains the user ID [\"email\"] --validate-url string Access token validation endpoint --version n/a print version string --whitelist-domain string | list allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (e.g. .example.com) [2] --trusted-ip string | list list of IPs or CIDR ranges to allow to bypass authentication (may be given multiple times). When combined with --reverse-proxy and optionally --real-client-ip-header this will evaluate the trust of the IP stored in an HTTP header by a reverse proxy rather than the layer-3/4 remote address. WARNING: trusting IPs has inherent security flaws, especially when obtaining the IP address from an HTTP header (reverse-proxy mode). Use this option only if you understand the risks and how to manage them. [1]: Only these providers support --cookie-refresh: GitLab, Google and OIDC [2]: When using the whitelist-domain option, any domain prefixed with a . will allow any subdomain of the specified domain as a valid redirect URL. By default, only empty ports are allowed. This translates to allowing the default port of the URL's protocol (80 for HTTP, 443 for HTTPS, etc.) since browsers omit them. To allow only a specific port, add it to the whitelisted domain: example.com:8080. To allow any port, use *: example.com:*. See below for provider specific options","s":"Command Line Options","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#command-line-options","p":1016},{"i":1025,"t":"oauth2-proxy supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as http://127.0.0.1:8080/ for the upstream parameter. This will forward all authenticated requests to the upstream server. If you instead provide http://127.0.0.1:8080/some/path/ then it will only be requests that start with /some/path/ which are forwarded to the upstream. Static file paths are configured as a file:// URL. file:///var/www/static/ will serve the files from that directory at http://[oauth2-proxy url]/var/www/static/, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at, e.g. file:///var/www/static/#/static/ will make /var/www/static/ available at http://[oauth2-proxy url]/static/. Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file. When multiple upstreams are used routing to them will be based on the path they are set up with.","s":"Upstreams Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#upstreams-configuration","p":1016},{"i":1027,"t":"Every command line argument can be specified as an environment variable by prefixing it with OAUTH2_PROXY_, capitalising it, and replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the environment variable should be plural (trailing S). This is particularly useful for storing secrets outside of a configuration file or the command line. For example, the --cookie-secret flag becomes OAUTH2_PROXY_COOKIE_SECRET, and the --email-domain flag becomes OAUTH2_PROXY_EMAIL_DOMAINS.","s":"Environment variables","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#environment-variables","p":1016},{"i":1029,"t":"By default, OAuth2 Proxy logs all output to stdout. Logging can be configured to output to a rotating log file using the --logging-filename command. If logging to a file you can also configure the maximum file size (--logging-max-size), age (--logging-max-age), max backup logs (--logging-max-backups), and if backup logs should be compressed (--logging-compress). There are three different types of logging: standard, authentication, and HTTP requests. These can each be enabled or disabled with --standard-logging, --auth-logging, and --request-logging. Each type of logging has its own configurable format and variables. By default these formats are similar to the Apache Combined Log. Logging of requests to the /ping endpoint (or using --ping-user-agent) can be disabled with --silence-ping-logging reducing log volume. This flag appends the --ping-path to --exclude-logging-paths.","s":"Logging Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#logging-configuration","p":1016},{"i":1031,"t":"Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: - [19/Mar/2015:17:20:19 -0400] [] The status block will contain one of the below strings: AuthSuccess If a user has authenticated successfully by any method AuthFailure If the user failed to authenticate explicitly AuthError If there was an unexpected error during authentication If you require a different format than that, you can configure it with the --auth-logging-format flag. The default format is configured as follows: {{.Client}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}} Available variables for auth logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestMethod GET The request method. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request. Status AuthSuccess The status of the auth request. See above for details. Message Authenticated via OAuth2 The details of the auth attempt.","s":"Auth Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#auth-log-format","p":1016},{"i":1033,"t":"HTTP request logs will output by default in the below format: - [19/Mar/2015:17:20:19 -0400] GET \"/path/\" HTTP/1.1 \"\" If you require a different format than that, you can configure it with the --request-logging-format flag. The default format is configured as follows: {{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}} Available variables for request logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestDuration 0.001 The time in seconds that a request took to process. RequestMethod GET The request method. RequestURI \"/oauth2/auth\" The URI path of the request. ResponseSize 12 The size in bytes of the response. StatusCode 200 The HTTP status code of the response. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. Upstream - The upstream data of the HTTP request. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request.","s":"Request Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#request-log-format","p":1016},{"i":1035,"t":"All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below: [19/Mar/2015:17:20:19 -0400] [main.go:40] If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows: [{{.Timestamp}}] [{{.File}}] {{.Message}} Available variables for standard logging: Variable Example Description Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. File main.go:40 The file and line number of the logging statement. Message HTTP: listening on 127.0.0.1:4180 The details of the log statement.","s":"Standard Log Format","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#standard-log-format","p":1016},{"i":1037,"t":"The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: server { listen 443 ssl; server_name ...; include ssl/ssl.conf; location /oauth2/ { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; # or, if you are handling multiple domains: # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # nginx auth_request includes headers but not body proxy_set_header Content-Length \"\"; proxy_pass_request_body off; } location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; # pass information via X-User and X-Email headers to backend, # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; # if you enabled --pass-access-token, this will pass the token to the backend auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb # limit and so the OAuth2 Proxy splits these into multiple parts. # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; # Extract the Cookie attributes from the first Set-Cookie header and append them # to the second part ($upstream_cookie_* variables only contain the raw cookie content) if ($auth_cookie ~* \"(; .*)\") { set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_1 \"auth_cookie_name_1=$auth_cookie_name_upstream_1$1\"; } # Send both Set-Cookie headers now if there was a second part if ($auth_cookie_name_upstream_1) { add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_1; } proxy_pass http://backend/; # or \"root /path/to/site;\" or \"fastcgi_pass ...\" etc }} When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module. nginx.ingress.kubernetes.io/auth-response-headers: Authorizationnginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uringinx.ingress.kubernetes.io/auth-url: https://$host/oauth2/authnginx.ingress.kubernetes.io/configuration-snippet: | auth_request_set $name_upstream_1 $upstream_cookie_name_1; access_by_lua_block { if ngx.var.name_upstream_1 ~= \"\" then ngx.header[\"Set-Cookie\"] = \"name_1=\" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match(\"(; .*)\") end } It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure). You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be \"$upstream_cookie__oauth2_proxy_1\" instead of \"$upstream_cookie_name_1\" and the new cookie-name should be \"_oauth2_proxy_1=\" instead of \"name_1=\". note If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.","s":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/6.1.x/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":1016},{"i":1039,"t":"Sessions allow a user's authentication to be tracked between multiple HTTP requests to a service. The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type): cookie (default) redis","s":"Session Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"","p":1038},{"i":1041,"t":"The Cookie storage backend is the default backend implementation and has been used in the OAuth2 Proxy historically. With the Cookie storage backend, all session information is stored in client side cookies and transferred with each and every request. The following should be known when using this implementation: Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless Cookies are signed server side to prevent modification client-side It is mandatory to set a cookie-secret which will ensure data is encrypted within the cookie data. Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate","s":"Cookie Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#cookie-storage","p":1038},{"i":1043,"t":"The Redis Storage backend stores sessions, encrypted, in redis. Instead sending all the information back the client for storage, as in the Cookie storage, a ticket is sent back to the user as the cookie value instead. A ticket is composed as the following: {CookieName}-{ticketID}.{secret} Where: The CookieName is the OAuth2 cookie name (_oauth2_proxy by default) The ticketID is a 128 bit random number, hex-encoded The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session. The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from disclosure. Usage​ When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number]. You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately. Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately. Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.","s":"Redis Storage","u":"/oauth2-proxy/docs/6.1.x/configuration/session_storage","h":"#redis-storage","p":1038},{"i":1045,"t":"There are two recommended configurations. Configure SSL Termination with OAuth2 Proxy by providing a --tls-cert-file=/path/to/cert.pem and --tls-key-file=/path/to/cert.key. The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --tls-cert-file=/path/to/cert.pem \\ --tls-key-file=/path/to/cert.key \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --client-id=... \\ --client-secret=... Configure SSL Termination with Nginx (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... Because oauth2-proxy listens on 127.0.0.1:4180 by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use --http-address=\"0.0.0.0:4180\" or --http-address=\"http://:4180\". Nginx will listen on port 443 and handle SSL connections while proxying to oauth2-proxy on port 4180. oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/. An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS: server { listen 443 default ssl; server_name internal.yourcompany.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/cert.key; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_connect_timeout 1; proxy_send_timeout 30; proxy_read_timeout 30; }} The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --reverse-proxy=true \\ --client-id=... \\ --client-secret=...","s":"TLS Configuration","u":"/oauth2-proxy/docs/6.1.x/configuration/tls","h":"","p":1044},{"i":1047,"t":"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable. /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info /ping - returns a 200 OK response, which is intended for use with health checks /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) /oauth2/sign_out - this URL is used to clear the session cookie /oauth2/start - a URL that will redirect to start the OAuth cycle /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. /oauth2/userinfo - the URL is used to return user's email from the session in JSON format. /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive","s":"Endpoints","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","h":"","p":1046},{"i":1049,"t":"To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!): /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page Alternatively, include the redirect URL in the X-Auth-Request-Redirect header: GET /oauth2/sign_out HTTP/1.1X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page... (The \"sign_out_page\" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.","s":"Sign out","u":"/oauth2-proxy/docs/6.1.x/features/endpoints","h":"#sign-out","p":1046},{"i":1051,"t":"If signature_key is defined, proxied requests will be signed with the GAP-Signature header, which is a Hash-based Message Authentication Code (HMAC) of selected request information and the request body see SIGNATURE_HEADERS in oauthproxy.go. signature_key must be of the form algorithm:secretkey, (ie: signature_key = \"sha1:secret0\") For more information about HMAC request signature validation, read the following: Amazon Web Services: Signing and Authenticating REST Requests rc3.org: Using HMAC to authenticate Web service requests","s":"Request Signatures","u":"/oauth2-proxy/docs/6.1.x/features/request_signatures","h":"","p":1050}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/973",[0,2.909,1,4.302,2,3.307,3,5.655,4,5.655,5,2.909,6,4.302,7,3.91,8,3.91,9,3.307,10,1.103,11,2.612,12,3.91,13,5.087,14,0.86,15,3.91,16,3.91,17,4.302,18,0.311,19,3.307,20,3.307,21,3.91,22,5.087,23,3.91,24,3.91,25,3.91,26,1.729,27,1.404,28,3.307,29,1.777,30,2.909,31,2.375,32,5.087,33,3.91,34,1.441,35,2.375,36,2.375,37,2.909,38,3.91,39,3.91,40,3.91,41,3.91,42,3.91,43,3.91,44,3.307,45,1.729,46,2.909,47,1.404,48,1.313,49,0.993,50,0.561,51,1.503,52,1.61,53,1.61,54,1.15,55,2.375,56,1.503,57,3.398,58,3.307,59,1.729,60,1.503,61,2.177]],["t/975",[10,1.019,14,0.749,18,0.249,34,1.386,47,1.461,49,1.019,59,1.799,62,2.069,63,1.461,64,2.718,65,3.027,66,3.883,67,1.676,68,3.441,69,2.718,70,2.718,71,1.874,72,1.673,73,1.676,74,1.564,75,3.883,76,2.547,77,2.089,78,3.441,79,1.462,80,1.676,81,4.069,82,1.256,83,4.069,84,1.935,85,1.12,86,4.069,87,4.069,88,2.718,89,1.799,90,2.718,91,4.069,92,2.089,93,3.027,94,3.027,95,3.486,96,2.483,97,2.471,98,0.914,99,3.027,100,2.265,101,1.799,102,2.265,103,2.718,104,1.935,105,2.471,106,3.441,107,2.718]],["t/977",[14,0.726,50,0.726,108,1.392,109,5.059,110,3.856,111,3.763,112,2.816,113,3.763,114,2.236,115,3.763,116,5.059,117,4.278,118,3.379,119,5.059,120,3.763,121,2.816,122,5.059,123,5.059,124,5.059]],["t/979",[14,0.769,18,0.259,29,1.333,37,3.155,50,0.769,89,1.875,92,2.178,103,2.833,105,2.576,111,3.987,118,3.58,120,3.155,125,4.241,126,5.359,127,4.532,128,2.833,129,5.22,130,3.155,131,4.968,132,3.586,133,3.254,134,4.241,135,3.987,136,4.241,137,2.361,138,4.241,139,2.576,140,4.241,141,4.241,142,4.241,143,2.576,144,3.586,145,1.247,146,3.155,147,2.833,148,2.984,149,4.241,150,4.241,151,4.241,152,4.241,153,4.241,154,4.241,155,4.241,156,3.586,157,4.241,158,4.241,159,3.155,160,3.155,161,1.523]],["t/981",[6,4.554,18,0.329,27,1.535,105,2.596,111,3.18,118,2.855,127,4.554,131,4.554,132,3.614,133,3.27,137,3.283,139,2.596,148,2.38,156,5.593,161,1.535,162,5.897,163,5.386,164,5.386,165,1.889,166,3.18,167,4.274,168,4.274,169,4.274,170,4.274,171,4.274,172,4.274,173,4.274,174,3.18,175,4.274,176,4.274,177,5.386,178,1.535,179,1.435,180,1.642,181,4.274,182,4.274,183,4.274,184,4.274,185,4.274,186,4.274,187,4.274,188,4.274,189,4.274]],["t/983",[5,3.242,10,0.851,14,0.626,18,0.266,27,1.565,34,1.598,45,1.927,46,3.242,47,1.565,48,1.464,49,1.064,50,0.626,85,1.199,102,2.427,108,1.199,129,3.686,133,3.311,190,1.675,191,3.642,192,3.242,193,4.359,194,1.795,195,3.686,196,2.073,197,1.282,198,3.311,199,4.359,200,3.686,201,3.242,202,3.686,203,3.686,204,3.311,205,3.035,206,3.242,207,3.686,208,4.359,209,3.686,210,3.686,211,2.073,212,3.035,213,3.642,214,4.359]],["t/985",[0,4.677,2,3.163,10,0.871,14,0.537,27,0.904,29,1.553,31,2.272,34,0.606,45,1.113,47,1.603,48,1.256,50,0.537,54,0.74,63,0.904,67,1.54,69,2.498,71,0.904,72,0.693,73,1.54,76,1.113,77,1.293,79,0.606,82,1.074,85,0.693,98,1.003,108,1.36,110,3.207,114,1.113,121,1.402,130,1.873,145,1.553,147,1.681,161,1.774,174,1.873,178,1.896,179,1.499,180,0.967,191,3.527,192,1.873,194,1.838,215,1.873,216,2.942,217,2.517,218,2.129,219,2.517,220,2.517,221,2.129,222,4.464,223,4.942,224,3.207,225,1.681,226,2.129,227,2.517,228,3.321,229,2.517,230,2.517,231,3.163,232,1.681,233,2.129,234,2.517,235,2.129,236,1.873,237,2.517,238,3.163,239,1.424,240,1.873,241,2.517,242,1.529,243,1.529,244,2.123,245,2.517,246,2.129,247,3.741,248,1.873,249,1.113,250,1.873,251,2.129,252,1.529,253,0.648,254,2.517,255,1.873,256,2.711,257,2.517,258,2.129,259,2.517,260,2.711,261,2.129,262,1.529,263,1.681,264,3.36,265,2.498,266,2.517,267,2.123,268,1.529,269,3.321,270,2.129,271,1.402,272,1.873,273,3.001,274,3.741,275,2.272,276,0.935,277,2.517,278,2.517,279,2.517,280,2.517,281,1.873,282,1.402,283,2.517,284,2.517,285,1.037,286,2.783,287,2.129,288,1.529,289,2.517,290,2.129,291,2.035,292,2.129,293,2.129,294,2.517,295,2.517,296,2.517,297,1.681,298,1.402,299,2.129,300,1.873,301,1.873,302,1.681,303,1.402,304,2.517,305,1.529,306,2.517,307,2.517]],["t/987",[0,3.351,10,1.14,11,2.179,14,0.647,18,0.275,34,0.785,35,1.981,45,1.991,48,1.733,49,0.637,50,0.468,61,2.508,63,1.171,64,2.179,67,1.343,71,1.618,72,1.24,73,1.343,74,1.254,80,1.343,82,1.084,96,1.552,97,1.981,98,1.25,108,1.42,161,1.618,165,2.281,178,1.171,179,1.513,180,1.254,190,1.254,192,2.427,198,3.134,211,1.552,215,3.351,216,2.313,224,1.981,226,2.759,235,3.81,236,4.14,238,3.81,239,1.159,248,2.427,272,4.344,273,1.981,285,1.855,300,3.351,308,3.262,309,4.505,310,3.447,311,3.262,312,3.446,313,3.81,314,3.262,315,1.552,316,2.313,317,1.084,318,3.262,319,3.717,320,3.262,321,2.759,322,2.427,323,2.508,324,2.759,325,3.262,326,2.759,327,3.262,328,3.262,329,1.442,330,2.179,331,2.508,332,3.262,333,3.262,334,3.262,335,3.262,336,3.262,337,2.759,338,2.759,339,3.262,340,3.262,341,3.262,342,3.262,343,2.427,344,1.981,345,3.262]],["t/989",[27,1.877,47,1.877,85,1.438,98,1.174,178,1.877,179,1.755,249,2.31,252,3.174,271,2.91,312,2.91,346,6.084,347,5.227,348,2.009]],["t/991",[18,0.261,27,1.088,30,2.253,34,1.029,54,1.258,67,1.247,74,2.071,76,2.382,79,0.729,82,1.459,98,0.961,108,0.833,110,1.839,128,2.023,133,3.957,139,1.839,143,3.582,145,0.891,148,2.382,166,4.388,178,1.536,179,1.017,190,1.164,194,1.247,212,1.687,243,1.839,244,1.441,252,1.839,262,3.76,263,2.023,267,1.441,268,1.839,271,1.687,276,1.039,282,1.687,285,2.497,291,1.762,302,2.023,305,2.598,317,1.193,324,4.194,348,2.33,349,3.029,350,1.839,351,2.023,352,2.253,353,2.561,354,2.253,355,2.857,356,2.561,357,2.253,358,4.606,359,2.561,360,3.029,361,2.547,362,3.617,363,3.617,364,4.556,365,2.561,366,2.253,367,3.312,368,3.312,369,2.561,370,2.561,371,3.617,372,2.253,373,1.441,374,2.561,375,3.029,376,3.029,377,3.029,378,2.857,379,3.029,380,4.959,381,3.029,382,1.687,383,3.029,384,3.029]],["t/993",[18,0.249,27,1.879,73,2.154,76,1.805,85,1.124,98,0.918,108,1.124,121,2.274,178,2.186,179,1.372,200,5.322,211,1.943,213,2.728,225,2.728,228,3.038,231,3.454,239,1.567,243,2.48,249,1.805,252,2.48,253,1.347,264,3.822,267,1.943,268,2.48,273,3.177,276,0.856,285,1.682,315,2.489,317,0.983,348,1.569,382,2.274,385,4.084,386,5.232,387,3.038,388,4.084,389,3.038,390,4.084,391,4.084,392,5.773,393,5.773,394,5.773,395,4.084,396,4.084,397,4.084,398,4.084,399,4.084,400,3.038]],["t/995",[10,0.777,18,0.314,47,1.429,48,1.915,51,1.53,54,1.171,72,1.416,85,1.569,98,1.281,112,2.216,120,2.961,145,1.171,165,1.76,201,4.645,204,2.417,216,2.643,239,1.325,243,2.417,253,1.025,262,3.125,264,3.125,267,2.448,268,3.125,275,2.417,276,1.308,282,2.216,305,2.417,317,1.502,329,2.275,348,1.53,366,2.961,367,2.659,368,2.659,387,2.961,401,2.961,402,3.981,403,4.352,404,2.961,405,2.417,406,3.981,407,3.366,408,3.981,409,3.981,410,3.981,411,3.981,412,3.981,413,3.981,414,3.981,415,3.981,416,2.417,417,2.659,418,3.366]],["t/997",[10,1.111,45,2.066,47,2.044,80,1.924,82,1.124,85,1.286,108,1.286,110,2.838,121,2.602,178,1.678,179,1.569,197,1.374,202,3.951,215,3.476,216,2.399,224,2.838,232,3.121,236,3.476,252,2.838,253,1.465,282,2.602,317,1.124,331,3.417,351,3.121,419,4.673,420,4.673,421,3.951,422,4.673,423,4.673,424,3.951,425,4.673,426,3.121,427,4.813]],["t/999",[18,0.305,48,2.12,101,2.617,102,3.296,108,1.373,121,2.778,165,2.206,197,1.467,198,3.03,203,4.22,216,2.562,244,2.374,263,3.333,276,1.046,322,3.712,428,5.921,429,4.99,430,4.22,431,4.22]],["t/1001",[10,1.282,14,0.765,18,0.314,26,0.82,29,0.929,31,1.127,34,1.449,35,1.127,36,2.239,45,2.031,47,0.666,48,1.966,49,1.04,50,0.737,51,1.417,54,1.084,60,1.765,63,0.666,72,0.814,73,1.732,74,1.137,76,1.307,77,0.953,80,0.764,82,0.447,84,0.883,85,1.157,98,1.1,101,2.031,108,1.157,110,1.127,112,1.647,115,2.2,121,1.033,128,1.24,130,1.381,137,1.033,145,0.546,161,1.324,165,1.63,178,1.324,179,0.623,180,0.713,190,0.713,194,0.764,196,0.883,197,1.351,204,2.239,205,2.342,213,1.24,216,1.893,224,1.127,232,1.976,239,1.26,240,2.743,242,1.127,244,2.614,246,1.57,249,2.031,253,0.949,256,1.796,260,1.796,264,1.796,267,1.407,270,1.57,271,1.647,272,2.2,276,0.881,281,1.381,282,1.033,285,1.518,287,1.57,290,2.501,297,1.24,312,2.053,313,2.501,315,1.407,317,1.012,323,1.033,326,2.501,330,1.976,343,1.381,348,1.417,350,1.127,352,1.381,355,1.24,405,1.127,416,3.118,417,2.463,424,1.57,426,1.24,432,1.856,433,2.501,434,1.856,435,1.856,436,1.856,437,1.57,438,1.856,439,1.856,440,3.688,441,1.856,442,1.856,443,2.501,444,1.57,445,1.381,446,1.856,447,1.856,448,1.381,449,1.57,450,1.57,451,1.57,452,1.381,453,5.495,454,1.856,455,1.856,456,1.856,457,1.856,458,1.381,459,1.856,460,3.557,461,1.57,462,2.958,463,1.856,464,1.381,465,1.976,466,1.856,467,1.856,468,2.958,469,1.033,470,1.856,471,1.57,472,1.57,473,1.381,474,0.883,475,1.57,476,1.976,477,2.2,478,1.856,479,1.57,480,2.958,481,1.856,482,1.856,483,1.856,484,1.856,485,1.856,486,1.856,487,2.958,488,1.856,489,1.976,490,1.856,491,1.976,492,1.856,493,1.57,494,1.856,495,2.501,496,2.501,497,1.57,498,1.24,499,1.856,500,2.958,501,1.856,502,1.57,503,1.856,504,3.688,505,1.856,506,2.501,507,1.57,508,1.856,509,1.57,510,1.856,511,2.958,512,1.856,513,1.856,514,1.856,515,1.856,516,1.856,517,1.856,518,1.856,519,1.57,520,1.127,521,1.856,522,1.856]],["t/1003",[1,1.835,9,2.827,10,1.187,11,1.45,14,0.828,18,0.204,19,3.449,20,1.835,26,0.959,29,1.44,34,1.19,36,2.03,45,0.959,46,2.487,48,1.662,50,0.586,54,1.199,55,3.005,56,1.761,59,1.478,63,0.779,64,1.45,66,3.409,72,1.261,74,0.834,75,2.487,76,0.959,79,0.522,80,0.894,85,1.122,89,0.959,92,1.114,95,1.45,98,1.029,101,0.959,112,1.208,137,1.862,139,1.318,143,1.318,145,1.199,161,0.779,174,1.615,178,1.201,190,0.834,194,0.894,196,1.94,204,2.03,205,1.862,206,3.889,212,1.208,218,1.835,221,2.827,233,1.835,239,1.05,242,1.318,244,1.032,249,1.478,253,0.559,260,2.03,267,2.18,268,1.318,276,0.455,285,1.679,310,1.45,312,1.208,316,1.114,317,1.31,323,1.208,331,2.551,337,1.835,348,0.834,356,1.835,357,1.615,369,1.835,371,1.835,372,1.615,373,1.59,382,1.208,403,1.835,404,1.615,416,3.503,417,3.06,433,1.835,443,1.835,449,1.835,450,1.835,451,2.827,452,1.615,458,1.615,465,1.45,474,1.032,476,1.45,493,1.835,502,1.835,506,3.449,507,1.835,519,1.835,520,1.318,523,3.344,524,3.344,525,3.344,526,2.17,527,1.835,528,2.17,529,2.17,530,2.17,531,2.17,532,1.45,533,2.17,534,1.318,535,2.17,536,2.17,537,1.835,538,3.344,539,2.487,540,3.344,541,1.835,542,2.827,543,1.45,544,2.827,545,1.615,546,2.17,547,1.835,548,3.449,549,2.17,550,2.17,551,2.17,552,1.835,553,2.17,554,2.17,555,2.17,556,2.17,557,2.17,558,3.344,559,2.17,560,1.835,561,2.17,562,1.835,563,2.17,564,2.17,565,1.835,566,2.17,567,2.17,568,1.615,569,2.17,570,1.835,571,2.17,572,2.17,573,2.17,574,2.17,575,2.17,576,2.17,577,2.17,578,2.17,579,1.835,580,2.17,581,2.17,582,1.835,583,2.17,584,2.17,585,2.17,586,3.344,587,1.835,588,2.17,589,2.17,590,2.17,591,1.615,592,1.835,593,2.17,594,1.835,595,2.17,596,1.835,597,1.862,598,2.17,599,1.615,600,2.17,601,3.409,602,1.032,603,2.17,604,2.827,605,1.45,606,1.835,607,1.835,608,1.835,609,2.17,610,2.17,611,2.17]],["t/1005",[18,0.323,27,1.897,31,2.517,34,1.399,49,0.809,50,0.595,52,1.707,53,1.707,55,2.517,56,1.593,74,1.593,79,0.997,82,0.997,85,1.141,92,2.129,105,2.517,108,1.141,161,1.897,207,5.722,239,1.575,249,1.833,253,1.359,273,3.208,297,3.528,317,1.473,348,1.593,361,2.129,382,2.308,401,3.084,418,4.916,444,3.506,472,3.506,544,3.506,602,1.972,612,3.084,613,4.146,614,3.084,615,4.146,616,4.146,617,3.506,618,4.146,619,4.146,620,4.146,621,4.146]],["t/1007",[14,0.76,18,0.323,29,1.308,34,1.001,47,1.494,48,1.778,49,0.812,50,0.836,51,1.599,52,1.714,53,1.714,54,1.712,63,1.494,65,3.095,70,2.779,73,1.714,85,1.602,98,0.935,108,1.145,161,1.901,178,1.494,179,1.397,190,1.599,196,1.979,197,1.224,232,2.779,239,1.578,253,1.363,276,0.872,317,1.523,329,1.839,350,2.527,351,2.779,389,3.095,426,2.779,460,3.519,469,2.317,599,3.095,622,4.161,623,4.161,624,4.161,625,3.095,626,3.095,627,4.161,628,3.519,629,3.519,630,4.161,631,4.161,632,4.161,633,3.095]],["t/1009",[10,1.121,14,0.746,18,0.37,34,0.972,45,2.296,47,1.45,49,1.014,50,0.746,54,1.528,63,1.45,73,2.139,74,1.552,79,0.972,82,0.972,89,1.786,108,1.111,143,3.155,145,1.188,161,1.865,165,1.786,179,1.356,196,1.921,197,1.188,209,4.856,239,1.56,253,1.337,260,3.155,262,3.155,276,0.846,285,2.365,300,3.005,302,3.47,305,2.453,317,0.972,350,2.453,355,2.698,358,3.865,387,3.005,389,3.005,421,3.416,427,3.416,509,3.416,599,3.005,625,3.005,626,3.005,628,3.416,634,4.039,635,4.039,636,4.039,637,4.039,638,4.039]],["t/1011",[10,1.056,14,0.618,27,1.547,34,1.036,48,1.447,54,1.267,63,1.547,85,1.489,88,2.877,108,1.185,161,1.943,178,1.547,179,1.447,210,5.52,239,1.598,249,1.904,253,1.393,271,2.398,276,0.903,317,1.036,329,2.744,348,1.655,351,2.877,352,3.204,382,2.398,448,3.204,476,3.615,495,3.642,496,3.642,639,2.049,640,4.308,641,4.308,642,5.412,643,4.308,644,4.308,645,4.308,646,5.918,647,4.308,648,4.308,649,4.308]],["t/1013",[18,0.386,53,2.055,79,1.2,89,2.206,145,2.008,194,2.438,244,3.003,288,3.595,650,4.99,651,4.99,652,4.99,653,4.22]],["t/1015",[14,0.736,18,0.313,34,1.536,50,0.736,60,1.971,74,1.971,92,2.634,165,2.267,179,2.145,276,1.075,297,3.426,400,3.816,654,5.129,655,5.129]],["t/1017",[14,0.707,29,1.845,49,1.146,50,0.707,51,1.892,52,2.419,53,2.419,54,1.727,55,3.812,56,2.412,88,3.288,98,1.106,602,2.342,656,4.923,657,4.923,658,4.923,659,5.873]],["t/1019",[10,1.342,17,3.391,18,0.245,27,1.44,52,1.651,71,1.44,72,1.103,89,1.773,98,0.901,165,1.773,253,1.032,315,1.907,317,0.965,476,2.678,541,3.391,552,4.372,660,4.01,661,2.233,662,5.171,663,4.01,664,4.01,665,4.01,666,4.01,667,4.01,668,4.01,669,4.01,670,4.01,671,4.01,672,4.01,673,4.839,674,5.723,675,4.01,676,4.01,677,4.257,678,4.01,679,4.01,680,5.723,681,4.01,682,4.01,683,4.01,684,4.01,685,4.01,686,4.01,687,4.372,688,2.678,689,4.01,690,4.01,691,4.01,692,4.01,693,4.01,694,4.01,695,4.01,696,3.391,697,4.01]],["t/1021",[10,1.131,18,0.294,29,1.821,50,0.691,51,2.389,52,1.983,53,1.983,54,1.416,60,1.851,114,2.129,180,1.851,310,3.216,361,3.193,612,4.312,677,3.582,698,4.072,699,4.072,700,4.072,701,4.072,702,4.072,703,3.582,704,5.796,705,4.816,706,4.816]],["t/1023",[5,0.476,10,1.064,11,0.786,14,0.538,18,0.355,27,0.85,29,1.576,30,1.761,31,0.715,34,0.939,37,0.875,47,1.214,48,0.215,49,0.521,50,0.169,51,0.452,53,0.834,54,1.051,57,0.786,58,0.541,59,1.656,61,0.909,62,1.623,63,1.545,65,1.507,66,3.285,67,1.902,68,0.995,69,1.091,71,0.958,72,1.475,73,1.208,74,1.44,75,2.904,76,1.902,77,1.37,78,2.002,79,1.006,80,1.099,82,1.006,84,2.653,85,0.734,89,0.722,90,0.428,92,0.329,96,0.964,97,3.225,98,1.037,99,2.516,100,1.989,101,0.283,102,0.655,103,0.428,104,2.353,105,0.389,107,0.786,112,0.356,114,1.297,133,1.438,137,1.318,139,0.992,143,0.992,145,1.265,147,2.874,159,1.215,160,1.215,161,0.85,165,0.52,166,1.215,178,0.423,180,0.779,190,0.452,191,1.959,194,1.667,196,0.305,197,0.863,198,0.992,201,0.875,204,0.389,205,2.254,206,1.215,211,0.305,212,0.655,213,0.786,216,0.329,224,0.389,225,0.428,228,0.476,239,1.005,242,0.715,244,1.126,249,0.283,253,0.609,256,0.992,258,0.541,260,0.715,262,1.438,263,1.353,264,1.23,265,0.786,267,0.305,269,0.875,271,0.356,273,0.715,275,0.715,281,0.875,282,0.655,285,1.393,288,1.62,291,0.485,292,0.541,293,0.541,298,0.356,301,0.875,303,2.571,305,1.23,312,0.356,315,0.56,316,1.04,317,1.252,319,0.786,321,0.541,322,1.507,329,0.722,330,0.428,331,1.883,344,0.715,348,1.3,357,0.476,358,1.215,361,1.04,362,0.541,363,0.541,364,0.995,365,0.541,366,0.875,367,1.091,368,1.091,370,0.541,372,0.476,373,1.269,374,0.541,378,1.959,382,0.655,401,0.476,404,0.875,405,2.371,416,2.459,417,1.959,426,0.428,430,0.995,431,0.995,437,0.541,445,1.507,448,1.215,452,0.875,464,1.507,469,0.356,474,1.126,489,2.502,491,0.428,498,0.428,520,0.389,527,0.541,534,0.389,537,1.381,543,0.428,545,4.764,547,1.713,548,0.995,560,0.541,562,0.541,568,0.476,579,0.541,582,0.541,594,0.541,596,0.541,597,1.485,601,1.215,602,0.964,604,1.713,605,0.428,614,0.875,617,0.541,633,0.476,639,2.15,653,0.541,661,0.356,673,0.541,688,0.428,703,0.476,707,0.64,708,0.64,709,1.177,710,2.026,711,0.64,712,1.713,713,5.615,714,0.541,715,2.368,716,0.64,717,3.382,718,3.573,719,0.64,720,0.64,721,0.64,722,0.64,723,0.64,724,1.177,725,2.026,726,0.64,727,0.64,728,1.177,729,0.64,730,1.507,731,0.64,732,0.64,733,0.541,734,0.64,735,1.633,736,2.256,737,0.64,738,1.177,739,0.64,740,0.541,741,0.64,742,0.64,743,1.633,744,2.368,745,2.368,746,0.875,747,0.64,748,1.091,749,0.64,750,5.082,751,2.026,752,0.64,753,0.64,754,0.64,755,1.177,756,0.541,757,1.381,758,0.64,759,0.64,760,1.381,761,0.64,762,1.177,763,0.64,764,0.541,765,2.117,766,0.64,767,0.64,768,0.64,769,0.64,770,1.633,771,1.633,772,1.177,773,0.64,774,0.64,775,0.64,776,0.64,777,1.23,778,0.64,779,0.64,780,0.541,781,0.64,782,0.64,783,0.64,784,0.64,785,0.64,786,0.786,787,0.476,788,0.64,789,0.875,790,0.995,791,0.875,792,0.64,793,0.995,794,1.177,795,0.995,796,0.995,797,0.64,798,1.215,799,0.541,800,1.633,801,1.381,802,1.177,803,1.177,804,0.64,805,0.875,806,0.64,807,0.64,808,0.64,809,2.026,810,0.64,811,0.995,812,0.541,813,0.64,814,1.177,815,0.541,816,0.64,817,0.64,818,0.64,819,2.571,820,0.995,821,0.64,822,2.368,823,0.64,824,0.64,825,2.026,826,0.541,827,1.177,828,2.026,829,1.985,830,0.995,831,0.541,832,0.64,833,0.64,834,1.177,835,0.64,836,2.371,837,0.64,838,1.782,839,0.64,840,0.64,841,2.256,842,1.633,843,3.424,844,1.177,845,1.177,846,0.64,847,0.64,848,1.633,849,0.64,850,0.389,851,1.215,852,2.026,853,1.381,854,0.541,855,0.541,856,0.541,857,0.64,858,1.633,859,0.64,860,0.64,861,0.541,862,0.64,863,0.64,864,0.64,865,1.507,866,0.64,867,0.995,868,0.541,869,0.64,870,0.995,871,0.64,872,0.541,873,0.64,874,0.64,875,1.381,876,1.177,877,0.64,878,0.64,879,0.541,880,0.64,881,0.64,882,0.64,883,0.64,884,0.64,885,0.64,886,0.64,887,0.64,888,0.64,889,0.64,890,0.64,891,0.64,892,0.64,893,0.541,894,0.64,895,0.64]],["t/1025",[14,0.79,18,0.3,26,2.433,29,2.04,34,1.41,36,2.247,49,1.144,50,0.531,51,1.422,54,1.088,62,1.976,63,1.329,79,0.89,98,0.831,99,3.65,100,3.615,101,2.169,102,2.06,114,1.636,115,2.753,147,3.277,180,2.252,211,1.76,212,2.06,267,1.76,303,3.263,310,2.471,317,1.324,323,2.06,361,1.9,367,2.471,368,2.471,405,2.247,491,2.471,539,2.753,607,4.149,639,2.334,748,2.471,870,4.149,872,3.129,896,3.7,897,3.7,898,4.906,899,3.7,900,3.7,901,4.094,902,3.7,903,3.7,904,3.7,905,4.906,906,3.7,907,4.906,908,3.7,909,3.7,910,3.7]],["t/1027",[10,1.096,18,0.279,29,1.438,49,0.893,52,2.314,53,2.314,55,3.412,56,2.159,60,1.758,72,1.259,96,2.177,114,2.023,145,1.346,180,1.758,194,1.884,253,1.446,291,2.314,361,2.885,612,4.18,677,3.404,698,3.869,699,3.869,700,3.869,701,3.869,702,3.869,703,3.404,730,3.404,911,4.576,912,4.576,913,4.576,914,3.869,915,5.619,916,4.576,917,4.576]],["t/1029",[10,1.153,14,0.542,18,0.304,29,1.747,35,3.02,49,1.085,50,0.542,52,1.555,56,1.451,59,1.669,62,1.996,67,1.555,79,0.908,82,0.908,84,3.315,197,1.462,275,2.293,291,1.555,298,2.103,303,2.768,315,2.365,373,2.365,639,1.796,736,4.205,760,3.193,777,2.293,790,4.205,791,2.809,793,3.193,795,3.193,796,4.701,798,4.395,799,4.205,801,3.193,805,3.699,829,4.395,856,3.193,865,3.699,879,3.193,918,3.321,919,3.776,920,3.776,921,3.776,922,3.776,923,3.776,924,3.193]],["t/1031",[10,0.658,14,0.484,18,0.206,26,1.491,49,0.899,50,0.484,56,1.771,60,1.296,62,2.122,67,2.433,77,1.732,79,1.467,80,1.389,82,1.358,84,2.902,89,1.491,98,0.758,104,2.192,113,2.508,114,1.491,135,3.428,145,1.355,197,1.355,211,1.604,239,1.351,276,0.707,286,2.508,288,2.799,291,1.389,298,1.877,329,2.037,373,2.684,378,3.769,469,1.877,489,2.252,520,2.799,543,3.078,545,2.508,597,1.877,602,1.604,661,2.566,714,3.897,746,2.508,777,2.048,812,2.851,819,1.877,836,2.799,838,2.252,918,2.252,925,3.372,926,2.851,927,2.851,928,3.428,929,3.428,930,4.997,931,3.906,932,3.372,933,4.609,934,3.372,935,3.897,936,3.372,937,3.372,938,3.372,939,3.372,940,3.372,941,3.428,942,2.851,943,2.851,944,2.851,945,2.851,946,2.851,947,2.508,948,2.508,949,2.851,950,2.851,951,2.851,952,2.851]],["t/1033",[10,0.666,14,0.49,18,0.208,26,1.509,49,0.907,56,1.786,60,1.312,62,2.348,67,1.406,80,1.406,82,0.821,84,2.698,98,0.767,100,2.942,104,2.211,113,2.539,114,2.054,145,1.004,197,1.367,211,1.624,239,1.36,249,1.509,276,0.715,286,2.539,288,2.073,291,1.406,298,1.901,303,2.588,329,2.336,373,2.698,378,3.529,469,1.901,477,2.539,489,2.28,534,2.073,543,3.529,591,2.539,597,1.901,639,2.513,661,1.901,687,2.887,765,3.104,777,2.073,805,2.539,819,1.901,836,2.822,838,2.28,918,2.28,926,2.887,927,2.887,928,3.457,929,3.457,930,2.887,935,2.887,941,3.457,942,2.887,943,2.887,944,2.887,945,2.887,946,3.93,947,2.539,948,2.539,949,3.93,950,2.887,951,2.887,953,3.414,954,3.414,955,3.414,956,3.414,957,3.414,958,3.414,959,3.414,960,4.648,961,4.648,962,4.648,963,4.648,964,3.414,965,2.887,966,3.414,967,2.539,968,3.414,969,2.887]],["t/1035",[26,1.839,29,1.83,49,1.136,53,1.714,56,2.035,60,1.599,71,1.494,80,1.714,84,3.165,107,2.779,114,1.839,135,3.095,148,2.317,197,1.557,276,0.872,291,1.714,298,2.317,315,1.979,354,3.095,373,3.011,469,2.317,474,1.979,639,1.979,661,2.317,746,3.095,786,2.779,787,3.095,865,4.332,914,3.519,918,2.779,928,3.939,929,3.939,931,4.332,941,3.939,947,3.095,948,3.095,952,3.519,970,4.161,971,4.161,972,4.161,973,5.295,974,5.295]],["t/1037",[10,1.335,14,0.435,18,0.285,28,2.56,29,0.6,34,0.46,49,0.591,50,0.614,51,0.734,54,0.562,56,1.444,57,1.276,59,0.845,60,0.734,61,2.892,62,1.535,63,1.35,64,1.276,67,1.548,70,1.276,71,0.686,72,1.719,73,1.919,74,0.734,76,2.191,79,0.46,80,0.787,82,1.029,85,0.833,90,1.276,93,2.252,94,1.421,95,1.276,96,0.909,98,1.362,101,0.845,104,2.47,108,0.833,112,1.064,145,1.257,146,1.421,148,2.38,179,0.642,180,1.163,190,1.163,194,0.787,196,0.909,198,1.16,239,0.779,244,0.909,250,3.181,253,0.967,255,1.421,256,1.16,275,1.838,276,0.4,285,1.246,291,1.246,317,0.46,329,1.89,338,1.616,355,1.276,359,1.616,405,1.16,458,2.252,464,1.421,471,1.616,474,0.909,520,1.16,532,1.276,539,1.421,565,2.56,568,1.421,570,1.616,591,2.252,592,1.616,597,1.685,602,2.034,605,1.276,608,1.616,625,1.421,626,1.421,696,1.616,748,2.022,765,2.856,780,3.178,786,1.276,789,1.421,791,1.421,811,1.616,815,1.616,819,3.228,820,1.616,831,1.616,836,1.838,850,1.838,851,3.467,893,1.616,901,1.421,924,1.616,965,2.56,967,2.252,975,1.616,976,1.616,977,1.911,978,1.616,979,1.911,980,3.615,981,2.56,982,4.987,983,2.56,984,3.615,985,1.911,986,1.911,987,1.616,988,1.911,989,1.911,990,1.616,991,5.194,992,1.911,993,1.911,994,1.911,995,4.276,996,1.911,997,3.178,998,1.911,999,3.027,1000,1.911,1001,3.759,1002,1.911,1003,3.027,1004,1.911,1005,1.911,1006,1.911,1007,3.027,1008,3.027,1009,1.911,1010,1.911,1011,1.911,1012,1.911,1013,1.911,1014,1.911,1015,1.911,1016,3.759,1017,3.027,1018,3.027,1019,1.911,1020,1.911,1021,1.911,1022,1.911,1023,1.911,1024,1.911,1025,1.911,1026,1.911,1027,3.027,1028,1.911,1029,3.027,1030,1.911,1031,3.027,1032,1.911,1033,1.616,1034,1.616,1035,1.911,1036,1.911,1037,1.911,1038,1.911,1039,1.911,1040,1.616]],["t/1039",[14,0.682,18,0.29,26,2.542,50,0.682,62,1.707,63,1.707,71,2.362,72,1.582,74,1.827,79,1.143,82,1.143,89,2.101,96,2.735,97,2.886,159,3.536,180,1.827,197,1.398,265,3.175,315,2.261,344,2.886,534,2.886,639,2.261,764,4.019,850,3.492,1041,4.019,1042,5.751]],["t/1041",[14,0.829,18,0.32,35,2.48,50,0.829,62,1.879,71,2.186,72,1.772,79,0.983,82,0.983,96,2.489,98,0.918,101,1.805,128,2.728,180,1.569,197,1.201,239,1.486,253,1.051,256,2.48,276,0.856,299,3.454,316,2.097,343,4.294,344,3.506,407,3.454,474,1.943,498,2.728,534,3.177,712,3.454,850,3.697,1040,3.454,1043,4.084,1044,6.088,1045,4.084,1046,4.084,1047,4.084,1048,4.084,1049,4.084,1050,4.084,1051,4.084,1052,4.084,1053,4.084,1054,4.084,1055,4.084,1056,4.084,1057,3.454]],["t/1043",[18,0.366,26,1.405,49,0.993,50,0.456,52,1.309,71,2.207,72,1.4,73,1.822,76,1.405,82,0.764,92,1.632,96,2.981,97,4.09,98,0.714,107,3.399,108,0.874,118,2.122,144,2.687,146,2.364,160,2.364,190,1.221,197,0.934,205,3.064,211,1.511,239,0.818,243,2.686,253,1.31,276,0.666,291,2.382,317,1.224,323,1.769,330,2.122,331,1.769,344,3.09,361,1.632,474,1.511,497,3.741,498,3.399,532,2.122,542,3.741,602,2.104,688,3.399,733,2.687,748,2.955,756,2.687,757,4.303,841,3.741,843,4.303,850,2.686,1034,2.687,1058,4.424,1059,5.089,1060,3.178,1061,5.089,1062,3.178,1063,4.424,1064,4.424,1065,4.424,1066,3.178,1067,3.178,1068,3.178,1069,3.178,1070,3.178,1071,3.178,1072,3.178,1073,3.178,1074,3.178,1075,4.424,1076,3.178,1077,4.424,1078,3.178,1079,3.178]],["t/1045",[10,1.323,14,0.886,18,0.289,34,1.138,48,0.935,49,1.074,50,0.869,51,1.548,52,1.659,53,1.659,57,3.675,59,1.231,60,1.818,61,2.635,62,1.446,72,1.427,79,0.67,100,1.55,101,1.231,104,1.324,108,0.766,137,2.242,145,1.184,161,1.446,190,1.07,191,2.69,196,1.916,197,1.184,205,1.55,239,1.335,248,2.071,250,2.071,253,1.335,255,2.071,276,0.583,301,2.071,329,1.78,331,2.242,354,2.071,445,2.996,475,3.406,532,1.86,587,2.354,597,1.55,602,1.324,639,1.916,661,1.55,740,3.406,786,3.464,787,2.071,789,2.996,798,2.071,819,2.242,836,1.691,838,1.86,867,4.385,868,3.406,978,2.354,980,2.354,981,2.354,982,4.002,983,2.354,984,3.406,997,2.354,1080,4.028,1081,4.028,1082,4.028,1083,4.028,1084,4.028,1085,4.028,1086,4.028,1087,3.406,1088,4.028,1089,4.732,1090,4.732,1091,2.784,1092,4.028,1093,2.784,1094,2.784,1095,2.784,1096,4.028,1097,2.784,1098,2.784,1099,2.784,1100,2.784,1101,2.784,1102,2.784,1103,2.784,1104,2.784,1105,2.784,1106,2.784,1107,4.028,1108,2.784,1109,2.784]],["t/1047",[14,0.802,18,0.376,36,2.317,44,4.233,47,2.006,49,0.745,50,0.719,51,1.466,56,1.466,59,2.213,61,2.124,69,2.548,71,1.798,72,1.378,77,1.959,79,0.918,82,0.918,85,1.05,90,2.548,93,2.838,94,2.838,95,3.962,100,2.124,103,2.548,117,3.226,145,1.122,195,3.226,251,3.226,269,2.838,276,0.799,303,2.124,312,2.124,316,1.959,317,1.482,319,3.344,348,1.466,350,2.317,373,1.815,465,2.548,473,2.838,633,2.838,730,3.724,765,3.962,777,2.317,829,2.838,830,3.226,851,2.838,861,3.226,967,2.838,969,4.233,975,3.226,976,3.226,990,3.226,1033,3.226,1041,3.226,1110,3.816,1111,3.816,1112,3.816,1113,3.816,1114,5.006,1115,3.226,1116,3.816,1117,5.006,1118,3.816]],["t/1049",[18,0.238,34,1.221,48,1.308,49,0.76,50,0.559,54,1.146,59,1.722,60,1.497,62,1.823,67,2.09,70,2.603,71,1.399,72,1.072,79,1.221,82,1.439,84,1.853,85,1.807,88,3.39,102,2.169,104,1.853,106,3.295,148,2.169,190,1.497,194,2.09,212,2.169,225,2.603,242,2.366,261,3.295,285,1.605,316,2.606,317,1.221,319,2.603,323,2.169,348,1.497,416,3.632,461,3.295,465,3.39,601,2.899,605,2.603,606,3.295,629,3.295,688,2.603,819,2.169,826,3.295,875,3.295,901,2.899,1057,3.295,1115,4.292,1119,3.897,1120,3.897,1121,3.897,1122,3.897,1123,3.897,1124,3.897,1125,3.897,1126,3.897,1127,3.897,1128,3.897,1129,3.897,1130,3.897,1131,3.897,1132,3.897,1133,3.897]],["t/1051",[10,0.868,14,0.638,18,0.272,27,1.597,45,1.966,62,2.363,77,2.283,79,1.444,104,2.115,240,4.106,265,3.687,276,0.932,302,2.97,316,2.835,353,3.76,400,3.308,473,3.308,474,2.626,477,3.308,479,3.76,491,2.97,614,3.308,853,4.668,854,3.76,855,3.76,931,3.308,987,3.76,1087,3.76,1134,6.004,1135,4.447,1136,6.004,1137,4.447,1138,4.447,1139,4.447,1140,4.447]]],"invertedIndex":[["",{"_index":10,"t":{"973":{"position":[[92,1],[459,1],[493,1]]},"975":{"position":[[119,1],[559,4]]},"983":{"position":[[209,1]]},"985":{"position":[[1269,1],[2550,1],[2571,2]]},"987":{"position":[[202,1],[317,1],[526,1],[777,1],[953,1]]},"995":{"position":[[448,2]]},"997":{"position":[[366,1],[396,1]]},"1001":{"position":[[39,1],[2366,1],[2387,1],[2447,1],[2498,1],[2500,1],[2543,1],[2545,1],[2568,1],[2591,1],[2618,1],[2638,1],[2668,1],[3726,1],[3747,1],[3804,1],[3860,1],[3862,1],[3900,1],[3902,1],[3918,1],[3939,1],[3964,1],[3984,1],[4005,1],[4033,1],[4110,1]]},"1003":{"position":[[1584,1],[1616,1],[1670,1],[1726,1],[1749,1],[1773,1],[1808,1],[1858,1],[1885,1],[1914,1],[1989,1],[2068,1]]},"1009":{"position":[[213,1],[238,1],[259,1]]},"1011":{"position":[[400,2],[458,2]]},"1019":{"position":[[239,1],[248,1],[264,1],[272,4],[277,1],[312,1],[320,4],[325,1],[330,1],[570,1],[697,1],[706,1],[728,1],[730,1]]},"1021":{"position":[[83,1],[85,1]]},"1023":{"position":[[71,2],[796,1],[1237,1],[1360,3],[1711,4],[1716,2],[1825,1],[1906,1],[1994,1],[2456,2],[2673,1],[2675,1],[2753,1],[2755,1],[2859,1],[3380,1],[3519,1],[4332,2],[6580,2],[6649,1],[7095,2],[7737,1],[8393,1],[10239,1],[10270,1],[11299,1],[11637,1],[11719,1],[11785,1],[12438,1],[12790,2]]},"1027":{"position":[[147,1],[149,1]]},"1029":{"position":[[215,1],[241,1],[278,1],[343,1]]},"1031":{"position":[[895,1]]},"1033":{"position":[[750,1]]},"1037":{"position":[[242,1],[272,4],[317,1],[513,1],[557,1],[629,1],[640,1],[655,1],[796,1],[879,3],[912,1],[923,1],[925,1],[969,1],[988,1],[1050,1],[1282,1],[1468,1],[1644,1],[1737,1],[1803,1],[1901,1],[2080,1],[2161,1],[2266,2],[2269,3],[2273,5],[2279,1],[2396,1],[2398,1],[2494,1],[2582,1],[2612,1],[2656,4],[2665,2],[3338,1],[3419,1],[3448,2],[3451,2],[3484,1],[3496,2],[3523,2],[3556,5],[3566,1]]},"1045":{"position":[[269,1],[304,1],[340,1],[376,1],[411,1],[433,1],[456,1],[473,1],[491,1],[627,4],[1264,1],[1465,1],[1467,1],[1679,2],[1778,1],[1813,1],[1849,1],[1871,1],[1894,1],[1911,1],[1934,1],[1952,1]]},"1051":{"position":[[316,1]]}}}],["0",{"_index":735,"t":{"1023":{"position":[[1430,1],[4592,1],[4605,1]]}}}],["0.0.0.0:4180",{"_index":522,"t":{"1001":{"position":[[4112,14]]}}}],["0.001",{"_index":964,"t":{"1033":{"position":[[884,5]]}}}],["0400",{"_index":929,"t":{"1031":{"position":[[241,5],[1083,4]]},"1033":{"position":[[122,5],[1171,4]]},"1035":{"position":[[267,5],[593,4]]}}}],["1",{"_index":301,"t":{"985":{"position":[[2289,1]]},"1023":{"position":[[1475,3],[12290,4]]},"1045":{"position":[[1630,2]]}}}],["100",{"_index":808,"t":{"1023":{"position":[[4688,3]]}}}],["12",{"_index":968,"t":{"1033":{"position":[[1048,2]]}}}],["123456.apps.googleusercontent.com",{"_index":719,"t":{"1023":{"position":[[592,35]]}}}],["127.0.0.1:4180",{"_index":787,"t":{"1023":{"position":[[4092,16]]},"1035":{"position":[[732,14]]},"1045":{"position":[[664,14]]}}}],["128",{"_index":1064,"t":{"1043":{"position":[[383,3],[434,3]]}}}],["168h0m0",{"_index":727,"t":{"1023":{"position":[[1039,8]]}}}],["19/mar/2015:17:20:19",{"_index":928,"t":{"1031":{"position":[[218,21],[1061,20]]},"1033":{"position":[[99,21],[1149,20]]},"1035":{"position":[[244,21],[571,20]]}}}],["192",{"_index":692,"t":{"1019":{"position":[[644,3]]}}}],["1h",{"_index":259,"t":{"985":{"position":[[919,4]]}}}],["1s",{"_index":768,"t":{"1023":{"position":[[2571,4]]}}}],["2",{"_index":281,"t":{"985":{"position":[[1510,1]]},"1001":{"position":[[2765,2]]},"1023":{"position":[[11761,3],[12366,4]]}}}],["2.0",{"_index":424,"t":{"997":{"position":[[213,3]]},"1001":{"position":[[35,3]]}}}],["200",{"_index":969,"t":{"1033":{"position":[[1097,3]]},"1047":{"position":[[223,3],[336,3]]}}}],["202",{"_index":976,"t":{"1037":{"position":[[131,3]]},"1047":{"position":[[868,3]]}}}],["2048",{"_index":549,"t":{"1003":{"position":[[1052,4]]}}}],["24",{"_index":690,"t":{"1019":{"position":[[630,2]]}}}],["2>&1",{"_index":40,"t":{"973":{"position":[[488,4]]}}}],["2>/dev/nul",{"_index":672,"t":{"1019":{"position":[[227,11]]}}}],["3",{"_index":334,"t":{"987":{"position":[[1119,2]]}}}],["3/4",{"_index":882,"t":{"1023":{"position":[[12063,3]]}}}],["30",{"_index":1107,"t":{"1045":{"position":[[1652,3],[1675,3]]}}}],["32",{"_index":680,"t":{"1019":{"position":[[309,2],[578,2],[708,2]]}}}],["3650",{"_index":561,"t":{"1003":{"position":[[1175,4]]}}}],["401",{"_index":93,"t":{"975":{"position":[[403,3]]},"1037":{"position":[[158,3],[965,3]]},"1047":{"position":[[895,3]]}}}],["4180",{"_index":1095,"t":{"1045":{"position":[[979,5]]}}}],["443",{"_index":789,"t":{"1023":{"position":[[4177,6],[12637,3]]},"1037":{"position":[[251,3]]},"1045":{"position":[[909,3],[1273,3]]}}}],["4kb",{"_index":999,"t":{"1037":{"position":[[1733,3],[1938,4]]}}}],["5",{"_index":295,"t":{"985":{"position":[[1988,1]]}}}],["6",{"_index":336,"t":{"987":{"position":[[1155,2]]}}}],["7",{"_index":804,"t":{"1023":{"position":[[4521,1]]}}}],["74.125.224.72",{"_index":942,"t":{"1031":{"position":[[808,13]]},"1033":{"position":[[663,13]]}}}],["80",{"_index":892,"t":{"1023":{"position":[[12623,3]]}}}],["_",{"_index":677,"t":{"1019":{"position":[[279,3],[327,2],[732,3]]},"1021":{"position":[[104,4]]},"1027":{"position":[[168,4]]}}}],["__host",{"_index":731,"t":{"1023":{"position":[[1216,7]]}}}],["__secur",{"_index":732,"t":{"1023":{"position":[[1228,8]]}}}],["_oauth2_proxi",{"_index":733,"t":{"1023":{"position":[[1266,15]]},"1043":{"position":[[338,14]]}}}],["_oauth2_proxy_1",{"_index":1038,"t":{"1037":{"position":[[3951,18]]}}}],["abov",{"_index":952,"t":{"1031":{"position":[[1324,5]]},"1035":{"position":[[45,5]]}}}],["accept",{"_index":90,"t":{"975":{"position":[[363,7]]},"1023":{"position":[[9089,8]]},"1037":{"position":[[135,8]]},"1047":{"position":[[872,8]]}}}],["access",{"_index":285,"t":{"985":{"position":[[1746,7]]},"987":{"position":[[447,6],[622,7]]},"991":{"position":[[296,7],[924,6],[999,6],[1036,6],[1186,6],[1217,6],[1306,6]]},"993":{"position":[[40,6]]},"1001":{"position":[[1651,6],[1710,7],[2284,6]]},"1003":{"position":[[305,7],[2650,6],[3170,10]]},"1009":{"position":[[528,6],[638,6],[673,6]]},"1023":{"position":[[3333,6],[5560,6],[5630,6],[5714,6],[6496,6],[7324,6],[9542,6],[9571,6],[11543,6]]},"1037":{"position":[[1306,6],[1447,6]]},"1049":{"position":[[214,9]]}}}],["access_by_lua_block",{"_index":1028,"t":{"1037":{"position":[[3399,19]]}}}],["access_token",{"_index":818,"t":{"1023":{"position":[[5589,12]]}}}],["accompani",{"_index":360,"t":{"991":{"position":[[382,11]]}}}],["account",{"_index":260,"t":{"985":{"position":[[977,7],[1091,8],[2388,7]]},"1001":{"position":[[948,8],[3087,8]]},"1003":{"position":[[260,8],[737,7]]},"1009":{"position":[[204,7],[487,7]]},"1023":{"position":[[3797,7],[3841,7]]}}}],["acr",{"_index":707,"t":{"1023":{"position":[[34,3]]}}}],["activ",{"_index":309,"t":{"987":{"position":[[66,6],[592,6]]}}}],["actual",{"_index":626,"t":{"1007":{"position":[[221,6]]},"1009":{"position":[[124,6]]},"1037":{"position":[[3721,6]]}}}],["ad",{"_index":102,"t":{"975":{"position":[[637,5]]},"983":{"position":[[289,2]]},"999":{"position":[[4,6],[49,2]]},"1023":{"position":[[8976,2],[9587,5]]},"1025":{"position":[[750,6]]},"1049":{"position":[[939,5]]}}}],["add",{"_index":165,"t":{"981":{"position":[[148,3]]},"987":{"position":[[0,3],[809,3],[979,3]]},"995":{"position":[[79,3]]},"999":{"position":[[74,3]]},"1001":{"position":[[1296,3],[1643,3],[1874,3]]},"1009":{"position":[[0,3]]},"1015":{"position":[[80,3]]},"1019":{"position":[[332,3]]},"1023":{"position":[[5690,4],[12715,3]]}}}],["add_head",{"_index":997,"t":{"1037":{"position":[[1608,10],[2496,10],[2539,10]]},"1045":{"position":[[1402,10]]}}}],["addit",{"_index":355,"t":{"991":{"position":[[206,10],[775,8]]},"1001":{"position":[[1373,10]]},"1009":{"position":[[559,10]]},"1037":{"position":[[1968,10]]}}}],["addition",{"_index":781,"t":{"1023":{"position":[[3889,12]]}}}],["addr>:/oauth2/callback",{"_index":632,"t":{"1007":{"position":[[611,24]]}}}],["health",{"_index":830,"t":{"1023":{"position":[[6994,6],[7081,6]]},"1047":{"position":[[384,6]]}}}],["healthcheck",{"_index":773,"t":{"1023":{"position":[[2790,12]]}}}],["here",{"_index":529,"t":{"1003":{"position":[[344,5]]}}}],["hex",{"_index":1066,"t":{"1043":{"position":[[406,3]]}}}],["histor",{"_index":1043,"t":{"1041":{"position":[[103,13]]}}}],["hit",{"_index":235,"t":{"985":{"position":[[404,3]]},"987":{"position":[[668,3],[1023,7]]}}}],["hmac",{"_index":1136,"t":{"1051":{"position":[[142,6],[361,4],[493,4]]}}}],["homepag",{"_index":622,"t":{"1007":{"position":[[57,9]]}}}],["host",{"_index":329,"t":{"987":{"position":[[870,4]]},"995":{"position":[[41,7],[827,6]]},"1007":{"position":[[606,4]]},"1011":{"position":[[47,4],[495,4],[560,4],[630,4]]},"1023":{"position":[[914,4],[6274,4],[6308,4]]},"1031":{"position":[[927,4],[960,4]]},"1033":{"position":[[443,9],[782,4],[815,4]]},"1037":{"position":[[370,4],[375,6],[708,4],[713,6]]},"1045":{"position":[[1520,4],[1525,6]]}}}],["host>/api/v3",{"_index":384,"t":{"991":{"position":[[1953,13]]}}}],["host>/login/oauth/access_token",{"_index":383,"t":{"991":{"position":[[1878,31]]}}}],["host>/login/oauth/author",{"_index":381,"t":{"991":{"position":[[1808,28]]}}}],["host>/oauth2/callback",{"_index":642,"t":{"1011":{"position":[[144,21],[298,22]]}}}],["host>/realms/:/sign_in",{"_index":833,"t":{"1023":{"position":[[7208,18]]}}}],["oauth2_proxy_",{"_index":911,"t":{"1027":{"position":[[93,14]]}}}],["oauth2_proxy_cookie_secret",{"_index":916,"t":{"1027":{"position":[[425,27]]}}}],["oauth2_proxy_email_domain",{"_index":917,"t":{"1027":{"position":[[489,27]]}}}],["oauth2_proxy_jwt_key",{"_index":567,"t":{"1003":{"position":[[1299,24]]}}}],["oauth2_proxy_jwt_key_file=/etc/ssl/private/jwt_signing_key.pem",{"_index":593,"t":{"1003":{"position":[[2672,62]]}}}],["oauth_proxi",{"_index":729,"t":{"1023":{"position":[[1154,11]]}}}],["oauthproxy.go",{"_index":1138,"t":{"1051":{"position":[[227,14]]}}}],["obtain",{"_index":888,"t":{"1023":{"position":[[12150,9]]}}}],["occur",{"_index":972,"t":{"1035":{"position":[[187,5]]}}}],["oidc",{"_index":416,"t":{"995":{"position":[[900,4]]},"1001":{"position":[[463,4],[495,4],[608,4],[721,6],[815,4],[884,4],[3029,4]]},"1003":{"position":[[16,4],[1673,4],[3247,4],[3293,4],[3480,4],[3559,4],[3662,4],[3706,4],[3805,4]]},"1023":{"position":[[5097,4],[5209,4],[5254,4],[5364,4],[5455,4],[5476,4],[5526,4],[5794,4],[6528,4],[10572,4],[10599,4],[10656,4],[12361,4]]},"1049":{"position":[[481,4],[667,4],[780,4],[889,4]]}}}],["oidc\"redirect_url",{"_index":480,"t":{"1001":{"position":[[2368,18],[3728,18]]}}}],["oidc_issuer_url",{"_index":490,"t":{"1001":{"position":[[2679,15]]}}}],["ok",{"_index":44,"t":{"973":{"position":[[534,2]]},"1047":{"position":[[227,2],[340,2]]}}}],["okoauth2",{"_index":42,"t":{"973":{"position":[[500,8]]}}}],["okta",{"_index":453,"t":{"1001":{"position":[[792,5],[833,5],[903,5],[919,4],[1772,4],[3048,4],[3174,4],[3649,4],[3822,4]]}}}],["old",{"_index":803,"t":{"1023":{"position":[[4507,3],[4567,3]]}}}],["omit",{"_index":894,"t":{"1023":{"position":[[12673,4]]}}}],["on",{"_index":89,"t":{"975":{"position":[[354,3]]},"979":{"position":[[674,4]]},"1003":{"position":[[2206,3]]},"1009":{"position":[[683,3]]},"1013":{"position":[[156,3]]},"1019":{"position":[[39,3]]},"1023":{"position":[[347,4],[7481,4],[10517,3]]},"1031":{"position":[[298,3]]},"1039":{"position":[[187,3]]}}}],["onc",{"_index":174,"t":{"981":{"position":[[421,4]]},"985":{"position":[[2558,4]]},"1003":{"position":[[2843,4]]}}}],["open",{"_index":130,"t":{"979":{"position":[[113,4]]},"985":{"position":[[460,4]]},"1001":{"position":[[106,4]]}}}],["openid",{"_index":204,"t":{"983":{"position":[[292,6],[544,6]]},"995":{"position":[[132,7]]},"1001":{"position":[[0,6],[697,6],[1935,6]]},"1003":{"position":[[862,6],[906,6]]},"1023":{"position":[[5391,6]]}}}],["openssl",{"_index":552,"t":{"1003":{"position":[[1104,7]]},"1019":{"position":[[78,7],[288,7]]}}}],["option",{"_index":54,"t":{"973":{"position":[[660,8]]},"985":{"position":[[1062,11]]},"991":{"position":[[276,8],[362,7]]},"995":{"position":[[679,7]]},"1001":{"position":[[1028,10],[1330,6],[1759,8]]},"1003":{"position":[[1540,8],[2132,7],[3495,7]]},"1007":{"position":[[407,8],[530,7],[706,7]]},"1009":{"position":[[344,8],[584,7]]},"1011":{"position":[[223,7]]},"1017":{"position":[[48,8],[148,7]]},"1021":{"position":[[169,6]]},"1023":{"position":[[0,6],[52,9],[803,8],[1306,8],[1537,11],[10059,7],[11923,10],[12226,6],[12403,7],[12840,7]]},"1025":{"position":[[61,6]]},"1037":{"position":[[4097,6]]},"1049":{"position":[[985,6]]}}}],["order",{"_index":657,"t":{"1017":{"position":[[109,5]]}}}],["org",{"_index":364,"t":{"991":{"position":[[534,3],[635,7],[795,4],[1559,3]]},"1023":{"position":[[2981,3],[3467,3]]}}}],["organ",{"_index":324,"t":{"987":{"position":[[430,13]]},"991":{"position":[[259,12],[580,12],[713,12]]}}}],["organis",{"_index":365,"t":{"991":{"position":[[678,12]]},"1023":{"position":[[3027,12]]}}}],["orgname/repo",{"_index":374,"t":{"991":{"position":[[1150,12]]},"1023":{"position":[[3225,12]]}}}],["origin",{"_index":246,"t":{"985":{"position":[[628,7]]},"1001":{"position":[[146,10]]}}}],["os,base64",{"_index":666,"t":{"1019":{"position":[[125,10]]}}}],["otherwis",{"_index":461,"t":{"1001":{"position":[[1210,10]]},"1049":{"position":[[992,9]]}}}],["out",{"_index":465,"t":{"1001":{"position":[[1432,3],[1625,3]]},"1003":{"position":[[1156,3]]},"1047":{"position":[[461,3]]},"1049":{"position":[[17,4],[325,3]]}}}],["output",{"_index":918,"t":{"1029":{"position":[[34,6],[81,6]]},"1031":{"position":[[142,6]]},"1033":{"position":[[23,6]]},"1035":{"position":[[80,6]]}}}],["outsid",{"_index":914,"t":{"1027":{"position":[[326,7]]},"1035":{"position":[[193,7]]}}}],["overrid",{"_index":430,"t":{"999":{"position":[[183,8]]},"1023":{"position":[[6830,8],[8044,8]]}}}],["override_speci",{"_index":697,"t":{"1019":{"position":[[711,16]]}}}],["overwrit",{"_index":659,"t":{"1017":{"position":[[161,9],[224,9]]}}}],["packag",{"_index":654,"t":{"1015":{"position":[[37,7]]}}}],["pad",{"_index":1068,"t":{"1043":{"position":[[479,9]]}}}],["page",{"_index":319,"t":{"987":{"position":[[332,4],[551,4],[792,4],[962,4]]},"1023":{"position":[[6903,4],[10754,4]]},"1047":{"position":[[426,5],[465,4]]},"1049":{"position":[[329,4]]}}}],["pair",{"_index":756,"t":{"1023":{"position":[[2256,5]]},"1043":{"position":[[533,4]]}}}],["pane",{"_index":223,"t":{"985":{"position":[[237,5],[280,5],[321,5],[428,5]]}}}],["paramet",{"_index":901,"t":{"1025":{"position":[[258,10],[1096,10],[1121,9]]},"1037":{"position":[[3773,10]]},"1049":{"position":[[364,10]]}}}],["part",{"_index":1001,"t":{"1037":{"position":[[1796,6],[2177,4],[2455,4]]}}}],["particularli",{"_index":913,"t":{"1027":{"position":[[286,12]]}}}],["pass",{"_index":63,"t":{"975":{"position":[[12,7]]},"985":{"position":[[2104,4]]},"987":{"position":[[1292,6]]},"1001":{"position":[[1102,6]]},"1003":{"position":[[2283,4]]},"1007":{"position":[[388,4]]},"1009":{"position":[[325,4]]},"1011":{"position":[[204,4]]},"1023":{"position":[[512,7],[5555,4],[5578,4],[5758,4],[5789,4],[5859,4],[5880,4],[6083,7],[6221,4],[6243,4],[6269,4],[6291,4],[6339,4],[6362,4],[9537,4]]},"1025":{"position":[[71,4]]},"1037":{"position":[[990,4],[1301,4],[1330,4]]},"1039":{"position":[[276,6]]}}}],["password",{"_index":718,"t":{"1023":{"position":[[471,8],[491,8],[1827,8],[7966,8],[7988,9],[8057,8],[8113,8],[8144,9],[8204,9],[8234,8]]}}}],["patch",{"_index":185,"t":{"981":{"position":[[601,7]]}}}],["path",{"_index":303,"t":{"985":{"position":[[2349,4]]},"1023":{"position":[[753,4],[1291,4],[1322,4],[1749,4],[2369,4],[2405,5],[2463,5],[3821,4],[4869,4],[6656,5],[6937,4],[7158,4],[10142,5],[10342,5],[11209,4],[11256,4],[11356,5],[11450,4]]},"1025":{"position":[[501,5],[703,4],[852,4],[1256,4]]},"1029":{"position":[[854,4],[880,6]]},"1033":{"position":[[162,8],[1014,4]]},"1047":{"position":[[279,6]]}}}],["path/to/cert.key",{"_index":1103,"t":{"1045":{"position":[[1383,18]]}}}],["path/to/cert.pem",{"_index":1101,"t":{"1045":{"position":[[1344,18]]}}}],["path/to/sit",{"_index":1012,"t":{"1037":{"position":[[2623,15]]}}}],["pem",{"_index":548,"t":{"1003":{"position":[[1023,4],[2383,3],[2528,3]]},"1023":{"position":[[4724,3],[4901,3]]}}}],["per",{"_index":653,"t":{"1013":{"position":[[166,3]]},"1023":{"position":[[352,3]]}}}],["perform",{"_index":454,"t":{"1001":{"position":[[839,7]]}}}],["period",{"_index":763,"t":{"1023":{"position":[[2505,6]]}}}],["permiss",{"_index":300,"t":{"985":{"position":[[2239,11]]},"987":{"position":[[538,12],[703,12]]},"1009":{"position":[[176,11]]}}}],["pick",{"_index":313,"t":{"987":{"position":[[171,4],[349,4]]},"1001":{"position":[[1542,4],[1967,4]]}}}],["pin",{"_index":1097,"t":{"1045":{"position":[[1227,3]]}}}],["ping",{"_index":829,"t":{"1023":{"position":[[6932,4],[6953,4],[7008,7],[7018,4],[9934,4],[9983,4]]},"1029":{"position":[[716,5],[743,4],[791,4],[849,4]]},"1047":{"position":[[318,5]]}}}],["ping,/path2",{"_index":761,"t":{"1023":{"position":[[2441,14]]}}}],["plain",{"_index":1019,"t":{"1037":{"position":[[2894,5]]}}}],["platform",{"_index":475,"t":{"1001":{"position":[[1910,8]]},"1045":{"position":[[599,8],[790,8]]}}}],["pleas",{"_index":129,"t":{"979":{"position":[[99,6],[144,6],[346,6],[434,6]]},"983":{"position":[[425,6]]}}}],["plural",{"_index":701,"t":{"1021":{"position":[[186,6]]},"1027":{"position":[[257,6]]}}}],["poc",{"_index":734,"t":{"1023":{"position":[[1353,6]]}}}],["polici",{"_index":470,"t":{"1001":{"position":[[1658,8]]}}}],["port",{"_index":445,"t":{"1001":{"position":[[338,5]]},"1023":{"position":[[12537,5],[12596,4],[12709,5],[12780,5]]},"1045":{"position":[[904,4],[974,4]]}}}],["possibl",{"_index":120,"t":{"977":{"position":[[165,9]]},"979":{"position":[[467,9]]},"995":{"position":[[651,8]]}}}],["post",{"_index":134,"t":{"979":{"position":[[158,4]]}}}],["potenti",{"_index":155,"t":{"979":{"position":[[622,9]]}}}],["powershel",{"_index":664,"t":{"1019":{"position":[[86,10]]}}}],["pr",{"_index":132,"t":{"979":{"position":[[130,2]]},"981":{"position":[[373,3]]}}}],["prebuilt",{"_index":3,"t":{"973":{"position":[[34,8],[192,8],[288,8]]}}}],["preced",{"_index":658,"t":{"1017":{"position":[[118,11]]}}}],["prefer",{"_index":822,"t":{"1023":{"position":[[5954,9],[6004,6],[6030,6],[6419,9],[9447,9]]}}}],["preferred_usernam",{"_index":214,"t":{"983":{"position":[[484,18]]}}}],["prefix",{"_index":730,"t":{"1023":{"position":[[1209,6],[7131,6],[11698,6],[12422,8]]},"1027":{"position":[[75,9]]},"1047":{"position":[[136,6],[175,6]]}}}],["preflight",{"_index":857,"t":{"1023":{"position":[[10015,9]]}}}],["present",{"_index":159,"t":{"979":{"position":[[705,7]]},"1023":{"position":[[6544,8],[10874,9],[10990,9]]},"1039":{"position":[[237,7]]}}}],["pretti",{"_index":613,"t":{"1005":{"position":[[282,6]]}}}],["prevent",{"_index":1051,"t":{"1041":{"position":[[460,7]]}}}],["preview",{"_index":457,"t":{"1001":{"position":[[989,7]]}}}],["previou",{"_index":188,"t":{"981":{"position":[[652,8]]}}}],["previous",{"_index":170,"t":{"981":{"position":[[287,10]]}}}],["print",{"_index":874,"t":{"1023":{"position":[[11590,5]]}}}],["print(base64.urlsafe_b64encode(os.urandom(32)).decod",{"_index":667,"t":{"1019":{"position":[[136,57]]}}}],["privat",{"_index":139,"t":{"979":{"position":[[222,8]]},"981":{"position":[[37,9]]},"991":{"position":[[1048,7]]},"1003":{"position":[[1065,7]]},"1023":{"position":[[4709,7],[4881,7],[11264,7]]}}}],["process",{"_index":591,"t":{"1003":{"position":[[2587,7]]},"1033":{"position":[[933,8]]},"1037":{"position":[[2934,9],[2980,9]]}}}],["product",{"_index":233,"t":{"985":{"position":[[370,8]]},"1003":{"position":[[294,10]]}}}],["profil",{"_index":404,"t":{"995":{"position":[[140,7]]},"1003":{"position":[[1992,7]]},"1023":{"position":[[6469,7],[6488,7]]}}}],["project",{"_index":110,"t":{"977":{"position":[[33,8],[74,7],[204,8]]},"985":{"position":[[53,8],[123,7],[150,7],[184,7],[212,7]]},"991":{"position":[[13,8]]},"997":{"position":[[55,8]]},"1001":{"position":[[118,9]]}}}],["prompt",{"_index":710,"t":{"1023":{"position":[[85,6],[6514,6],[6533,7],[6562,6]]}}}],["proper",{"_index":776,"t":{"1023":{"position":[[2871,6]]}}}],["properli",{"_index":408,"t":{"995":{"position":[[325,9]]}}}],["properti",{"_index":318,"t":{"987":{"position":[[319,12]]}}}],["propos",{"_index":168,"t":{"981":{"position":[[257,8]]}}}],["protect",{"_index":330,"t":{"987":{"position":[[892,7]]},"1001":{"position":[[1496,11],[1586,8]]},"1023":{"position":[[8959,9]]},"1043":{"position":[[774,8]]}}}],["protocol",{"_index":543,"t":{"1003":{"position":[[842,9]]},"1023":{"position":[[12614,8]]},"1031":{"position":[[973,8],[1003,9]]},"1033":{"position":[[502,13],[828,8],[858,9]]}}}],["provid",{"_index":34,"t":{"973":{"position":[[403,8],[546,8],[596,8],[749,8]]},"975":{"position":[[309,8],[473,9],[740,8]]},"983":{"position":[[54,8],[90,10],[195,9],[360,8],[395,8],[450,9],[559,9]]},"985":{"position":[[2208,8]]},"987":{"position":[[1190,8]]},"991":{"position":[[184,8],[1264,7]]},"1001":{"position":[[84,9],[133,8],[307,8],[454,8],[469,8],[500,9],[712,8],[774,9],[820,8],[889,8],[1225,8],[2357,8],[3034,8],[3717,8]]},"1003":{"position":[[21,8],[1565,8],[1893,8],[3268,9],[3550,8]]},"1005":{"position":[[14,8],[125,9],[528,8]]},"1007":{"position":[[378,9]]},"1009":{"position":[[315,9]]},"1011":{"position":[[323,8]]},"1015":{"position":[[27,9],[61,8],[151,9]]},"1023":{"position":[[1465,9],[1870,8],[6585,8],[6607,8],[6625,8],[6724,9],[6801,8],[6920,9],[10715,8],[10901,9],[12306,9],[12822,8]]},"1025":{"position":[[194,9],[353,7],[691,7],[1149,9]]},"1037":{"position":[[4023,8]]},"1045":{"position":[[89,9],[460,12],[1898,12]]},"1049":{"position":[[169,8],[785,8]]}}}],["provider'",{"_index":605,"t":{"1003":{"position":[[3422,10]]},"1023":{"position":[[6843,10]]},"1037":{"position":[[1699,10]]},"1049":{"position":[[309,10]]}}}],["provider.example.com",{"_index":1133,"t":{"1049":{"position":[[894,20]]}}}],["provider.example.com%2fsign_out_pag",{"_index":1126,"t":{"1049":{"position":[[486,36]]}}}],["provider/sign_out_pag",{"_index":1129,"t":{"1049":{"position":[[672,25]]}}}],["provider=\"github",{"_index":643,"t":{"1011":{"position":[[247,17]]}}}],["provider=\"gitlab",{"_index":409,"t":{"995":{"position":[[379,17]]}}}],["provider=azur",{"_index":332,"t":{"987":{"position":[[1066,14]]}}}],["provider=bitbucket",{"_index":636,"t":{"1009":{"position":[[355,18]]}}}],["provider=digitalocean",{"_index":627,"t":{"1007":{"position":[[418,21]]}}}],["provider=keycloak",{"_index":388,"t":{"993":{"position":[[341,17]]}}}],["providers.new",{"_index":655,"t":{"1015":{"position":[[98,15]]}}}],["proxi",{"_index":14,"t":{"973":{"position":[[132,5],[242,5],[509,5],[622,5]]},"975":{"position":[[32,5],[729,5]]},"977":{"position":[[12,5]]},"979":{"position":[[65,5],[339,6]]},"983":{"position":[[179,5]]},"985":{"position":[[2306,5],[2422,6]]},"987":{"position":[[914,6],[1053,5]]},"1001":{"position":[[284,5],[422,5],[528,5],[549,5],[2961,5],[2981,5],[4157,5],[4177,5]]},"1003":{"position":[[393,5],[661,5],[1512,5],[1558,5],[2999,7],[3190,6],[3340,5],[3582,5],[3603,5]]},"1007":{"position":[[206,5],[249,5]]},"1009":{"position":[[108,6],[152,5]]},"1011":{"position":[[238,6]]},"1015":{"position":[[130,5]]},"1017":{"position":[[7,5]]},"1023":{"position":[[7125,5],[7173,5],[7239,5],[7279,8],[7465,5],[8995,5],[9038,6],[10324,5],[11913,5],[12035,5],[12204,5]]},"1025":{"position":[[7,5],[623,5],[978,5]]},"1029":{"position":[[19,5]]},"1031":{"position":[[905,5]]},"1033":{"position":[[760,5]]},"1037":{"position":[[192,8],[1763,5]]},"1039":{"position":[[109,5]]},"1041":{"position":[[97,5],[396,5],[655,6]]},"1045":{"position":[[80,5],[204,5],[263,5],[647,5],[946,8],[965,5],[992,5],[1713,5],[1772,5]]},"1047":{"position":[[7,5],[87,7],[169,5]]},"1051":{"position":[[29,7]]}}}],["proxy'",{"_index":70,"t":{"975":{"position":[[96,7]]},"1007":{"position":[[296,7]]},"1037":{"position":[[86,7]]},"1049":{"position":[[91,7]]}}}],["proxy.cfg",{"_index":704,"t":{"1021":{"position":[[225,9],[326,9]]}}}],["proxy/oauth2",{"_index":13,"t":{"973":{"position":[[119,12],[229,12]]}}}],["proxy/oauth2/callback",{"_index":624,"t":{"1007":{"position":[[163,22]]}}}],["proxy=tru",{"_index":1109,"t":{"1045":{"position":[[1923,10]]}}}],["proxy>/oauth2/callback",{"_index":635,"t":{"1009":{"position":[[63,23]]}}}],["proxy_buffer_s",{"_index":342,"t":{"987":{"position":[[1333,17]]}}}],["proxy_connect_timeout",{"_index":1105,"t":{"1045":{"position":[[1608,21]]}}}],["proxy_pass",{"_index":980,"t":{"1037":{"position":[[319,10],[657,10],[2584,10],[2948,10]]},"1045":{"position":[[1469,10]]}}}],["proxy_pass_request_bodi",{"_index":988,"t":{"1037":{"position":[[883,23]]}}}],["proxy_read_timeout",{"_index":1108,"t":{"1045":{"position":[[1656,18]]}}}],["proxy_send_timeout",{"_index":1106,"t":{"1045":{"position":[[1633,18]]}}}],["proxy_set_head",{"_index":982,"t":{"1037":{"position":[[353,16],[382,16],[423,16],[458,16],[559,16],[691,16],[720,16],[761,16],[847,16],[1218,16],[1249,16],[1428,16]]},"1045":{"position":[[1503,16],[1532,16],[1573,16]]}}}],["proxyus",{"_index":839,"t":{"1023":{"position":[[7523,9]]}}}],["pubjwk",{"_index":579,"t":{"1003":{"position":[[1917,6]]},"1023":{"position":[[7295,6]]}}}],["pubkey",{"_index":835,"t":{"1023":{"position":[[7317,6]]}}}],["public",{"_index":371,"t":{"991":{"position":[[1011,6],[1229,6]]},"1003":{"position":[[974,6]]}}}],["public_repo",{"_index":377,"t":{"991":{"position":[[1376,11]]}}}],["publicli",{"_index":136,"t":{"979":{"position":[[175,9]]}}}],["push",{"_index":370,"t":{"991":{"position":[[994,4]]},"1023":{"position":[[3328,4]]}}}],["put",{"_index":15,"t":{"973":{"position":[[149,3]]}}}],["python",{"_index":662,"t":{"1019":{"position":[[66,6],[107,6]]}}}],["quay.io/oauth2",{"_index":21,"t":{"973":{"position":[[214,14]]}}}],["queri",{"_index":1124,"t":{"1049":{"position":[[358,5]]}}}],["quick",{"_index":551,"t":{"1003":{"position":[[1080,5]]}}}],["quickli",{"_index":119,"t":{"977":{"position":[[154,7]]}}}],["r_basicprofil",{"_index":422,"t":{"997":{"position":[[168,14]]}}}],["r_emailaddress",{"_index":423,"t":{"997":{"position":[[187,15]]}}}],["rand",{"_index":679,"t":{"1019":{"position":[[296,4]]}}}],["random",{"_index":1065,"t":{"1043":{"position":[[391,6],[442,6]]}}}],["random_password",{"_index":694,"t":{"1019":{"position":[[663,17]]}}}],["rang",{"_index":878,"t":{"1023":{"position":[[11812,6]]}}}],["raw",{"_index":1006,"t":{"1037":{"position":[[2229,3]]}}}],["rc3.org",{"_index":1140,"t":{"1051":{"position":[[478,8]]}}}],["rd",{"_index":1123,"t":{"1049":{"position":[[355,2]]}}}],["re",{"_index":1057,"t":{"1041":{"position":[[799,2]]},"1049":{"position":[[200,2]]}}}],["reach",{"_index":862,"t":{"1023":{"position":[[10771,5]]}}}],["read",{"_index":302,"t":{"985":{"position":[[2323,4]]},"991":{"position":[[1207,4]]},"1009":{"position":[[240,4],[261,4]]},"1051":{"position":[[396,4]]}}}],["readi",{"_index":186,"t":{"981":{"position":[[613,6]]}}}],["readiness_check",{"_index":775,"t":{"1023":{"position":[[2837,17]]}}}],["real",{"_index":597,"t":{"1003":{"position":[[3070,4],[3215,4]]},"1023":{"position":[[7365,4],[7423,4],[7509,4],[7539,4],[9077,4],[11936,4]]},"1031":{"position":[[867,4]]},"1033":{"position":[[722,4]]},"1037":{"position":[[401,4],[739,4]]},"1045":{"position":[[1551,4]]}}}],["realm>/protocol/openid",{"_index":394,"t":{"993":{"position":[[482,22],[570,22],[661,22]]}}}],["reason",{"_index":296,"t":{"985":{"position":[[1998,6]]}}}],["recommend",{"_index":255,"t":{"985":{"position":[[867,11]]},"1037":{"position":[[3574,11]]},"1045":{"position":[[14,11]]}}}],["redeem",{"_index":382,"t":{"991":{"position":[[1837,6]]},"993":{"position":[[519,6]]},"1003":{"position":[[3765,6]]},"1005":{"position":[[686,6]]},"1011":{"position":[[527,6]]},"1023":{"position":[[7549,6],[10639,6]]}}}],["redempt",{"_index":840,"t":{"1023":{"position":[[7573,10]]}}}],["redi",{"_index":97,"t":{"975":{"position":[[552,6]]},"987":{"position":[[1380,5]]},"1023":{"position":[[7700,5],[7752,5],[7837,5],[7857,5],[7892,5],[7909,5],[7960,5],[7982,5],[8017,5],[8075,5],[8098,5],[8129,5],[8193,5],[8228,5],[8245,5],[8279,5],[8334,5],[8355,5],[8408,5],[8494,5],[8515,5],[8549,5],[8575,5],[8633,5],[8668,5],[8700,5],[8733,5],[9335,5]]},"1039":{"position":[[326,5]]},"1043":{"position":[[4,5],[57,6],[606,5],[711,5],[873,5],[936,5],[964,5],[1055,5],[1112,5],[1175,5],[1208,5],[1254,5],[1357,5],[1412,5],[1475,5],[1505,5]]}}}],["redirect",{"_index":85,"t":{"975":{"position":[[276,10]]},"983":{"position":[[123,8]]},"985":{"position":[[699,8]]},"989":{"position":[[95,8]]},"993":{"position":[[76,8]]},"995":{"position":[[178,8],[399,8],[477,8]]},"997":{"position":[[217,8]]},"1001":{"position":[[556,8],[2027,8],[3309,8],[3369,8]]},"1003":{"position":[[1379,8],[1619,8],[3610,8]]},"1005":{"position":[[448,12]]},"1007":{"position":[[315,8],[562,8],[680,8]]},"1011":{"position":[[87,8],[267,8]]},"1023":{"position":[[2048,9],[2609,8],[7595,8],[7625,8],[11664,11],[12500,8]]},"1037":{"position":[[490,8],[591,8]]},"1047":{"position":[[586,8]]},"1049":{"position":[[22,8],[269,8],[380,8],[550,8],[585,8],[646,9],[873,8],[1006,8]]}}}],["redis://host[:port",{"_index":842,"t":{"1023":{"position":[[7788,21],[7937,20],[8445,21]]}}}],["reduc",{"_index":922,"t":{"1029":{"position":[[804,8]]}}}],["refer",{"_index":544,"t":{"1003":{"position":[[930,5],[1284,8]]},"1005":{"position":[[367,5]]}}}],["refresh",{"_index":256,"t":{"985":{"position":[[882,7],[936,7],[2540,9]]},"1001":{"position":[[2137,7],[3478,7]]},"1023":{"position":[[1373,7],[1390,7],[12333,8]]},"1037":{"position":[[1494,8]]},"1041":{"position":[[734,10]]}}}],["refresh/access/id",{"_index":1072,"t":{"1043":{"position":[[787,17]]}}}],["regex",{"_index":68,"t":{"975":{"position":[[70,6]]},"1023":{"position":[[10094,5],[10363,5]]}}}],["regist",{"_index":46,"t":{"973":{"position":[[559,8]]},"983":{"position":[[17,8]]},"1003":{"position":[[453,8],[765,8]]}}}],["registr",{"_index":215,"t":{"985":{"position":[[16,12]]},"987":{"position":[[114,14],[156,14]]},"997":{"position":[[18,12]]}}}],["regular",{"_index":172,"t":{"981":{"position":[[365,7]]}}}],["releas",{"_index":6,"t":{"973":{"position":[[59,7],[421,7]]},"981":{"position":[[493,8],[661,9]]}}}],["reload",{"_index":1039,"t":{"1037":{"position":[[4107,6]]}}}],["remain",{"_index":425,"t":{"997":{"position":[[300,9]]}}}],["remot",{"_index":883,"t":{"1023":{"position":[[12067,6]]}}}],["remote_addr",{"_index":983,"t":{"1037":{"position":[[409,13],[747,13]]},"1045":{"position":[[1559,13]]}}}],["remote_address",{"_index":926,"t":{"1031":{"position":[[181,16]]},"1033":{"position":[[62,16]]}}}],["remov",{"_index":1119,"t":{"1049":{"position":[[76,7]]}}}],["replac",{"_index":698,"t":{"1021":{"position":[[65,9]]},"1027":{"position":[[129,9]]}}}],["replace(\"/\",\"_",{"_index":686,"t":{"1019":{"position":[[550,19]]}}}],["repli",{"_index":327,"t":{"987":{"position":[[779,6]]}}}],["repo",{"_index":372,"t":{"991":{"position":[[1076,8]]},"1003":{"position":[[2497,4]]},"1023":{"position":[[3148,4]]}}}],["report",{"_index":950,"t":{"1031":{"position":[[1163,8]]},"1033":{"position":[[1301,8]]}}}],["repositori",{"_index":358,"t":{"991":{"position":[[329,11],[953,11],[1018,10],[1056,11],[1126,10],[1236,10],[1320,11],[1445,10]]},"1009":{"position":[[245,12],[696,10]]},"1023":{"position":[[3201,10],[3292,10],[3347,11]]}}}],["repository=/index.php/apps/oauth2/api/v1/token",{"_index":619,"t":{"1005":{"position":[[714,40]]}}}],["url>/index.php/apps/oauth2/author",{"_index":618,"t":{"1005":{"position":[[647,37]]}}}],["url>/ocs/v2.php/cloud/user?format=json",{"_index":620,"t":{"1005":{"position":[[786,39]]}}}],["url]/stat",{"_index":910,"t":{"1025":{"position":[[984,13]]}}}],["url]/var/www/stat",{"_index":906,"t":{"1025":{"position":[[629,21]]}}}],["us",{"_index":18,"t":{"973":{"position":[[182,5],[628,5]]},"975":{"position":[[761,6]]},"979":{"position":[[550,4]]},"981":{"position":[[3,3],[361,3]]},"983":{"position":[[385,5]]},"987":{"position":[[230,3],[1169,5]]},"991":{"position":[[1426,3],[1686,5]]},"993":{"position":[[766,5]]},"995":{"position":[[16,5],[816,5]]},"999":{"position":[[175,4]]},"1001":{"position":[[194,3],[238,5],[320,5],[382,3],[740,4],[924,5],[4047,3]]},"1003":{"position":[[2172,3],[3211,3]]},"1005":{"position":[[105,5],[276,5]]},"1007":{"position":[[370,3],[670,3]]},"1009":{"position":[[43,3],[307,3],[555,3],[707,3]]},"1013":{"position":[[29,3],[105,3],[209,3]]},"1015":{"position":[[139,3]]},"1019":{"position":[[35,3]]},"1021":{"position":[[286,4]]},"1023":{"position":[[927,4],[1196,3],[1990,3],[2669,3],[2749,3],[3273,3],[4247,5],[4370,3],[4735,4],[4912,4],[5656,4],[6040,3],[6126,3],[6194,4],[6696,4],[6785,4],[6882,4],[6979,4],[7066,4],[7401,4],[7810,4],[7843,3],[8154,4],[8222,3],[8307,4],[8340,3],[8467,4],[8500,3],[8521,3],[8608,3],[8639,3],[8767,3],[9483,7],[9525,4],[9693,7],[9801,7],[10889,5],[11005,5],[12217,3],[12376,5],[12786,3]]},"1025":{"position":[[830,4],[1214,4]]},"1027":{"position":[[299,6]]},"1029":{"position":[[111,5],[735,5]]},"1031":{"position":[[857,3]]},"1033":{"position":[[712,3]]},"1037":{"position":[[1651,5],[2677,3],[2719,3],[3589,3],[4070,3]]},"1039":{"position":[[115,4]]},"1041":{"position":[[78,4],[287,5]]},"1043":{"position":[[863,5],[1102,3],[1118,3],[1363,3],[1481,3],[1511,3]]},"1045":{"position":[[732,5],[815,3],[1184,3]]},"1047":{"position":[[375,3],[521,4],[647,4],[777,4],[926,3]]},"1049":{"position":[[345,5]]},"1051":{"position":[[487,5]]}}}],["usag",{"_index":1073,"t":{"1043":{"position":[[851,6]]}}}],["user",{"_index":82,"t":{"975":{"position":[[248,4],[643,4]]},"985":{"position":[[393,6],[2171,4],[2439,4]]},"987":{"position":[[410,5],[661,6]]},"991":{"position":[[436,4],[463,5],[971,5],[1196,5],[1286,4],[1481,4],[1619,8]]},"997":{"position":[[119,4]]},"1001":{"position":[[2256,5]]},"1005":{"position":[[58,5]]},"1009":{"position":[[659,5]]},"1023":{"position":[[2878,4],[3368,4],[3396,5],[5914,5],[6020,4],[6248,4],[6344,4],[6379,5],[7023,4],[7043,4],[7111,4],[9401,5],[11457,4],[11503,4]]},"1029":{"position":[[748,4]]},"1031":{"position":[[94,4],[341,4],[410,4],[1149,4]]},"1033":{"position":[[1287,4]]},"1037":{"position":[[1013,4],[1115,5],[1237,4],[1242,6]]},"1039":{"position":[[138,4]]},"1041":{"position":[[790,5]]},"1043":{"position":[[184,4]]},"1047":{"position":[[258,4]]},"1049":{"position":[[12,4],[121,4],[282,4],[393,4]]}}}],["user'",{"_index":1041,"t":{"1039":{"position":[[17,6]]},"1047":{"position":[[792,6]]}}}],["user/settings/appl",{"_index":640,"t":{"1011":{"position":[[52,28]]}}}],["user@domain.com",{"_index":927,"t":{"1031":{"position":[[200,17]]},"1033":{"position":[[81,17]]}}}],["user_ag",{"_index":956,"t":{"1033":{"position":[[180,14]]}}}],["userag",{"_index":949,"t":{"1031":{"position":[[1128,9]]},"1033":{"position":[[516,14],[1266,9]]}}}],["usernam",{"_index":378,"t":{"991":{"position":[[1506,8],[1644,9]]},"1023":{"position":[[1816,8],[3414,8],[5964,8],[6069,8],[6130,8],[6429,8],[9457,8]]},"1031":{"position":[[63,8],[676,13],[1198,8],[1239,8]]},"1033":{"position":[[412,13],[1336,8],[1377,8]]}}}],["username@email.com",{"_index":951,"t":{"1031":{"position":[[1207,18]]},"1033":{"position":[[1345,18]]}}}],["utc",{"_index":797,"t":{"1023":{"position":[[4430,3]]}}}],["v3.0.0",{"_index":38,"t":{"973":{"position":[[451,7]]}}}],["v6.1.1",{"_index":7,"t":{"973":{"position":[[70,7]]}}}],["valid",{"_index":27,"t":{"973":{"position":[[313,9]]},"981":{"position":[[231,8]]},"983":{"position":[[189,5]]},"985":{"position":[[958,9]]},"989":{"position":[[83,5]]},"991":{"position":[[1910,8]]},"993":{"position":[[70,5],[608,8]]},"1005":{"position":[[756,8],[849,8]]},"1011":{"position":[[595,8]]},"1019":{"position":[[572,5]]},"1023":{"position":[[10847,10],[10963,10],[11523,8],[11556,10],[12494,5]]},"1051":{"position":[[384,11]]}}}],["valu",{"_index":211,"t":{"983":{"position":[[418,6]]},"987":{"position":[[1011,5]]},"993":{"position":[[865,5]]},"1023":{"position":[[38,6]]},"1025":{"position":[[795,5]]},"1031":{"position":[[947,5]]},"1033":{"position":[[802,5]]},"1043":{"position":[[203,5]]}}}],["var/www/stat",{"_index":909,"t":{"1025":{"position":[[933,16]]}}}],["variabl",{"_index":56,"t":{"973":{"position":[[684,9]]},"1003":{"position":[[2157,10],[2303,9],[2366,9],[2747,9]]},"1005":{"position":[[192,9]]},"1017":{"position":[[69,9],[183,9],[209,9]]},"1027":{"position":[[63,8],[238,8]]},"1029":{"position":[[613,10]]},"1031":{"position":[[744,9],[772,8]]},"1033":{"position":[[596,9],[627,8]]},"1035":{"position":[[500,9],[532,8]]},"1037":{"position":[[2202,9],[2838,9],[3826,8]]},"1047":{"position":[[189,9]]}}}],["verif",{"_index":814,"t":{"1023":{"position":[[5226,12],[5500,13]]}}}],["verifi",{"_index":30,"t":{"973":{"position":[[350,9]]},"991":{"position":[[1435,9]]},"1023":{"position":[[3282,9],[5183,8],[10434,8],[10830,6],[10946,6]]}}}],["version",{"_index":37,"t":{"973":{"position":[[443,7]]},"979":{"position":[[679,8]]},"1023":{"position":[[11578,7],[11596,7]]}}}],["via",{"_index":602,"t":{"1003":{"position":[[3308,3]]},"1005":{"position":[[161,3]]},"1017":{"position":[[31,3]]},"1023":{"position":[[338,3],[5614,3],[5819,3],[8674,3]]},"1031":{"position":[[1365,3]]},"1037":{"position":[[71,3],[1007,3],[2944,3],[3755,3]]},"1043":{"position":[[717,3],[958,3]]},"1045":{"position":[[1247,3]]}}}],["volum",{"_index":923,"t":{"1029":{"position":[[817,7]]}}}],["vulner",{"_index":127,"t":{"979":{"position":[[37,13],[606,13]]},"981":{"position":[[75,16],[308,15]]}}}],["want",{"_index":323,"t":{"987":{"position":[[396,4],[884,4]]},"1001":{"position":[[1046,4]]},"1003":{"position":[[580,4]]},"1025":{"position":[[677,5]]},"1043":{"position":[[1094,4]]},"1049":{"position":[[865,4]]}}}],["warn",{"_index":884,"t":{"1023":{"position":[[12083,8]]}}}],["way",{"_index":356,"t":{"991":{"position":[[217,4]]},"1003":{"position":[[1086,3]]}}}],["web",{"_index":240,"t":{"985":{"position":[[529,4]]},"1001":{"position":[[1898,3],[3142,3],[3261,3]]},"1051":{"position":[[423,3],[514,3]]}}}],["webapp",{"_index":314,"t":{"987":{"position":[[194,7]]}}}],["websocket",{"_index":834,"t":{"1023":{"position":[[7245,10],[7269,9]]}}}],["well",{"_index":757,"t":{"1023":{"position":[[2290,5],[2328,5],[2923,4]]},"1043":{"position":[[924,4],[1145,4],[1308,5]]}}}],["whether",{"_index":401,"t":{"995":{"position":[[0,7]]},"1005":{"position":[[241,7]]},"1023":{"position":[[9054,7]]}}}],["whitelist",{"_index":875,"t":{"1023":{"position":[[11613,9],[12386,9],[12729,11]]},"1049":{"position":[[954,9]]}}}],["wide_authority_to_your_service_account",{"_index":279,"t":{"985":{"position":[[1438,38]]}}}],["window",{"_index":325,"t":{"987":{"position":[[577,8]]}}}],["wish",{"_index":460,"t":{"1001":{"position":[[1146,4],[1578,4],[1671,4],[2276,4]]},"1007":{"position":[[95,5]]}}}],["within",{"_index":128,"t":{"979":{"position":[[51,6]]},"991":{"position":[[703,6]]},"1001":{"position":[[4077,6]]},"1041":{"position":[[568,6]]}}}],["without",{"_index":977,"t":{"1037":{"position":[[184,7]]}}}],["work",{"_index":112,"t":{"977":{"position":[[61,4]]},"995":{"position":[[320,4]]},"1001":{"position":[[1247,5],[1744,4]]},"1003":{"position":[[210,4]]},"1023":{"position":[[2918,4]]},"1037":{"position":[[1528,4]]}}}],["write",{"_index":376,"t":{"991":{"position":[[1300,5]]}}}],["x",{"_index":819,"t":{"1023":{"position":[[5618,1],[5699,1],[5902,1],[5920,1],[5942,1],[6367,1],[6385,1],[6407,1],[7490,1],[7507,1],[7521,1],[7537,1],[9075,1],[9386,1],[9407,1],[9432,1],[9556,1],[10227,1]]},"1031":{"position":[[865,1]]},"1033":{"position":[[720,1]]},"1037":{"position":[[399,1],[440,1],[475,1],[576,1],[737,1],[778,1],[1011,1],[1022,1],[1235,1],[1266,1],[1445,1]]},"1045":{"position":[[1549,1],[1590,1]]},"1049":{"position":[[570,1]]}}}],["x.y.z.linux",{"_index":43,"t":{"973":{"position":[[515,11]]}}}],["x509",{"_index":554,"t":{"1003":{"position":[[1117,4]]}}}],["xauthrequest",{"_index":820,"t":{"1023":{"position":[[5672,12],[9364,12]]},"1037":{"position":[[1080,12]]}}}],["xxx\"client_secret",{"_index":515,"t":{"1001":{"position":[[3920,18]]}}}],["xxxxx\"client_secret",{"_index":485,"t":{"1001":{"position":[[2570,20]]}}}],["you'd",{"_index":375,"t":{"991":{"position":[[1166,5]]}}}],["yourcompany.com",{"_index":720,"t":{"1023":{"position":[[853,18]]}}}],["yyy\"pass_access_token",{"_index":516,"t":{"1001":{"position":[[3941,22]]}}}],["yyyyy\"pass_access_token",{"_index":486,"t":{"1001":{"position":[[2593,24]]}}}],["zzz\"cookie_secur",{"_index":517,"t":{"1001":{"position":[[3986,18]]}}}],["zzzzz\"skip_provider_button",{"_index":488,"t":{"1001":{"position":[[2640,27]]}}}]],"pipeline":["stemmer"]}}] \ No newline at end of file diff --git a/docs/7.0.x/behaviour/index.html b/docs/7.0.x/behaviour/index.html index 48ed5cfc..3185f269 100644 --- a/docs/7.0.x/behaviour/index.html +++ b/docs/7.0.x/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
Version: 7.0.x

Behaviour

  1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
  2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
  3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
  4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful endpoints.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/community/security/index.html b/docs/7.0.x/community/security/index.html index 4c8ffa65..c5d602d3 100644 --- a/docs/7.0.x/community/security/index.html +++ b/docs/7.0.x/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/configuration/alpha-config/index.html b/docs/7.0.x/configuration/alpha-config/index.html index cb7b1a6f..6b71cacf 100644 --- a/docs/7.0.x/configuration/alpha-config/index.html +++ b/docs/7.0.x/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -34,7 +34,7 @@ response header.

FieldTypeDescription make up the header value

FieldTypeDescription
value[]byteValue expects a base64 encoded string value.
fromEnvstringFromEnv expects the name of an environment variable.
fromFilestringFromFile expects a path to a file containing the secret value.
claimstringClaim is the name of the claim in the session that the value should be
loaded from.
prefixstringPrefix is an optional prefix that will be prepended to the value of the
claim if it is non-empty.
basicAuthPasswordSecretSourceBasicAuthPassword converts this claim into a basic auth header.
Note the value of claim will become the basic auth username and the
basicAuthPassword will be used as the password value.

SecretSource

(Appears on: ClaimSource, HeaderValue)

SecretSource references an individual secret value. Only one source within the struct should be defined at any time.

FieldTypeDescription
value[]byteValue expects a base64 encoded string value.
fromEnvstringFromEnv expects the name of an environment variable.
fromFilestringFromFile expects a path to a file containing the secret value.

Upstream

(Appears on: Upstreams)

Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

FieldTypeDescription
idstringID should be a unique identifier for the upstream.
This value is required for all upstreams.
pathstringPath is used to map requests to the upstream server.
The closest match will take precedence and all Paths must be unique.
uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
based URL. It may include a path, in which case all requests will be served
under that path.
Eg:
- http://localhost:8080
- https://service.localhost
- https://service.localhost/path
- file://host/path
If the URI's path is "/base" and the incoming request was for "/dir",
the upstream request will be for "/base/dir".
insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
This option is insecure and will allow potential Man-In-The-Middle attacks
betweem OAuth2 Proxy and the usptream server.
Defaults to false.
staticboolStatic will make all requests to this upstream have a static response.
The response will have a body of "Authenticated" and a response code
matching StaticCode.
If StaticCode is not set, the response will return a 200 response.
staticCodeintStaticCode determines the response code for the Static response.
This option can only be used with Static enabled.
flushIntervalDurationFlushInterval is the period between flushing the response buffer when
streaming response from the upstream.
Defaults to 1 second.
passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
to the upstream server.
Defaults to true.
proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
Defaults to true.

Upstreams

([]Upstream alias)

(Appears on: AlphaOptions)

Upstreams is a collection of definitions for upstream servers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/configuration/oauth_provider/index.html b/docs/7.0.x/configuration/oauth_provider/index.html index 044fa6c0..eb0815ec 100644 --- a/docs/7.0.x/configuration/oauth_provider/index.html +++ b/docs/7.0.x/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -49,7 +49,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/configuration/overview/index.html b/docs/7.0.x/configuration/overview/index.html index 00fc267b..56c04645 100644 --- a/docs/7.0.x/configuration/overview/index.html +++ b/docs/7.0.x/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

{{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

Available variables for request logging:

VariableExampleDescription
Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
Hostdomain.comThe value of the Host header.
ProtocolHTTP/1.0The request protocol.
RequestDuration0.001The time in seconds that a request took to process.
RequestMethodGETThe request method.
RequestURI"/oauth2/auth"The URI path of the request.
ResponseSize12The size in bytes of the response.
StatusCode200The HTTP status code of the response.
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Upstream-The upstream data of the HTTP request.
UserAgent-The full user agent as reported by the requesting client.
Usernameusername@email.comThe email or username of the auth request.

Standard Log Format

All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

[19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

[{{.Timestamp}}] [{{.File}}] {{.Message}}

Available variables for standard logging:

VariableExampleDescription
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Filemain.go:40The file and line number of the logging statement.
MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

Configuring for use with the Nginx auth_request directive

The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

server {
  listen 443 ssl;
  server_name ...;
  include ssl/ssl.conf;

  location /oauth2/ {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
    # or, if you are handling multiple domains:
    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
  }
  location = /oauth2/auth {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Scheme         $scheme;
    # nginx auth_request includes headers but not body
    proxy_set_header Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --pass-access-token, this will pass the token to the backend
    auth_request_set $token  $upstream_http_x_auth_request_access_token;
    proxy_set_header X-Access-Token $token;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;

    # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
    # limit and so the OAuth2 Proxy splits these into multiple parts.
    # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
    # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
    auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

    # Extract the Cookie attributes from the first Set-Cookie header and append them
    # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
    if ($auth_cookie ~* "(; .*)") {
        set $auth_cookie_name_0 $auth_cookie;
        set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
    }

    # Send both Set-Cookie headers now if there was a second part
    if ($auth_cookie_name_upstream_1) {
        add_header Set-Cookie $auth_cookie_name_0;
        add_header Set-Cookie $auth_cookie_name_1;
    }

    proxy_pass http://backend/;
    # or "root /path/to/site;" or "fastcgi_pass ..." etc
  }
}

When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
  auth_request_set $name_upstream_1 $upstream_cookie_name_1;

  access_by_lua_block {
    if ngx.var.name_upstream_1 ~= "" then
      ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
    end
  }

It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

Configuring for use with the Traefik (v2) ForwardAuth middleware

This option requires --reverse-proxy option to be set.

ForwardAuth with 401 errors middleware

The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

http:
  routers:
    a-service:
      rule: "Host(`a-service.example.com`)"
      service: a-service-backend
      middlewares:
        - oauth-errors
        - oauth-auth
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth:
      rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
    oauth-errors:
      errors:
        status:
          - "401-403"
        service: oauth-backend
        query: "/oauth2/sign_in"

ForwardAuth with static upstreams configuration

Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

Following options need to be set on oauth2-proxy:

  • --upstream=static://202: Configures a static response for authenticated sessions
  • --reverseproxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
http:
  routers:
    a-service-route-1:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    a-service-route-2:
      rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-wo-redirect # unauthenticated session will return a 401
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    services-oauth2-route:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth2-proxy-route:
      rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    b-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.3:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth-redirect:
      forwardAuth:
        address: https://oauth.example.com/
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
    oauth-auth-wo-redirect:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
note

If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/configuration/session_storage/index.html b/docs/7.0.x/configuration/session_storage/index.html index 65ed77c5..a429206f 100644 --- a/docs/7.0.x/configuration/session_storage/index.html +++ b/docs/7.0.x/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -25,7 +25,7 @@ disclosure.

Usage--redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately.

Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/configuration/tls/index.html b/docs/7.0.x/configuration/tls/index.html index 350506a9..dffdb07b 100644 --- a/docs/7.0.x/configuration/tls/index.html +++ b/docs/7.0.x/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -15,7 +15,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

server {
    listen 443 default ssl;
    server_name internal.yourcompany.com;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/cert.key;
    add_header Strict-Transport-Security max-age=2592000;

    location / {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}

The command line to run oauth2-proxy in this configuration would look like this:

./oauth2-proxy \
   --email-domain="yourcompany.com"  \
   --upstream=http://127.0.0.1:8080/ \
   --cookie-secret=... \
   --cookie-secure=true \
   --provider=... \
   --reverse-proxy=true \
   --client-id=... \
   --client-secret=...
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/features/endpoints/index.html b/docs/7.0.x/features/endpoints/index.html index 0e702e89..dffd25d8 100644 --- a/docs/7.0.x/features/endpoints/index.html +++ b/docs/7.0.x/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
Version: 7.0.x

Endpoints

OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

  • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
  • /ping - returns a 200 OK response, which is intended for use with health checks
  • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
  • /oauth2/sign_out - this URL is used to clear the session cookie
  • /oauth2/start - a URL that will redirect to start the OAuth cycle
  • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
  • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
  • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive

Sign out

To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

GET /oauth2/sign_out HTTP/1.1
X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
...

(The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/features/request_signatures/index.html b/docs/7.0.x/features/request_signatures/index.html index d8586a8a..33e9d98d 100644 --- a/docs/7.0.x/features/request_signatures/index.html +++ b/docs/7.0.x/features/request_signatures/index.html @@ -4,7 +4,7 @@ Request Signatures | OAuth2 Proxy - + @@ -17,7 +17,7 @@ in oauthproxy.go.

signature_key must be of t following:

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.0.x/index.html b/docs/7.0.x/index.html index dfa5d131..6181bf81 100644 --- a/docs/7.0.x/index.html +++ b/docs/7.0.x/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
Version: 7.0.x

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v7.0.1)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOPATH/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

$ sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/behaviour/index.html b/docs/7.1.x/behaviour/index.html index fe67a8b9..deeda507 100644 --- a/docs/7.1.x/behaviour/index.html +++ b/docs/7.1.x/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
Version: 7.1.x

Behaviour

  1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
  2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
  3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
  4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful endpoints.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/community/security/index.html b/docs/7.1.x/community/security/index.html index 3cfd3700..fa869dd6 100644 --- a/docs/7.1.x/community/security/index.html +++ b/docs/7.1.x/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/configuration/alpha-config/index.html b/docs/7.1.x/configuration/alpha-config/index.html index 6f10e843..30f75b7b 100644 --- a/docs/7.1.x/configuration/alpha-config/index.html +++ b/docs/7.1.x/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -34,7 +34,7 @@ response header.

FieldTypeDescription make up the header value

FieldTypeDescription
value[]byteValue expects a base64 encoded string value.
fromEnvstringFromEnv expects the name of an environment variable.
fromFilestringFromFile expects a path to a file containing the secret value.
claimstringClaim is the name of the claim in the session that the value should be
loaded from.
prefixstringPrefix is an optional prefix that will be prepended to the value of the
claim if it is non-empty.
basicAuthPasswordSecretSourceBasicAuthPassword converts this claim into a basic auth header.
Note the value of claim will become the basic auth username and the
basicAuthPassword will be used as the password value.

SecretSource

(Appears on: ClaimSource, HeaderValue, TLS)

SecretSource references an individual secret value. Only one source within the struct should be defined at any time.

FieldTypeDescription
value[]byteValue expects a base64 encoded string value.
fromEnvstringFromEnv expects the name of an environment variable.
fromFilestringFromFile expects a path to a file containing the secret value.

Server

(Appears on: AlphaOptions)

Server represents the configuration for an HTTP(S) server

FieldTypeDescription
BindAddressstringBindAddress is the address on which to serve traffic.
Leave blank or set to "-" to disable.
SecureBindAddressstringSecureBindAddress is the address on which to serve secure traffic.
Leave blank or set to "-" to disable.
TLSTLSTLS contains the information for loading the certificate and key for the
secure traffic.

TLS

(Appears on: Server)

TLS contains the information for loading a TLS certifcate and key.

FieldTypeDescription
KeySecretSourceKey is the TLS key data to use.
Typically this will come from a file.
CertSecretSourceCert is the TLS certificate data to use.
Typically this will come from a file.

Upstream

(Appears on: Upstreams)

Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

FieldTypeDescription
idstringID should be a unique identifier for the upstream.
This value is required for all upstreams.
pathstringPath is used to map requests to the upstream server.
The closest match will take precedence and all Paths must be unique.
uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
based URL. It may include a path, in which case all requests will be served
under that path.
Eg:
- http://localhost:8080
- https://service.localhost
- https://service.localhost/path
- file://host/path
If the URI's path is "/base" and the incoming request was for "/dir",
the upstream request will be for "/base/dir".
insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
This option is insecure and will allow potential Man-In-The-Middle attacks
betweem OAuth2 Proxy and the usptream server.
Defaults to false.
staticboolStatic will make all requests to this upstream have a static response.
The response will have a body of "Authenticated" and a response code
matching StaticCode.
If StaticCode is not set, the response will return a 200 response.
staticCodeintStaticCode determines the response code for the Static response.
This option can only be used with Static enabled.
flushIntervalDurationFlushInterval is the period between flushing the response buffer when
streaming response from the upstream.
Defaults to 1 second.
passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
to the upstream server.
Defaults to true.
proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
Defaults to true.

Upstreams

([]Upstream alias)

(Appears on: AlphaOptions)

Upstreams is a collection of definitions for upstream servers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/configuration/oauth_provider/index.html b/docs/7.1.x/configuration/oauth_provider/index.html index d3199889..614a8f75 100644 --- a/docs/7.1.x/configuration/oauth_provider/index.html +++ b/docs/7.1.x/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -49,7 +49,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/configuration/overview/index.html b/docs/7.1.x/configuration/overview/index.html index 6e4c1884..635b93ff 100644 --- a/docs/7.1.x/configuration/overview/index.html +++ b/docs/7.1.x/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

{{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

Available variables for request logging:

VariableExampleDescription
Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
Hostdomain.comThe value of the Host header.
ProtocolHTTP/1.0The request protocol.
RequestDuration0.001The time in seconds that a request took to process.
RequestID00010203-0405-4607-8809-0a0b0c0d0e0fThe request ID pulled from the --request-id-header. Random UUID if empty
RequestMethodGETThe request method.
RequestURI"/oauth2/auth"The URI path of the request.
ResponseSize12The size in bytes of the response.
StatusCode200The HTTP status code of the response.
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Upstream-The upstream data of the HTTP request.
UserAgent-The full user agent as reported by the requesting client.
Usernameusername@email.comThe email or username of the auth request.

Standard Log Format

All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

[19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

[{{.Timestamp}}] [{{.File}}] {{.Message}}

Available variables for standard logging:

VariableExampleDescription
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Filemain.go:40The file and line number of the logging statement.
MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

Configuring for use with the Nginx auth_request directive

The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

server {
  listen 443 ssl;
  server_name ...;
  include ssl/ssl.conf;

  location /oauth2/ {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
    # or, if you are handling multiple domains:
    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
  }
  location = /oauth2/auth {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Scheme         $scheme;
    # nginx auth_request includes headers but not body
    proxy_set_header Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --pass-access-token, this will pass the token to the backend
    auth_request_set $token  $upstream_http_x_auth_request_access_token;
    proxy_set_header X-Access-Token $token;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;

    # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
    # limit and so the OAuth2 Proxy splits these into multiple parts.
    # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
    # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
    auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

    # Extract the Cookie attributes from the first Set-Cookie header and append them
    # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
    if ($auth_cookie ~* "(; .*)") {
        set $auth_cookie_name_0 $auth_cookie;
        set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
    }

    # Send both Set-Cookie headers now if there was a second part
    if ($auth_cookie_name_upstream_1) {
        add_header Set-Cookie $auth_cookie_name_0;
        add_header Set-Cookie $auth_cookie_name_1;
    }

    proxy_pass http://backend/;
    # or "root /path/to/site;" or "fastcgi_pass ..." etc
  }
}

When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
  auth_request_set $name_upstream_1 $upstream_cookie_name_1;

  access_by_lua_block {
    if ngx.var.name_upstream_1 ~= "" then
      ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
    end
  }

It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

Configuring for use with the Traefik (v2) ForwardAuth middleware

This option requires --reverse-proxy option to be set.

ForwardAuth with 401 errors middleware

The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

http:
  routers:
    a-service:
      rule: "Host(`a-service.example.com`)"
      service: a-service-backend
      middlewares:
        - oauth-errors
        - oauth-auth
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth:
      rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
    oauth-errors:
      errors:
        status:
          - "401-403"
        service: oauth-backend
        query: "/oauth2/sign_in"

ForwardAuth with static upstreams configuration

Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

Following options need to be set on oauth2-proxy:

  • --upstream=static://202: Configures a static response for authenticated sessions
  • --reverseproxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
http:
  routers:
    a-service-route-1:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    a-service-route-2:
      rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-wo-redirect # unauthenticated session will return a 401
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    services-oauth2-route:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth2-proxy-route:
      rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    b-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.3:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth-redirect:
      forwardAuth:
        address: https://oauth.example.com/
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
    oauth-auth-wo-redirect:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
note

If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/configuration/session_storage/index.html b/docs/7.1.x/configuration/session_storage/index.html index 6357cf35..79e48312 100644 --- a/docs/7.1.x/configuration/session_storage/index.html +++ b/docs/7.1.x/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -25,7 +25,7 @@ disclosure.

Usage--redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately.

Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/configuration/tls/index.html b/docs/7.1.x/configuration/tls/index.html index 66542dbf..a6477a61 100644 --- a/docs/7.1.x/configuration/tls/index.html +++ b/docs/7.1.x/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -15,7 +15,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

server {
    listen 443 default ssl;
    server_name internal.yourcompany.com;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/cert.key;
    add_header Strict-Transport-Security max-age=2592000;

    location / {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}

The command line to run oauth2-proxy in this configuration would look like this:

./oauth2-proxy \
   --email-domain="yourcompany.com"  \
   --upstream=http://127.0.0.1:8080/ \
   --cookie-secret=... \
   --cookie-secure=true \
   --provider=... \
   --reverse-proxy=true \
   --client-id=... \
   --client-secret=...
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/features/endpoints/index.html b/docs/7.1.x/features/endpoints/index.html index 3c4883bb..67d43c93 100644 --- a/docs/7.1.x/features/endpoints/index.html +++ b/docs/7.1.x/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
Version: 7.1.x

Endpoints

OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

  • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
  • /ping - returns a 200 OK response, which is intended for use with health checks
  • /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
  • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
  • /oauth2/sign_out - this URL is used to clear the session cookie
  • /oauth2/start - a URL that will redirect to start the OAuth cycle
  • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
  • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
  • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive

Sign out

To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

GET /oauth2/sign_out HTTP/1.1
X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
...

(The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.1.x/index.html b/docs/7.1.x/index.html index 14e37c74..36a9970a 100644 --- a/docs/7.1.x/index.html +++ b/docs/7.1.x/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
Version: 7.1.x

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v7.1.3)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOPATH/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

    d. Using a Kubernetes manifest (Helm)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

$ sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/behaviour/index.html b/docs/7.2.x/behaviour/index.html index fa6c8da4..8e6a4b8f 100644 --- a/docs/7.2.x/behaviour/index.html +++ b/docs/7.2.x/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
Version: 7.2.x

Behaviour

  1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
  2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
  3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
  4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful endpoints.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/community/security/index.html b/docs/7.2.x/community/security/index.html index ed64735d..771f4e4b 100644 --- a/docs/7.2.x/community/security/index.html +++ b/docs/7.2.x/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/configuration/alpha-config/index.html b/docs/7.2.x/configuration/alpha-config/index.html index 7688f0c2..38844e22 100644 --- a/docs/7.2.x/configuration/alpha-config/index.html +++ b/docs/7.2.x/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -34,7 +34,7 @@ response header.

FieldTypeDescription make up the header value

FieldTypeDescription
value[]byteValue expects a base64 encoded string value.
fromEnvstringFromEnv expects the name of an environment variable.
fromFilestringFromFile expects a path to a file containing the secret value.
claimstringClaim is the name of the claim in the session that the value should be
loaded from.
prefixstringPrefix is an optional prefix that will be prepended to the value of the
claim if it is non-empty.
basicAuthPasswordSecretSourceBasicAuthPassword converts this claim into a basic auth header.
Note the value of claim will become the basic auth username and the
basicAuthPassword will be used as the password value.

KeycloakOptions

(Appears on: Provider)

FieldTypeDescription
groups[]stringGroup enables to restrict login to members of indicated group
roles[]stringRole enables to restrict login to users with role (only available when using the keycloak-oidc provider)

LoginGovOptions

(Appears on: Provider)

FieldTypeDescription
jwtKeystringJWTKey is a private key in PEM format used to sign JWT,
jwtKeyFilestringJWTKeyFile is a path to the private key file in PEM format used to sign the JWT
pubjwkURLstringPubJWKURL is the JWK pubkey access endpoint

OIDCOptions

(Appears on: Provider)

FieldTypeDescription
issuerURLstringIssuerURL is the OpenID Connect issuer URL
eg: https://accounts.google.com
insecureAllowUnverifiedEmailboolInsecureAllowUnverifiedEmail prevents failures if an email address in an id_token is not verified
default set to 'false'
insecureSkipIssuerVerificationboolInsecureSkipIssuerVerification skips verification of ID token issuers. When false, ID Token Issuers must match the OIDC discovery URL
default set to 'false'
insecureSkipNonceboolInsecureSkipNonce skips verifying the ID Token's nonce claim that must match
the random nonce sent in the initial OAuth flow. Otherwise, the nonce is checked
after the initial OAuth redeem & subsequent token refreshes.
default set to 'true'
Warning: In a future release, this will change to 'false' by default for enhanced security.
skipDiscoveryboolSkipDiscovery allows to skip OIDC discovery and use manually supplied Endpoints
default set to 'false'
jwksURLstringJwksURL is the OpenID Connect JWKS URL
eg: https://www.googleapis.com/oauth2/v3/certs
emailClaimstringEmailClaim indicates which claim contains the user email,
default set to 'email'
groupsClaimstringGroupsClaim indicates which claim contains the user groups
default set to 'groups'
userIDClaimstringUserIDClaim indicates which claim contains the user ID
default set to 'email'

Provider

(Appears on: Providers)

Provider holds all configuration for a single provider

FieldTypeDescription
clientIDstringClientID is the OAuth Client ID that is defined in the provider
This value is required for all providers.
clientSecretstringClientSecret is the OAuth Client Secret that is defined in the provider
This value is required for all providers.
clientSecretFilestringClientSecretFile is the name of the file
containing the OAuth Client Secret, it will be used if ClientSecret is not set.
keycloakConfigKeycloakOptionsKeycloakConfig holds all configurations for Keycloak provider.
azureConfigAzureOptionsAzureConfig holds all configurations for Azure provider.
ADFSConfigADFSOptionsADFSConfig holds all configurations for ADFS provider.
bitbucketConfigBitbucketOptionsBitbucketConfig holds all configurations for Bitbucket provider.
githubConfigGitHubOptionsGitHubConfig holds all configurations for GitHubC provider.
gitlabConfigGitLabOptionsGitLabConfig holds all configurations for GitLab provider.
googleConfigGoogleOptionsGoogleConfig holds all configurations for Google provider.
oidcConfigOIDCOptionsOIDCConfig holds all configurations for OIDC provider
or providers utilize OIDC configurations.
loginGovConfigLoginGovOptionsLoginGovConfig holds all configurations for LoginGov provider.
idstringID should be a unique identifier for the provider.
This value is required for all providers.
providerstringType is the OAuth provider
must be set from the supported providers group,
otherwise 'Google' is set as default
namestringName is the providers display name
if set, it will be shown to the users in the login page.
caFiles[]stringCAFiles is a list of paths to CA certificates that should be used when connecting to the provider.
If not specified, the default Go trust sources are used instead
loginURLstringLoginURL is the authentication endpoint
redeemURLstringRedeemURL is the token redemption endpoint
profileURLstringProfileURL is the profile access endpoint
resourcestringProtectedResource is the resource that is protected (Azure AD and ADFS only)
validateURLstringValidateURL is the access token validation endpoint
scopestringScope is the OAuth scope specification
promptstringPrompt is OIDC prompt
approvalPromptstringApprovalPrompt is the OAuth approval_prompt
default is set to 'force'
allowedGroups[]stringAllowedGroups is a list of restrict logins to members of this group
acrValuesstringAcrValues is a string of acr values

Providers

([]Provider alias)

(Appears on: AlphaOptions)

Providers is a collection of definitions for providers.

SecretSource

(Appears on: ClaimSource, HeaderValue, TLS)

SecretSource references an individual secret value. Only one source within the struct should be defined at any time.

FieldTypeDescription
value[]byteValue expects a base64 encoded string value.
fromEnvstringFromEnv expects the name of an environment variable.
fromFilestringFromFile expects a path to a file containing the secret value.

Server

(Appears on: AlphaOptions)

Server represents the configuration for an HTTP(S) server

FieldTypeDescription
BindAddressstringBindAddress is the address on which to serve traffic.
Leave blank or set to "-" to disable.
SecureBindAddressstringSecureBindAddress is the address on which to serve secure traffic.
Leave blank or set to "-" to disable.
TLSTLSTLS contains the information for loading the certificate and key for the
secure traffic.

TLS

(Appears on: Server)

TLS contains the information for loading a TLS certifcate and key.

FieldTypeDescription
KeySecretSourceKey is the TLS key data to use.
Typically this will come from a file.
CertSecretSourceCert is the TLS certificate data to use.
Typically this will come from a file.

Upstream

(Appears on: UpstreamConfig)

Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

FieldTypeDescription
idstringID should be a unique identifier for the upstream.
This value is required for all upstreams.
pathstringPath is used to map requests to the upstream server.
The closest match will take precedence and all Paths must be unique.
Path can also take a pattern when used with RewriteTarget.
Path segments can be captured and matched using regular experessions.
Eg:
- ^/foo$: Match only the explicit path /foo
- ^/bar/$: Match any path prefixed with /bar/
- ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget
rewriteTargetstringRewriteTarget allows users to rewrite the request path before it is sent to
the upstream server.
Use the Path to capture segments for reuse within the rewrite target.
Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewrite
the request /baz/abc/123 to /foo/abc/123 before proxying to the
upstream server.
uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
based URL. It may include a path, in which case all requests will be served
under that path.
Eg:
- http://localhost:8080
- https://service.localhost
- https://service.localhost/path
- file://host/path
If the URI's path is "/base" and the incoming request was for "/dir",
the upstream request will be for "/base/dir".
insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
This option is insecure and will allow potential Man-In-The-Middle attacks
betweem OAuth2 Proxy and the usptream server.
Defaults to false.
staticboolStatic will make all requests to this upstream have a static response.
The response will have a body of "Authenticated" and a response code
matching StaticCode.
If StaticCode is not set, the response will return a 200 response.
staticCodeintStaticCode determines the response code for the Static response.
This option can only be used with Static enabled.
flushIntervalDurationFlushInterval is the period between flushing the response buffer when
streaming response from the upstream.
Defaults to 1 second.
passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
to the upstream server.
Defaults to true.
proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
Defaults to true.

UpstreamConfig

(Appears on: AlphaOptions)

UpstreamConfig is a collection of definitions for upstream servers.

FieldTypeDescription
proxyRawPathboolProxyRawPath will pass the raw url path to upstream allowing for url's
like: "/%2F/" which would otherwise be redirected to "/"
upstreams[]UpstreamUpstreams represents the configuration for the upstream servers.
Requests will be proxied to this upstream if the path matches the request path.
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/configuration/oauth_provider/index.html b/docs/7.2.x/configuration/oauth_provider/index.html index 07bf3f7e..4e12dbc2 100644 --- a/docs/7.2.x/configuration/oauth_provider/index.html +++ b/docs/7.2.x/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -49,7 +49,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/configuration/overview/index.html b/docs/7.2.x/configuration/overview/index.html index 23b94244..260eb9ff 100644 --- a/docs/7.2.x/configuration/overview/index.html +++ b/docs/7.2.x/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

{{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

Available variables for request logging:

VariableExampleDescription
Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
Hostdomain.comThe value of the Host header.
ProtocolHTTP/1.0The request protocol.
RequestDuration0.001The time in seconds that a request took to process.
RequestID00010203-0405-4607-8809-0a0b0c0d0e0fThe request ID pulled from the --request-id-header. Random UUID if empty
RequestMethodGETThe request method.
RequestURI"/oauth2/auth"The URI path of the request.
ResponseSize12The size in bytes of the response.
StatusCode200The HTTP status code of the response.
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Upstream-The upstream data of the HTTP request.
UserAgent-The full user agent as reported by the requesting client.
Usernameusername@email.comThe email or username of the auth request.

Standard Log Format

All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

[19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

[{{.Timestamp}}] [{{.File}}] {{.Message}}

Available variables for standard logging:

VariableExampleDescription
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Filemain.go:40The file and line number of the logging statement.
MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

Configuring for use with the Nginx auth_request directive

The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

server {
  listen 443 ssl;
  server_name ...;
  include ssl/ssl.conf;

  location /oauth2/ {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
    # or, if you are handling multiple domains:
    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
  }
  location = /oauth2/auth {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Scheme         $scheme;
    # nginx auth_request includes headers but not body
    proxy_set_header Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --pass-access-token, this will pass the token to the backend
    auth_request_set $token  $upstream_http_x_auth_request_access_token;
    proxy_set_header X-Access-Token $token;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;

    # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
    # limit and so the OAuth2 Proxy splits these into multiple parts.
    # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
    # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
    auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

    # Extract the Cookie attributes from the first Set-Cookie header and append them
    # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
    if ($auth_cookie ~* "(; .*)") {
        set $auth_cookie_name_0 $auth_cookie;
        set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
    }

    # Send both Set-Cookie headers now if there was a second part
    if ($auth_cookie_name_upstream_1) {
        add_header Set-Cookie $auth_cookie_name_0;
        add_header Set-Cookie $auth_cookie_name_1;
    }

    proxy_pass http://backend/;
    # or "root /path/to/site;" or "fastcgi_pass ..." etc
  }
}

When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
  auth_request_set $name_upstream_1 $upstream_cookie_name_1;

  access_by_lua_block {
    if ngx.var.name_upstream_1 ~= "" then
      ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
    end
  }

It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

Configuring for use with the Traefik (v2) ForwardAuth middleware

This option requires --reverse-proxy option to be set.

ForwardAuth with 401 errors middleware

The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

http:
  routers:
    a-service:
      rule: "Host(`a-service.example.com`)"
      service: a-service-backend
      middlewares:
        - oauth-errors
        - oauth-auth
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth:
      rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
    oauth-errors:
      errors:
        status:
          - "401-403"
        service: oauth-backend
        query: "/oauth2/sign_in"

ForwardAuth with static upstreams configuration

Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

Following options need to be set on oauth2-proxy:

  • --upstream=static://202: Configures a static response for authenticated sessions
  • --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
http:
  routers:
    a-service-route-1:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    a-service-route-2:
      rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-wo-redirect # unauthenticated session will return a 401
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    services-oauth2-route:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth2-proxy-route:
      rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    b-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.3:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth-redirect:
      forwardAuth:
        address: https://oauth.example.com/
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
    oauth-auth-wo-redirect:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
note

If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/configuration/session_storage/index.html b/docs/7.2.x/configuration/session_storage/index.html index cc9f8dab..1adf50b7 100644 --- a/docs/7.2.x/configuration/session_storage/index.html +++ b/docs/7.2.x/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -25,7 +25,7 @@ disclosure.

Usage--redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately.

Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/configuration/tls/index.html b/docs/7.2.x/configuration/tls/index.html index b714c460..519bc0fb 100644 --- a/docs/7.2.x/configuration/tls/index.html +++ b/docs/7.2.x/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -15,7 +15,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

server {
    listen 443 default ssl;
    server_name internal.yourcompany.com;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/cert.key;
    add_header Strict-Transport-Security max-age=2592000;

    location / {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}

The command line to run oauth2-proxy in this configuration would look like this:

./oauth2-proxy \
   --email-domain="yourcompany.com"  \
   --upstream=http://127.0.0.1:8080/ \
   --cookie-secret=... \
   --cookie-secure=true \
   --provider=... \
   --reverse-proxy=true \
   --client-id=... \
   --client-secret=...
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/features/endpoints/index.html b/docs/7.2.x/features/endpoints/index.html index 6e15a411..9f048cc6 100644 --- a/docs/7.2.x/features/endpoints/index.html +++ b/docs/7.2.x/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
Version: 7.2.x

Endpoints

OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

  • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
  • /ping - returns a 200 OK response, which is intended for use with health checks
  • /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
  • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
  • /oauth2/sign_out - this URL is used to clear the session cookie
  • /oauth2/start - a URL that will redirect to start the OAuth cycle
  • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
  • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
  • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive

Sign out

To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

GET /oauth2/sign_out HTTP/1.1
X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
...

(The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.2.x/index.html b/docs/7.2.x/index.html index ab71a1a6..c1e9bc2a 100644 --- a/docs/7.2.x/index.html +++ b/docs/7.2.x/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
Version: 7.2.x

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v7.2.1)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOPATH/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

    d. Using a Kubernetes manifest (Helm)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

$ sha256sum -c sha256sum.txt
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/behaviour/index.html b/docs/7.3.x/behaviour/index.html index 14dbb360..e4f9c1b4 100644 --- a/docs/7.3.x/behaviour/index.html +++ b/docs/7.3.x/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
Version: 7.3.x

Behaviour

  1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
  2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
  3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
  4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful endpoints.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/community/security/index.html b/docs/7.3.x/community/security/index.html index 9f8d04d4..e3232df9 100644 --- a/docs/7.3.x/community/security/index.html +++ b/docs/7.3.x/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/configuration/alpha-config/index.html b/docs/7.3.x/configuration/alpha-config/index.html index 8609e6f3..f2eb9bf6 100644 --- a/docs/7.3.x/configuration/alpha-config/index.html +++ b/docs/7.3.x/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -62,7 +62,7 @@ passed to the /oauth2/start endpoint are checked to determine wheth they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both.

FieldTypeDescription
valuestringA Value rule matches just this specific value
patternstringA Pattern rule gives a regular expression that must be matched by
some substring of the value. The expression is not automatically
anchored to the start and end of the value, if you want to restrict
the whole parameter value you must anchor it yourself with ^ and $.

Upstream

(Appears on: UpstreamConfig)

Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

FieldTypeDescription
idstringID should be a unique identifier for the upstream.
This value is required for all upstreams.
pathstringPath is used to map requests to the upstream server.
The closest match will take precedence and all Paths must be unique.
Path can also take a pattern when used with RewriteTarget.
Path segments can be captured and matched using regular experessions.
Eg:
- ^/foo$: Match only the explicit path /foo
- ^/bar/$: Match any path prefixed with /bar/
- ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget
rewriteTargetstringRewriteTarget allows users to rewrite the request path before it is sent to
the upstream server.
Use the Path to capture segments for reuse within the rewrite target.
Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewrite
the request /baz/abc/123 to /foo/abc/123 before proxying to the
upstream server.
uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
based URL. It may include a path, in which case all requests will be served
under that path.
Eg:
- http://localhost:8080
- https://service.localhost
- https://service.localhost/path
- file://host/path
If the URI's path is "/base" and the incoming request was for "/dir",
the upstream request will be for "/base/dir".
insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
This option is insecure and will allow potential Man-In-The-Middle attacks
betweem OAuth2 Proxy and the usptream server.
Defaults to false.
staticboolStatic will make all requests to this upstream have a static response.
The response will have a body of "Authenticated" and a response code
matching StaticCode.
If StaticCode is not set, the response will return a 200 response.
staticCodeintStaticCode determines the response code for the Static response.
This option can only be used with Static enabled.
flushIntervalDurationFlushInterval is the period between flushing the response buffer when
streaming response from the upstream.
Defaults to 1 second.
passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
to the upstream server.
Defaults to true.
proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
Defaults to true.
timeoutDurationTimeout is the maximum duration the server will wait for a response from the upstream server.
Defaults to 30 seconds.

UpstreamConfig

(Appears on: AlphaOptions)

UpstreamConfig is a collection of definitions for upstream servers.

FieldTypeDescription
proxyRawPathboolProxyRawPath will pass the raw url path to upstream allowing for url's
like: "/%2F/" which would otherwise be redirected to "/"
upstreams[]UpstreamUpstreams represents the configuration for the upstream servers.
Requests will be proxied to this upstream if the path matches the request path.
Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/configuration/oauth_provider/index.html b/docs/7.3.x/configuration/oauth_provider/index.html index 2ddf1eb3..7a948eb9 100644 --- a/docs/7.3.x/configuration/oauth_provider/index.html +++ b/docs/7.3.x/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -49,7 +49,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/configuration/overview/index.html b/docs/7.3.x/configuration/overview/index.html index 7c491af1..fa1b8dfe 100644 --- a/docs/7.3.x/configuration/overview/index.html +++ b/docs/7.3.x/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

{{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

Available variables for request logging:

VariableExampleDescription
Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
Hostdomain.comThe value of the Host header.
ProtocolHTTP/1.0The request protocol.
RequestDuration0.001The time in seconds that a request took to process.
RequestID00010203-0405-4607-8809-0a0b0c0d0e0fThe request ID pulled from the --request-id-header. Random UUID if empty
RequestMethodGETThe request method.
RequestURI"/oauth2/auth"The URI path of the request.
ResponseSize12The size in bytes of the response.
StatusCode200The HTTP status code of the response.
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Upstream-The upstream data of the HTTP request.
UserAgent-The full user agent as reported by the requesting client.
Usernameusername@email.comThe email or username of the auth request.

Standard Log Format

All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

[19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

[{{.Timestamp}}] [{{.File}}] {{.Message}}

Available variables for standard logging:

VariableExampleDescription
Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
Filemain.go:40The file and line number of the logging statement.
MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

Configuring for use with the Nginx auth_request directive

The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

server {
  listen 443 ssl;
  server_name ...;
  include ssl/ssl.conf;

  location /oauth2/ {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
    # or, if you are handling multiple domains:
    # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
  }
  location = /oauth2/auth {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Scheme         $scheme;
    # nginx auth_request includes headers but not body
    proxy_set_header Content-Length   "";
    proxy_pass_request_body           off;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --pass-access-token, this will pass the token to the backend
    auth_request_set $token  $upstream_http_x_auth_request_access_token;
    proxy_set_header X-Access-Token $token;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;

    # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
    # limit and so the OAuth2 Proxy splits these into multiple parts.
    # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
    # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
    auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

    # Extract the Cookie attributes from the first Set-Cookie header and append them
    # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
    if ($auth_cookie ~* "(; .*)") {
        set $auth_cookie_name_0 $auth_cookie;
        set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
    }

    # Send both Set-Cookie headers now if there was a second part
    if ($auth_cookie_name_upstream_1) {
        add_header Set-Cookie $auth_cookie_name_0;
        add_header Set-Cookie $auth_cookie_name_1;
    }

    proxy_pass http://backend/;
    # or "root /path/to/site;" or "fastcgi_pass ..." etc
  }
}

When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
  auth_request_set $name_upstream_1 $upstream_cookie_name_1;

  access_by_lua_block {
    if ngx.var.name_upstream_1 ~= "" then
      ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
    end
  }

It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

Configuring for use with the Traefik (v2) ForwardAuth middleware

This option requires --reverse-proxy option to be set.

ForwardAuth with 401 errors middleware

The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

http:
  routers:
    a-service:
      rule: "Host(`a-service.example.com`)"
      service: a-service-backend
      middlewares:
        - oauth-errors
        - oauth-auth
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth:
      rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
    oauth-errors:
      errors:
        status:
          - "401-403"
        service: oauth-backend
        query: "/oauth2/sign_in"

ForwardAuth with static upstreams configuration

Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

Following options need to be set on oauth2-proxy:

  • --upstream=static://202: Configures a static response for authenticated sessions
  • --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
http:
  routers:
    a-service-route-1:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    a-service-route-2:
      rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
      service: a-service-backend
      middlewares:
        - oauth-auth-wo-redirect # unauthenticated session will return a 401
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    services-oauth2-route:
      rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
    oauth2-proxy-route:
      rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
      middlewares:
        - auth-headers
      service: oauth-backend
      tls:
        certResolver: default
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"

  services:
    a-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.2:7555
    b-service-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.3:7555
    oauth-backend:
      loadBalancer:
        servers:
          - url: http://172.16.0.1:4180

  middlewares:
    auth-headers:
      headers:
        sslRedirect: true
        stsSeconds: 315360000
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        sslHost: example.com
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
    oauth-auth-redirect:
      forwardAuth:
        address: https://oauth.example.com/
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
    oauth-auth-wo-redirect:
      forwardAuth:
        address: https://oauth.example.com/oauth2/auth
        trustForwardHeader: true
        authResponseHeaders:
          - X-Auth-Request-Access-Token
          - Authorization
note

If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/configuration/session_storage/index.html b/docs/7.3.x/configuration/session_storage/index.html index b0638c98..d6e8ffd9 100644 --- a/docs/7.3.x/configuration/session_storage/index.html +++ b/docs/7.3.x/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -25,7 +25,7 @@ disclosure.

Usage--redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately.

Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

Copyright © 2023 OAuth2 Proxy.
- + \ No newline at end of file diff --git a/docs/7.3.x/configuration/tls/index.html b/docs/7.3.x/configuration/tls/index.html index c6b57b09..14978ec2 100644 --- a/docs/7.3.x/configuration/tls/index.html +++ b/docs/7.3.x/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -18,7 +18,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

server {
    listen 443 default ssl;
    server_name internal.yourcompany.com;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/cert.key;
    add_header Strict-Transport-Security max-age=2592000;

    location / {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}

  • The command line to run oauth2-proxy in this configuration would look like this:

    ./oauth2-proxy \
       --email-domain="yourcompany.com"  \
       --upstream=http://127.0.0.1:8080/ \
       --cookie-secret=... \
       --cookie-secure=true \
       --provider=... \
       --reverse-proxy=true \
       --client-id=... \
       --client-secret=...
    • Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.3.x/features/endpoints/index.html b/docs/7.3.x/features/endpoints/index.html index abf8e756..e4eb5e45 100644 --- a/docs/7.3.x/features/endpoints/index.html +++ b/docs/7.3.x/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
    Version: 7.3.x

    Endpoints

    OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

    • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
    • /ping - returns a 200 OK response, which is intended for use with health checks
    • /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
    • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
    • /oauth2/sign_out - this URL is used to clear the session cookie
    • /oauth2/start - a URL that will redirect to start the OAuth cycle
    • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
    • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
    • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive

    Sign out

    To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

    /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

    Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

    GET /oauth2/sign_out HTTP/1.1
    X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
    ...

    (The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

    BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored.

    Auth

    This endpoint returns 202 Accepted response or a 401 Unauthorized response.

    It can be configured using the following query parameters query parameters:

    • allowed_groups: comma separated list of allowed groups
    • allowed_email_domains: comma separated list of allowed email domains
    • allowed_emails: comma separated list of allowed emails
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.3.x/index.html b/docs/7.3.x/index.html index 47293eab..19340e29 100644 --- a/docs/7.3.x/index.html +++ b/docs/7.3.x/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
    Version: 7.3.x

    Installation

    1. Choose how to deploy:

      a. Download Prebuilt Binary (current release is v7.3.0)

      b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOPATH/bin

      c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

      d. Using a Kubernetes manifest (Helm)

    Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

    $ sha256sum -c sha256sum.txt
    oauth2-proxy-x.y.z.linux-amd64: OK
    1. Select a Provider and Register an OAuth Application with a Provider
    2. Configure OAuth2 Proxy using config file, command line options, or environment variables
    3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/behaviour/index.html b/docs/7.4.x/behaviour/index.html index 96166f97..1babd271 100644 --- a/docs/7.4.x/behaviour/index.html +++ b/docs/7.4.x/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
    Version: 7.4.x

    Behaviour

    1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
    2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
    3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
    4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

    Notice that the proxy also provides a number of useful endpoints.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/community/security/index.html b/docs/7.4.x/community/security/index.html index 70483444..87c5f055 100644 --- a/docs/7.4.x/community/security/index.html +++ b/docs/7.4.x/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/configuration/alpha-config/index.html b/docs/7.4.x/configuration/alpha-config/index.html index 28484823..4bd340f9 100644 --- a/docs/7.4.x/configuration/alpha-config/index.html +++ b/docs/7.4.x/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -62,7 +62,7 @@ passed to the /oauth2/start endpoint are checked to determine wheth they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both.

    FieldTypeDescription
    valuestringA Value rule matches just this specific value
    patternstringA Pattern rule gives a regular expression that must be matched by
    some substring of the value. The expression is not automatically
    anchored to the start and end of the value, if you want to restrict
    the whole parameter value you must anchor it yourself with ^ and $.

    Upstream

    (Appears on: UpstreamConfig)

    Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

    FieldTypeDescription
    idstringID should be a unique identifier for the upstream.
    This value is required for all upstreams.
    pathstringPath is used to map requests to the upstream server.
    The closest match will take precedence and all Paths must be unique.
    Path can also take a pattern when used with RewriteTarget.
    Path segments can be captured and matched using regular experessions.
    Eg:
    - ^/foo$: Match only the explicit path /foo
    - ^/bar/$: Match any path prefixed with /bar/
    - ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget
    rewriteTargetstringRewriteTarget allows users to rewrite the request path before it is sent to
    the upstream server.
    Use the Path to capture segments for reuse within the rewrite target.
    Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewrite
    the request /baz/abc/123 to /foo/abc/123 before proxying to the
    upstream server.
    uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
    based URL. It may include a path, in which case all requests will be served
    under that path.
    Eg:
    - http://localhost:8080
    - https://service.localhost
    - https://service.localhost/path
    - file://host/path
    If the URI's path is "/base" and the incoming request was for "/dir",
    the upstream request will be for "/base/dir".
    insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
    This option is insecure and will allow potential Man-In-The-Middle attacks
    betweem OAuth2 Proxy and the usptream server.
    Defaults to false.
    staticboolStatic will make all requests to this upstream have a static response.
    The response will have a body of "Authenticated" and a response code
    matching StaticCode.
    If StaticCode is not set, the response will return a 200 response.
    staticCodeintStaticCode determines the response code for the Static response.
    This option can only be used with Static enabled.
    flushIntervalDurationFlushInterval is the period between flushing the response buffer when
    streaming response from the upstream.
    Defaults to 1 second.
    passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
    to the upstream server.
    Defaults to true.
    proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
    Defaults to true.
    timeoutDurationTimeout is the maximum duration the server will wait for a response from the upstream server.
    Defaults to 30 seconds.

    UpstreamConfig

    (Appears on: AlphaOptions)

    UpstreamConfig is a collection of definitions for upstream servers.

    FieldTypeDescription
    proxyRawPathboolProxyRawPath will pass the raw url path to upstream allowing for url's
    like: "/%2F/" which would otherwise be redirected to "/"
    upstreams[]UpstreamUpstreams represents the configuration for the upstream servers.
    Requests will be proxied to this upstream if the path matches the request path.
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/configuration/oauth_provider/index.html b/docs/7.4.x/configuration/oauth_provider/index.html index 0cd28f87..90ab85f3 100644 --- a/docs/7.4.x/configuration/oauth_provider/index.html +++ b/docs/7.4.x/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -59,7 +59,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/configuration/overview/index.html b/docs/7.4.x/configuration/overview/index.html index 285d5f04..aea18579 100644 --- a/docs/7.4.x/configuration/overview/index.html +++ b/docs/7.4.x/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

    {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

    Available variables for request logging:

    VariableExampleDescription
    Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
    Hostdomain.comThe value of the Host header.
    ProtocolHTTP/1.0The request protocol.
    RequestDuration0.001The time in seconds that a request took to process.
    RequestID00010203-0405-4607-8809-0a0b0c0d0e0fThe request ID pulled from the --request-id-header. Random UUID if empty
    RequestMethodGETThe request method.
    RequestURI"/oauth2/auth"The URI path of the request.
    ResponseSize12The size in bytes of the response.
    StatusCode200The HTTP status code of the response.
    Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
    Upstream-The upstream data of the HTTP request.
    UserAgent-The full user agent as reported by the requesting client.
    Usernameusername@email.comThe email or username of the auth request.

    Standard Log Format

    All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

    [19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

    If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

    [{{.Timestamp}}] [{{.File}}] {{.Message}}

    Available variables for standard logging:

    VariableExampleDescription
    Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
    Filemain.go:40The file and line number of the logging statement.
    MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

    Configuring for use with the Nginx auth_request directive

    The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

    server {
      listen 443 ssl;
      server_name ...;
      include ssl/ssl.conf;

      location /oauth2/ {
        proxy_pass       http://127.0.0.1:4180;
        proxy_set_header Host                    $host;
        proxy_set_header X-Real-IP               $remote_addr;
        proxy_set_header X-Scheme                $scheme;
        proxy_set_header X-Auth-Request-Redirect $request_uri;
        # or, if you are handling multiple domains:
        # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
      }
      location = /oauth2/auth {
        proxy_pass       http://127.0.0.1:4180;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Scheme         $scheme;
        # nginx auth_request includes headers but not body
        proxy_set_header Content-Length   "";
        proxy_pass_request_body           off;
      }

      location / {
        auth_request /oauth2/auth;
        error_page 401 = /oauth2/sign_in;

        # pass information via X-User and X-Email headers to backend,
        # requires running with --set-xauthrequest flag
        auth_request_set $user   $upstream_http_x_auth_request_user;
        auth_request_set $email  $upstream_http_x_auth_request_email;
        proxy_set_header X-User  $user;
        proxy_set_header X-Email $email;

        # if you enabled --pass-access-token, this will pass the token to the backend
        auth_request_set $token  $upstream_http_x_auth_request_access_token;
        proxy_set_header X-Access-Token $token;

        # if you enabled --cookie-refresh, this is needed for it to work with auth_request
        auth_request_set $auth_cookie $upstream_http_set_cookie;
        add_header Set-Cookie $auth_cookie;

        # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
        # limit and so the OAuth2 Proxy splits these into multiple parts.
        # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
        # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
        auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

        # Extract the Cookie attributes from the first Set-Cookie header and append them
        # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
        if ($auth_cookie ~* "(; .*)") {
            set $auth_cookie_name_0 $auth_cookie;
            set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
        }

        # Send both Set-Cookie headers now if there was a second part
        if ($auth_cookie_name_upstream_1) {
            add_header Set-Cookie $auth_cookie_name_0;
            add_header Set-Cookie $auth_cookie_name_1;
        }

        proxy_pass http://backend/;
        # or "root /path/to/site;" or "fastcgi_pass ..." etc
      }
    }

    When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

    nginx.ingress.kubernetes.io/auth-response-headers: Authorization
    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
    nginx.ingress.kubernetes.io/configuration-snippet: |
      auth_request_set $name_upstream_1 $upstream_cookie_name_1;

      access_by_lua_block {
        if ngx.var.name_upstream_1 ~= "" then
          ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
        end
      }

    It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

    You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

    Configuring for use with the Traefik (v2) ForwardAuth middleware

    This option requires --reverse-proxy option to be set.

    ForwardAuth with 401 errors middleware

    The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

    http:
      routers:
        a-service:
          rule: "Host(`a-service.example.com`)"
          service: a-service-backend
          middlewares:
            - oauth-errors
            - oauth-auth
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        oauth:
          rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"

      services:
        a-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.2:7555
        oauth-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.1:4180

      middlewares:
        auth-headers:
          headers:
            sslRedirect: true
            stsSeconds: 315360000
            browserXssFilter: true
            contentTypeNosniff: true
            forceSTSHeader: true
            sslHost: example.com
            stsIncludeSubdomains: true
            stsPreload: true
            frameDeny: true
        oauth-auth:
          forwardAuth:
            address: https://oauth.example.com/oauth2/auth
            trustForwardHeader: true
        oauth-errors:
          errors:
            status:
              - "401-403"
            service: oauth-backend
            query: "/oauth2/sign_in"

    ForwardAuth with static upstreams configuration

    Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

    Following options need to be set on oauth2-proxy:

    • --upstream=static://202: Configures a static response for authenticated sessions
    • --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
    http:
      routers:
        a-service-route-1:
          rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
          service: a-service-backend
          middlewares:
            - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        a-service-route-2:
          rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
          service: a-service-backend
          middlewares:
            - oauth-auth-wo-redirect # unauthenticated session will return a 401
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        services-oauth2-route:
          rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        oauth2-proxy-route:
          rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"

      services:
        a-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.2:7555
        b-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.3:7555
        oauth-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.1:4180

      middlewares:
        auth-headers:
          headers:
            sslRedirect: true
            stsSeconds: 315360000
            browserXssFilter: true
            contentTypeNosniff: true
            forceSTSHeader: true
            sslHost: example.com
            stsIncludeSubdomains: true
            stsPreload: true
            frameDeny: true
        oauth-auth-redirect:
          forwardAuth:
            address: https://oauth.example.com/
            trustForwardHeader: true
            authResponseHeaders:
              - X-Auth-Request-Access-Token
              - Authorization
        oauth-auth-wo-redirect:
          forwardAuth:
            address: https://oauth.example.com/oauth2/auth
            trustForwardHeader: true
            authResponseHeaders:
              - X-Auth-Request-Access-Token
              - Authorization
    note

    If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/configuration/session_storage/index.html b/docs/7.4.x/configuration/session_storage/index.html index e388226a..ae51258a 100644 --- a/docs/7.4.x/configuration/session_storage/index.html +++ b/docs/7.4.x/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -27,7 +27,7 @@ and --redis-sentinel-connection-urls appropriately.

    Redis Clu --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

    Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

    Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/configuration/tls/index.html b/docs/7.4.x/configuration/tls/index.html index e0e71a18..5c70ab4e 100644 --- a/docs/7.4.x/configuration/tls/index.html +++ b/docs/7.4.x/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -19,7 +19,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

    An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

    server {
        listen 443 default ssl;
        server_name internal.yourcompany.com;
        ssl_certificate /path/to/cert.pem;
        ssl_certificate_key /path/to/cert.key;
        add_header Strict-Transport-Security max-age=2592000;

        location / {
            proxy_pass http://127.0.0.1:4180;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_connect_timeout 1;
            proxy_send_timeout 30;
            proxy_read_timeout 30;
        }
    }

  • The command line to run oauth2-proxy in this configuration would look like this:

    ./oauth2-proxy \
       --email-domain="yourcompany.com"  \
       --upstream=http://127.0.0.1:8080/ \
       --cookie-secret=... \
       --cookie-secure=true \
       --provider=... \
       --reverse-proxy=true \
       --client-id=... \
       --client-secret=...
    • Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/features/endpoints/index.html b/docs/7.4.x/features/endpoints/index.html index 23d1c928..32b8f5c3 100644 --- a/docs/7.4.x/features/endpoints/index.html +++ b/docs/7.4.x/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
    Version: 7.4.x

    Endpoints

    OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

    • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
    • /ping - returns a 200 OK response, which is intended for use with health checks
    • /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
    • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
    • /oauth2/sign_out - this URL is used to clear the session cookie
    • /oauth2/start - a URL that will redirect to start the OAuth cycle
    • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
    • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
    • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive

    Sign out

    To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

    /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

    Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

    GET /oauth2/sign_out HTTP/1.1
    X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
    ...

    (The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

    BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g "localhost:8081" instead of "http://localhost:8081").

    Auth

    This endpoint returns 202 Accepted response or a 401 Unauthorized response.

    It can be configured using the following query parameters query parameters:

    • allowed_groups: comma separated list of allowed groups
    • allowed_email_domains: comma separated list of allowed email domains
    • allowed_emails: comma separated list of allowed emails
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/7.4.x/index.html b/docs/7.4.x/index.html index e61c9aa6..900f4cd9 100644 --- a/docs/7.4.x/index.html +++ b/docs/7.4.x/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
    Version: 7.4.x

    Installation

    1. Choose how to deploy:

      a. Download Prebuilt Binary (current release is v7.4.0)

      b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOPATH/bin

      c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

      d. Using a Kubernetes manifest (Helm)

    Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

    $ sha256sum -c sha256sum.txt
    oauth2-proxy-x.y.z.linux-amd64: OK
    1. Select a Provider and Register an OAuth Application with a Provider
    2. Configure OAuth2 Proxy using config file, command line options, or environment variables
    3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/behaviour/index.html b/docs/behaviour/index.html index c9f8fb0f..f23dd03c 100644 --- a/docs/behaviour/index.html +++ b/docs/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
    Version: 7.5.x

    Behaviour

    1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
    2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
    3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
    4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

    Notice that the proxy also provides a number of useful endpoints.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/community/security/index.html b/docs/community/security/index.html index fe193d5e..5fec17a4 100644 --- a/docs/community/security/index.html +++ b/docs/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/configuration/alpha-config/index.html b/docs/configuration/alpha-config/index.html index 4b4ef4dd..651d57cd 100644 --- a/docs/configuration/alpha-config/index.html +++ b/docs/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -62,7 +62,7 @@ passed to the /oauth2/start endpoint are checked to determine wheth they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both.

    FieldTypeDescription
    valuestringA Value rule matches just this specific value
    patternstringA Pattern rule gives a regular expression that must be matched by
    some substring of the value. The expression is not automatically
    anchored to the start and end of the value, if you want to restrict
    the whole parameter value you must anchor it yourself with ^ and $.

    Upstream

    (Appears on: UpstreamConfig)

    Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

    FieldTypeDescription
    idstringID should be a unique identifier for the upstream.
    This value is required for all upstreams.
    pathstringPath is used to map requests to the upstream server.
    The closest match will take precedence and all Paths must be unique.
    Path can also take a pattern when used with RewriteTarget.
    Path segments can be captured and matched using regular experessions.
    Eg:
    - ^/foo$: Match only the explicit path /foo
    - ^/bar/$: Match any path prefixed with /bar/
    - ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget
    rewriteTargetstringRewriteTarget allows users to rewrite the request path before it is sent to
    the upstream server.
    Use the Path to capture segments for reuse within the rewrite target.
    Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewrite
    the request /baz/abc/123 to /foo/abc/123 before proxying to the
    upstream server.
    uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
    based URL. It may include a path, in which case all requests will be served
    under that path.
    Eg:
    - http://localhost:8080
    - https://service.localhost
    - https://service.localhost/path
    - file://host/path
    If the URI's path is "/base" and the incoming request was for "/dir",
    the upstream request will be for "/base/dir".
    insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
    This option is insecure and will allow potential Man-In-The-Middle attacks
    betweem OAuth2 Proxy and the usptream server.
    Defaults to false.
    staticboolStatic will make all requests to this upstream have a static response.
    The response will have a body of "Authenticated" and a response code
    matching StaticCode.
    If StaticCode is not set, the response will return a 200 response.
    staticCodeintStaticCode determines the response code for the Static response.
    This option can only be used with Static enabled.
    flushIntervalDurationFlushInterval is the period between flushing the response buffer when
    streaming response from the upstream.
    Defaults to 1 second.
    passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
    to the upstream server.
    Defaults to true.
    proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
    Defaults to true.
    timeoutDurationTimeout is the maximum duration the server will wait for a response from the upstream server.
    Defaults to 30 seconds.

    UpstreamConfig

    (Appears on: AlphaOptions)

    UpstreamConfig is a collection of definitions for upstream servers.

    FieldTypeDescription
    proxyRawPathboolProxyRawPath will pass the raw url path to upstream allowing for url's
    like: "/%2F/" which would otherwise be redirected to "/"
    upstreams[]UpstreamUpstreams represents the configuration for the upstream servers.
    Requests will be proxied to this upstream if the path matches the request path.
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/configuration/oauth_provider/index.html b/docs/configuration/oauth_provider/index.html index b3ab4ece..36731f5c 100644 --- a/docs/configuration/oauth_provider/index.html +++ b/docs/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -72,7 +72,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/configuration/overview/index.html b/docs/configuration/overview/index.html index ed8fddb5..bb482da0 100644 --- a/docs/configuration/overview/index.html +++ b/docs/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

    {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

    Available variables for request logging:

    VariableExampleDescription
    Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
    Hostdomain.comThe value of the Host header.
    ProtocolHTTP/1.0The request protocol.
    RequestDuration0.001The time in seconds that a request took to process.
    RequestID00010203-0405-4607-8809-0a0b0c0d0e0fThe request ID pulled from the --request-id-header. Random UUID if empty
    RequestMethodGETThe request method.
    RequestURI"/oauth2/auth"The URI path of the request.
    ResponseSize12The size in bytes of the response.
    StatusCode200The HTTP status code of the response.
    Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
    Upstream-The upstream data of the HTTP request.
    UserAgent-The full user agent as reported by the requesting client.
    Usernameusername@email.comThe email or username of the auth request.

    Standard Log Format

    All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

    [19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

    If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

    [{{.Timestamp}}] [{{.File}}] {{.Message}}

    Available variables for standard logging:

    VariableExampleDescription
    Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
    Filemain.go:40The file and line number of the logging statement.
    MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

    Configuring for use with the Nginx auth_request directive

    The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

    server {
      listen 443 ssl;
      server_name ...;
      include ssl/ssl.conf;

      location /oauth2/ {
        proxy_pass       http://127.0.0.1:4180;
        proxy_set_header Host                    $host;
        proxy_set_header X-Real-IP               $remote_addr;
        proxy_set_header X-Scheme                $scheme;
        proxy_set_header X-Auth-Request-Redirect $request_uri;
        # or, if you are handling multiple domains:
        # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
      }
      location = /oauth2/auth {
        proxy_pass       http://127.0.0.1:4180;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Scheme         $scheme;
        # nginx auth_request includes headers but not body
        proxy_set_header Content-Length   "";
        proxy_pass_request_body           off;
      }

      location / {
        auth_request /oauth2/auth;
        error_page 401 = /oauth2/sign_in;

        # pass information via X-User and X-Email headers to backend,
        # requires running with --set-xauthrequest flag
        auth_request_set $user   $upstream_http_x_auth_request_user;
        auth_request_set $email  $upstream_http_x_auth_request_email;
        proxy_set_header X-User  $user;
        proxy_set_header X-Email $email;

        # if you enabled --pass-access-token, this will pass the token to the backend
        auth_request_set $token  $upstream_http_x_auth_request_access_token;
        proxy_set_header X-Access-Token $token;

        # if you enabled --cookie-refresh, this is needed for it to work with auth_request
        auth_request_set $auth_cookie $upstream_http_set_cookie;
        add_header Set-Cookie $auth_cookie;

        # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
        # limit and so the OAuth2 Proxy splits these into multiple parts.
        # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
        # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
        auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

        # Extract the Cookie attributes from the first Set-Cookie header and append them
        # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
        if ($auth_cookie ~* "(; .*)") {
            set $auth_cookie_name_0 $auth_cookie;
            set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
        }

        # Send both Set-Cookie headers now if there was a second part
        if ($auth_cookie_name_upstream_1) {
            add_header Set-Cookie $auth_cookie_name_0;
            add_header Set-Cookie $auth_cookie_name_1;
        }

        proxy_pass http://backend/;
        # or "root /path/to/site;" or "fastcgi_pass ..." etc
      }
    }

    When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

    nginx.ingress.kubernetes.io/auth-response-headers: Authorization
    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
    nginx.ingress.kubernetes.io/configuration-snippet: |
      auth_request_set $name_upstream_1 $upstream_cookie_name_1;

      access_by_lua_block {
        if ngx.var.name_upstream_1 ~= "" then
          ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
        end
      }

    It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

    You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

    Configuring for use with the Traefik (v2) ForwardAuth middleware

    This option requires --reverse-proxy option to be set.

    ForwardAuth with 401 errors middleware

    The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

    http:
      routers:
        a-service:
          rule: "Host(`a-service.example.com`)"
          service: a-service-backend
          middlewares:
            - oauth-errors
            - oauth-auth
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        oauth:
          rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"

      services:
        a-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.2:7555
        oauth-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.1:4180

      middlewares:
        auth-headers:
          headers:
            sslRedirect: true
            stsSeconds: 315360000
            browserXssFilter: true
            contentTypeNosniff: true
            forceSTSHeader: true
            sslHost: example.com
            stsIncludeSubdomains: true
            stsPreload: true
            frameDeny: true
        oauth-auth:
          forwardAuth:
            address: https://oauth.example.com/oauth2/auth
            trustForwardHeader: true
        oauth-errors:
          errors:
            status:
              - "401-403"
            service: oauth-backend
            query: "/oauth2/sign_in"

    ForwardAuth with static upstreams configuration

    Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

    Following options need to be set on oauth2-proxy:

    • --upstream=static://202: Configures a static response for authenticated sessions
    • --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
    http:
      routers:
        a-service-route-1:
          rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
          service: a-service-backend
          middlewares:
            - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        a-service-route-2:
          rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
          service: a-service-backend
          middlewares:
            - oauth-auth-wo-redirect # unauthenticated session will return a 401
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        services-oauth2-route:
          rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        oauth2-proxy-route:
          rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"

      services:
        a-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.2:7555
        b-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.3:7555
        oauth-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.1:4180

      middlewares:
        auth-headers:
          headers:
            sslRedirect: true
            stsSeconds: 315360000
            browserXssFilter: true
            contentTypeNosniff: true
            forceSTSHeader: true
            sslHost: example.com
            stsIncludeSubdomains: true
            stsPreload: true
            frameDeny: true
        oauth-auth-redirect:
          forwardAuth:
            address: https://oauth.example.com/
            trustForwardHeader: true
            authResponseHeaders:
              - X-Auth-Request-Access-Token
              - Authorization
        oauth-auth-wo-redirect:
          forwardAuth:
            address: https://oauth.example.com/oauth2/auth
            trustForwardHeader: true
            authResponseHeaders:
              - X-Auth-Request-Access-Token
              - Authorization
    note

    If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/configuration/session_storage/index.html b/docs/configuration/session_storage/index.html index 78b57f8a..398dfbba 100644 --- a/docs/configuration/session_storage/index.html +++ b/docs/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -20,14 +20,23 @@ back the client for storage, as in the Cookie storage< to the user as the cookie value instead.

    A ticket is composed as the following:

    {CookieName}-{ticketID}.{secret}

    Where:

    • The CookieName is the OAuth2 cookie name (_oauth2_proxy by default)
    • The ticketID is a 128 bit random number, hex-encoded
    • The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session.
    • The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command.

    Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from -disclosure.

    Usage

    When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via +disclosure.

    Additionally the browser only has to send a short Cookie with every request and not the whole JWT, which can get quite big.

    Two settings are used to configure the OAuth2 Proxy cookie lifetime:

    --cookie-refresh duration   refresh the cookie after this duration; 0 to disable
    --cookie-expire duration    expire timeframe for cookie     168h0m0s

    The "cookie-expire" value should be equal to the lifetime of the Refresh-Token that is issued by the OAuth2 authorization server. +If it expires earlier and is deleted by the browser, OAuth2 Proxy cannot find the stored Refresh-Tokens in Redis and thus cannot start +the refresh flow to get new Access-Tokens. If it is longer, it might be that the old Refresh-Token will be found in Redis but has already +expired.

    The "cookie-refresh" value controls when OAuth2 Proxy tries to refresh an Access-Token. If it is set to "0", the +Access-Token will never be refreshed, even it is already expired and there would be a valid Refresh-Token in the +available. If set, OAuth2 Proxy will refresh the Access-Token after this many seconds even if it is still valid. +Of course, it will also be refreshed after it has expired, as long as a Refresh Token is available.

    Caveat: It can happen that the Access-Token is valid for e.g. "1m" and a request happens after exactly "59s". +It would pass OAuth2 Proxy and be forwarded to the backend but is just expired when the backend tries to validate +it. This is especially relevant if the backend uses the JWT to make requests to other backends. +For this reason, it's advised to set the cookie-refresh a couple of seconds less than the Access-Token lifespan.

    Recommended settings:

    • cookie_refresh := Access-Token lifespan - 1m
    • cookie_expire := Refresh-Token lifespan (i.e. Keycloak's client_session_idle)

    Usage

    When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number].

    You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately.

    Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

    Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

    Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/configuration/tls/index.html b/docs/configuration/tls/index.html index 7fb5aedb..2f243b28 100644 --- a/docs/configuration/tls/index.html +++ b/docs/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -19,7 +19,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

    An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

    server {
        listen 443 default ssl;
        server_name internal.yourcompany.com;
        ssl_certificate /path/to/cert.pem;
        ssl_certificate_key /path/to/cert.key;
        add_header Strict-Transport-Security max-age=2592000;

        location / {
            proxy_pass http://127.0.0.1:4180;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_connect_timeout 1;
            proxy_send_timeout 30;
            proxy_read_timeout 30;
        }
    }

  • The command line to run oauth2-proxy in this configuration would look like this:

    ./oauth2-proxy \
       --email-domain="yourcompany.com"  \
       --upstream=http://127.0.0.1:8080/ \
       --cookie-secret=... \
       --cookie-secure=true \
       --provider=... \
       --reverse-proxy=true \
       --client-id=... \
       --client-secret=...
    • Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/features/endpoints/index.html b/docs/features/endpoints/index.html index 4d864bc1..e7e5d96b 100644 --- a/docs/features/endpoints/index.html +++ b/docs/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
    Version: 7.5.x

    Endpoints

    OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

    • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
    • /ping - returns a 200 OK response, which is intended for use with health checks
    • /ready - returns a 200 OK response if all the underlying connections (e.g., Redis store) are connected
    • /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
    • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
    • /oauth2/sign_out - this URL is used to clear the session cookie
    • /oauth2/start - a URL that will redirect to start the OAuth cycle
    • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
    • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
    • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive
    • /oauth2/static/* - stylesheets and other dependencies used in the sign_in and error pages

    Sign out

    To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

    /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

    Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

    GET /oauth2/sign_out HTTP/1.1
    X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
    ...

    (The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

    BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g "localhost:8081" instead of "http://localhost:8081").

    Auth

    This endpoint returns 202 Accepted response or a 401 Unauthorized response.

    It can be configured using the following query parameters query parameters:

    • allowed_groups: comma separated list of allowed groups
    • allowed_email_domains: comma separated list of allowed email domains
    • allowed_emails: comma separated list of allowed emails
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/index.html b/docs/index.html index 9aa689a3..389e404d 100644 --- a/docs/index.html +++ b/docs/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
    -
    Version: 7.5.x

    Installation

    1. Choose how to deploy:

      a. Download Prebuilt Binary (current release is v7.5.0)

      b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin

      c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

      d. Using a Kubernetes manifest (Helm)

    Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

    $ sha256sum -c sha256sum.txt
    oauth2-proxy-x.y.z.linux-amd64: OK
    1. Select a Provider and Register an OAuth Application with a Provider
    2. Configure OAuth2 Proxy using config file, command line options, or environment variables
    3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
    Copyright © 2023 OAuth2 Proxy.
    - +
    Version: 7.5.x

    Installation

    1. Choose how to deploy:

      a. Download Prebuilt Binary (current release is v7.5.0)

      b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin

      c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available)

      d. Using a Kubernetes manifest (Helm)

    Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

    $ sha256sum -c sha256sum.txt
    oauth2-proxy-x.y.z.linux-amd64: OK
    1. Select a Provider and Register an OAuth Application with a Provider
    2. Configure OAuth2 Proxy using config file, command line options, or environment variables
    3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
    Copyright © 2023 OAuth2 Proxy.
    + \ No newline at end of file diff --git a/docs/next/behaviour/index.html b/docs/next/behaviour/index.html index 27eff0d3..60c11028 100644 --- a/docs/next/behaviour/index.html +++ b/docs/next/behaviour/index.html @@ -4,13 +4,13 @@ Behaviour | OAuth2 Proxy - +
    Version: Next

    Behaviour

    1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
    2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
    3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
    4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

    Notice that the proxy also provides a number of useful endpoints.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/community/security/index.html b/docs/next/community/security/index.html index 802fd96f..1fb14663 100644 --- a/docs/next/community/security/index.html +++ b/docs/next/community/security/index.html @@ -4,7 +4,7 @@ Security | OAuth2 Proxy - + @@ -28,7 +28,7 @@ If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/configuration/alpha-config/index.html b/docs/next/configuration/alpha-config/index.html index 9704fce5..67f5bd67 100644 --- a/docs/next/configuration/alpha-config/index.html +++ b/docs/next/configuration/alpha-config/index.html @@ -4,7 +4,7 @@ Alpha Configuration | OAuth2 Proxy - + @@ -62,7 +62,7 @@ passed to the /oauth2/start endpoint are checked to determine wheth they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both.

    FieldTypeDescription
    valuestringA Value rule matches just this specific value
    patternstringA Pattern rule gives a regular expression that must be matched by
    some substring of the value. The expression is not automatically
    anchored to the start and end of the value, if you want to restrict
    the whole parameter value you must anchor it yourself with ^ and $.

    Upstream

    (Appears on: UpstreamConfig)

    Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path.

    FieldTypeDescription
    idstringID should be a unique identifier for the upstream.
    This value is required for all upstreams.
    pathstringPath is used to map requests to the upstream server.
    The closest match will take precedence and all Paths must be unique.
    Path can also take a pattern when used with RewriteTarget.
    Path segments can be captured and matched using regular experessions.
    Eg:
    - ^/foo$: Match only the explicit path /foo
    - ^/bar/$: Match any path prefixed with /bar/
    - ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget
    rewriteTargetstringRewriteTarget allows users to rewrite the request path before it is sent to
    the upstream server.
    Use the Path to capture segments for reuse within the rewrite target.
    Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewrite
    the request /baz/abc/123 to /foo/abc/123 before proxying to the
    upstream server.
    uristringThe URI of the upstream server. This may be an HTTP(S) server of a File
    based URL. It may include a path, in which case all requests will be served
    under that path.
    Eg:
    - http://localhost:8080
    - https://service.localhost
    - https://service.localhost/path
    - file://host/path
    If the URI's path is "/base" and the incoming request was for "/dir",
    the upstream request will be for "/base/dir".
    insecureSkipTLSVerifyboolInsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.
    This option is insecure and will allow potential Man-In-The-Middle attacks
    betweem OAuth2 Proxy and the usptream server.
    Defaults to false.
    staticboolStatic will make all requests to this upstream have a static response.
    The response will have a body of "Authenticated" and a response code
    matching StaticCode.
    If StaticCode is not set, the response will return a 200 response.
    staticCodeintStaticCode determines the response code for the Static response.
    This option can only be used with Static enabled.
    flushIntervalDurationFlushInterval is the period between flushing the response buffer when
    streaming response from the upstream.
    Defaults to 1 second.
    passHostHeaderboolPassHostHeader determines whether the request host header should be proxied
    to the upstream server.
    Defaults to true.
    proxyWebSocketsboolProxyWebSockets enables proxying of websockets to upstream servers
    Defaults to true.
    timeoutDurationTimeout is the maximum duration the server will wait for a response from the upstream server.
    Defaults to 30 seconds.

    UpstreamConfig

    (Appears on: AlphaOptions)

    UpstreamConfig is a collection of definitions for upstream servers.

    FieldTypeDescription
    proxyRawPathboolProxyRawPath will pass the raw url path to upstream allowing for url's
    like: "/%2F/" which would otherwise be redirected to "/"
    upstreams[]UpstreamUpstreams represents the configuration for the upstream servers.
    Requests will be proxied to this upstream if the path matches the request path.
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/configuration/oauth_provider/index.html b/docs/next/configuration/oauth_provider/index.html index f565d8e9..b8053ebc 100644 --- a/docs/next/configuration/oauth_provider/index.html +++ b/docs/next/configuration/oauth_provider/index.html @@ -4,7 +4,7 @@ OAuth Provider Configuration | OAuth2 Proxy - + @@ -72,7 +72,7 @@ to setup the client id and client secret. Your "Redirection URI" will Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/configuration/overview/index.html b/docs/next/configuration/overview/index.html index cd351abe..a8443b58 100644 --- a/docs/next/configuration/overview/index.html +++ b/docs/next/configuration/overview/index.html @@ -4,7 +4,7 @@ Overview | OAuth2 Proxy - + @@ -19,7 +19,7 @@ The default format is configured as follows:

    {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}

    Available variables for request logging:

    VariableExampleDescription
    Client74.125.224.72The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true.
    Hostdomain.comThe value of the Host header.
    ProtocolHTTP/1.0The request protocol.
    RequestDuration0.001The time in seconds that a request took to process.
    RequestID00010203-0405-4607-8809-0a0b0c0d0e0fThe request ID pulled from the --request-id-header. Random UUID if empty
    RequestMethodGETThe request method.
    RequestURI"/oauth2/auth"The URI path of the request.
    ResponseSize12The size in bytes of the response.
    StatusCode200The HTTP status code of the response.
    Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
    Upstream-The upstream data of the HTTP request.
    UserAgent-The full user agent as reported by the requesting client.
    Usernameusername@email.comThe email or username of the auth request.

    Standard Log Format

    All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below:

    [19/Mar/2015:17:20:19 -0400] [main.go:40] <MESSAGE>

    If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows:

    [{{.Timestamp}}] [{{.File}}] {{.Message}}

    Available variables for standard logging:

    VariableExampleDescription
    Timestamp19/Mar/2015:17:20:19 -0400The date and time of the logging event.
    Filemain.go:40The file and line number of the logging statement.
    MessageHTTP: listening on 127.0.0.1:4180The details of the log statement.

    Configuring for use with the Nginx auth_request directive

    The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:

    server {
      listen 443 ssl;
      server_name ...;
      include ssl/ssl.conf;

      location /oauth2/ {
        proxy_pass       http://127.0.0.1:4180;
        proxy_set_header Host                    $host;
        proxy_set_header X-Real-IP               $remote_addr;
        proxy_set_header X-Scheme                $scheme;
        proxy_set_header X-Auth-Request-Redirect $request_uri;
        # or, if you are handling multiple domains:
        # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
      }
      location = /oauth2/auth {
        proxy_pass       http://127.0.0.1:4180;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Scheme         $scheme;
        # nginx auth_request includes headers but not body
        proxy_set_header Content-Length   "";
        proxy_pass_request_body           off;
      }

      location / {
        auth_request /oauth2/auth;
        error_page 401 = /oauth2/sign_in;

        # pass information via X-User and X-Email headers to backend,
        # requires running with --set-xauthrequest flag
        auth_request_set $user   $upstream_http_x_auth_request_user;
        auth_request_set $email  $upstream_http_x_auth_request_email;
        proxy_set_header X-User  $user;
        proxy_set_header X-Email $email;

        # if you enabled --pass-access-token, this will pass the token to the backend
        auth_request_set $token  $upstream_http_x_auth_request_access_token;
        proxy_set_header X-Access-Token $token;

        # if you enabled --cookie-refresh, this is needed for it to work with auth_request
        auth_request_set $auth_cookie $upstream_http_set_cookie;
        add_header Set-Cookie $auth_cookie;

        # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
        # limit and so the OAuth2 Proxy splits these into multiple parts.
        # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
        # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
        auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;

        # Extract the Cookie attributes from the first Set-Cookie header and append them
        # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
        if ($auth_cookie ~* "(; .*)") {
            set $auth_cookie_name_0 $auth_cookie;
            set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
        }

        # Send both Set-Cookie headers now if there was a second part
        if ($auth_cookie_name_upstream_1) {
            add_header Set-Cookie $auth_cookie_name_0;
            add_header Set-Cookie $auth_cookie_name_1;
        }

        proxy_pass http://backend/;
        # or "root /path/to/site;" or "fastcgi_pass ..." etc
      }
    }

    When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module.

    nginx.ingress.kubernetes.io/auth-response-headers: Authorization
    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
    nginx.ingress.kubernetes.io/configuration-snippet: |
      auth_request_set $name_upstream_1 $upstream_cookie_name_1;

      access_by_lua_block {
        if ngx.var.name_upstream_1 ~= "" then
          ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
        end
      }

    It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure).

    You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be "$upstream_cookie__oauth2_proxy_1" instead of "$upstream_cookie_name_1" and the new cookie-name should be "_oauth2_proxy_1=" instead of "name_1=".

    Configuring for use with the Traefik (v2) ForwardAuth middleware

    This option requires --reverse-proxy option to be set.

    ForwardAuth with 401 errors middleware

    The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration:

    http:
      routers:
        a-service:
          rule: "Host(`a-service.example.com`)"
          service: a-service-backend
          middlewares:
            - oauth-errors
            - oauth-auth
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        oauth:
          rule: "Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"

      services:
        a-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.2:7555
        oauth-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.1:4180

      middlewares:
        auth-headers:
          headers:
            sslRedirect: true
            stsSeconds: 315360000
            browserXssFilter: true
            contentTypeNosniff: true
            forceSTSHeader: true
            sslHost: example.com
            stsIncludeSubdomains: true
            stsPreload: true
            frameDeny: true
        oauth-auth:
          forwardAuth:
            address: https://oauth.example.com/oauth2/auth
            trustForwardHeader: true
        oauth-errors:
          errors:
            status:
              - "401-403"
            service: oauth-backend
            query: "/oauth2/sign_in"

    ForwardAuth with static upstreams configuration

    Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint

    Following options need to be set on oauth2-proxy:

    • --upstream=static://202: Configures a static response for authenticated sessions
    • --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly
    http:
      routers:
        a-service-route-1:
          rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)"
          service: a-service-backend
          middlewares:
            - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        a-service-route-2:
          rule: "Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)"
          service: a-service-backend
          middlewares:
            - oauth-auth-wo-redirect # unauthenticated session will return a 401
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        services-oauth2-route:
          rule: "Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"
        oauth2-proxy-route:
          rule: "Host(`oauth.example.com`) && PathPrefix(`/`)"
          middlewares:
            - auth-headers
          service: oauth-backend
          tls:
            certResolver: default
            domains:
              - main: "example.com"
                sans:
                  - "*.example.com"

      services:
        a-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.2:7555
        b-service-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.3:7555
        oauth-backend:
          loadBalancer:
            servers:
              - url: http://172.16.0.1:4180

      middlewares:
        auth-headers:
          headers:
            sslRedirect: true
            stsSeconds: 315360000
            browserXssFilter: true
            contentTypeNosniff: true
            forceSTSHeader: true
            sslHost: example.com
            stsIncludeSubdomains: true
            stsPreload: true
            frameDeny: true
        oauth-auth-redirect:
          forwardAuth:
            address: https://oauth.example.com/
            trustForwardHeader: true
            authResponseHeaders:
              - X-Auth-Request-Access-Token
              - Authorization
        oauth-auth-wo-redirect:
          forwardAuth:
            address: https://oauth.example.com/oauth2/auth
            trustForwardHeader: true
            authResponseHeaders:
              - X-Auth-Request-Access-Token
              - Authorization
    note

    If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/configuration/session_storage/index.html b/docs/next/configuration/session_storage/index.html index 522c1d54..749d9f79 100644 --- a/docs/next/configuration/session_storage/index.html +++ b/docs/next/configuration/session_storage/index.html @@ -4,7 +4,7 @@ Session Storage | OAuth2 Proxy - + @@ -36,7 +36,7 @@ and --redis-sentinel-connection-urls appropriately.

    Redis Clu --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately.

    Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive.

    Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/configuration/tls/index.html b/docs/next/configuration/tls/index.html index c62e03da..6644f4a1 100644 --- a/docs/next/configuration/tls/index.html +++ b/docs/next/configuration/tls/index.html @@ -4,7 +4,7 @@ TLS Configuration | OAuth2 Proxy - + @@ -19,7 +19,7 @@ external load balancer like Amazon ELB or Google Platform Load Balancing) use oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/.

    An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS:

    server {
        listen 443 default ssl;
        server_name internal.yourcompany.com;
        ssl_certificate /path/to/cert.pem;
        ssl_certificate_key /path/to/cert.key;
        add_header Strict-Transport-Security max-age=2592000;

        location / {
            proxy_pass http://127.0.0.1:4180;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_connect_timeout 1;
            proxy_send_timeout 30;
            proxy_read_timeout 30;
        }
    }

  • The command line to run oauth2-proxy in this configuration would look like this:

    ./oauth2-proxy \
       --email-domain="yourcompany.com"  \
       --upstream=http://127.0.0.1:8080/ \
       --cookie-secret=... \
       --cookie-secure=true \
       --provider=... \
       --reverse-proxy=true \
       --client-id=... \
       --client-secret=...
    • Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/features/endpoints/index.html b/docs/next/features/endpoints/index.html index cc44b3dc..2be495c4 100644 --- a/docs/next/features/endpoints/index.html +++ b/docs/next/features/endpoints/index.html @@ -4,13 +4,13 @@ Endpoints | OAuth2 Proxy - +
    Version: Next

    Endpoints

    OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable.

    • /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info
    • /ping - returns a 200 OK response, which is intended for use with health checks
    • /ready - returns a 200 OK response if all the underlying connections (e.g., Redis store) are connected
    • /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default
    • /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)
    • /oauth2/sign_out - this URL is used to clear the session cookie
    • /oauth2/start - a URL that will redirect to start the OAuth cycle
    • /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.
    • /oauth2/userinfo - the URL is used to return user's email from the session in JSON format.
    • /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive
    • /oauth2/static/* - stylesheets and other dependencies used in the sign_in and error pages

    Sign out

    To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!):

    /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

    Alternatively, include the redirect URL in the X-Auth-Request-Redirect header:

    GET /oauth2/sign_out HTTP/1.1
    X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page
    ...

    (The "sign_out_page" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.)

    BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g "localhost:8081" instead of "http://localhost:8081").

    Auth

    This endpoint returns 202 Accepted response or a 401 Unauthorized response.

    It can be configured using the following query parameters query parameters:

    • allowed_groups: comma separated list of allowed groups
    • allowed_email_domains: comma separated list of allowed email domains
    • allowed_emails: comma separated list of allowed emails
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/index.html b/docs/next/index.html index 5f08c1dd..5b804990 100644 --- a/docs/next/index.html +++ b/docs/next/index.html @@ -4,13 +4,13 @@ Installation | OAuth2 Proxy - +
    Version: Next

    Installation

    1. Choose how to deploy:

      a. Download Prebuilt Binary (current release is v7.5.0)

      b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin

      c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available)

      d. Using a Kubernetes manifest (Helm)

    Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

    $ sha256sum -c sha256sum.txt
    oauth2-proxy-x.y.z.linux-amd64: OK
    1. Select a Provider and Register an OAuth Application with a Provider
    2. Configure OAuth2 Proxy using config file, command line options, or environment variables
    3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/docs/next/search-index.json b/docs/next/search-index.json index a41c55b7..b2a1949a 100644 --- a/docs/next/search-index.json +++ b/docs/next/search-index.json @@ -1 +1 @@ -[{"documents":[{"i":1,"t":"Installation","u":"/oauth2-proxy/docs/next/","b":["Docs"]},{"i":3,"t":"Behaviour","u":"/oauth2-proxy/docs/next/behaviour","b":["Docs"]},{"i":5,"t":"Security","u":"/oauth2-proxy/docs/next/community/security","b":["Docs","Community"]},{"i":11,"t":"Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","b":["Docs","Configuration"]},{"i":70,"t":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","b":["Docs","Configuration"]},{"i":108,"t":"Overview","u":"/oauth2-proxy/docs/next/configuration/overview","b":["Docs","Configuration"]},{"i":136,"t":"Session Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","b":["Docs","Configuration"]},{"i":142,"t":"TLS Configuration","u":"/oauth2-proxy/docs/next/configuration/tls","b":["Docs","Configuration"]},{"i":148,"t":"Endpoints","u":"/oauth2-proxy/docs/next/features/endpoints","b":["Docs","Features"]}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/1",[0,2.222]],["t/3",[1,2.222]],["t/5",[2,2.222]],["t/11",[3,1.699,4,0.94]],["t/70",[4,0.761,5,1.375,6,1.375]],["t/108",[7,2.222]],["t/136",[8,1.699,9,1.699]],["t/142",[4,0.94,10,1.699]],["t/148",[11,2.222]]],"invertedIndex":[["alpha",{"_index":3,"t":{"11":{"position":[[0,5]]}}}],["behaviour",{"_index":1,"t":{"3":{"position":[[0,9]]}}}],["configur",{"_index":4,"t":{"11":{"position":[[6,13]]},"70":{"position":[[15,13]]},"142":{"position":[[4,13]]}}}],["endpoint",{"_index":11,"t":{"148":{"position":[[0,9]]}}}],["instal",{"_index":0,"t":{"1":{"position":[[0,12]]}}}],["oauth",{"_index":5,"t":{"70":{"position":[[0,5]]}}}],["overview",{"_index":7,"t":{"108":{"position":[[0,8]]}}}],["provid",{"_index":6,"t":{"70":{"position":[[6,8]]}}}],["secur",{"_index":2,"t":{"5":{"position":[[0,8]]}}}],["session",{"_index":8,"t":{"136":{"position":[[0,7]]}}}],["storag",{"_index":9,"t":{"136":{"position":[[8,7]]}}}],["tl",{"_index":10,"t":{"142":{"position":[[0,3]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":7,"t":"Security Disclosures","u":"/oauth2-proxy/docs/next/community/security","h":"#security-disclosures","p":5},{"i":9,"t":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/next/community/security","h":"#how-will-we-respond-to-disclosures","p":5},{"i":13,"t":"Using Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#using-alpha-configuration","p":11},{"i":15,"t":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":11},{"i":17,"t":"Removed options","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#removed-options","p":11},{"i":19,"t":"Configuration Reference","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#configuration-reference","p":11},{"i":20,"t":"ADFSOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#adfsoptions","p":11},{"i":22,"t":"AlphaOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#alphaoptions","p":11},{"i":24,"t":"AzureOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#azureoptions","p":11},{"i":26,"t":"BitbucketOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#bitbucketoptions","p":11},{"i":28,"t":"ClaimSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#claimsource","p":11},{"i":30,"t":"Duration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#duration","p":11},{"i":32,"t":"GitHubOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#githuboptions","p":11},{"i":34,"t":"GitLabOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#gitlaboptions","p":11},{"i":36,"t":"GoogleOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#googleoptions","p":11},{"i":38,"t":"Header","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#header","p":11},{"i":40,"t":"HeaderValue","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#headervalue","p":11},{"i":42,"t":"KeycloakOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#keycloakoptions","p":11},{"i":44,"t":"LoginGovOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#logingovoptions","p":11},{"i":46,"t":"LoginURLParameter","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#loginurlparameter","p":11},{"i":48,"t":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"","p":11},{"i":50,"t":"OIDCOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#oidcoptions","p":11},{"i":52,"t":"Provider","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#provider","p":11},{"i":54,"t":"ProviderType","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providertype","p":11},{"i":56,"t":"Providers","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providers","p":11},{"i":58,"t":"SecretSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#secretsource","p":11},{"i":60,"t":"Server","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#server","p":11},{"i":62,"t":"TLS","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#tls","p":11},{"i":64,"t":"URLParameterRule","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#urlparameterrule","p":11},{"i":66,"t":"Upstream","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstream","p":11},{"i":68,"t":"UpstreamConfig","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstreamconfig","p":11},{"i":72,"t":"Google Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#google-auth-provider","p":70},{"i":74,"t":"Azure Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#azure-auth-provider","p":70},{"i":76,"t":"ADFS Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adfs-auth-provider","p":70},{"i":78,"t":"Facebook Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#facebook-auth-provider","p":70},{"i":80,"t":"GitHub Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#github-auth-provider","p":70},{"i":82,"t":"Gitea Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitea-auth-provider","p":70},{"i":84,"t":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-auth-provider","p":70},{"i":86,"t":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":70},{"i":88,"t":"GitLab Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitlab-auth-provider","p":70},{"i":90,"t":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#linkedin-auth-provider","p":70},{"i":92,"t":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":70},{"i":94,"t":"OpenID Connect Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#openid-connect-provider","p":70},{"i":96,"t":"login.gov Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#logingov-provider","p":70},{"i":98,"t":"Nextcloud Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#nextcloud-provider","p":70},{"i":100,"t":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":70},{"i":102,"t":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":70},{"i":104,"t":"Email Authentication","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#email-authentication","p":70},{"i":106,"t":"Adding a new Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adding-a-new-provider","p":70},{"i":110,"t":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#generating-a-cookie-secret","p":108},{"i":112,"t":"Config File","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#config-file","p":108},{"i":114,"t":"Command Line Options","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#command-line-options","p":108},{"i":116,"t":"Upstreams Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#upstreams-configuration","p":108},{"i":118,"t":"Environment variables","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#environment-variables","p":108},{"i":120,"t":"Logging Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#logging-configuration","p":108},{"i":122,"t":"Auth Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#auth-log-format","p":108},{"i":124,"t":"Request Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#request-log-format","p":108},{"i":126,"t":"Standard Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#standard-log-format","p":108},{"i":128,"t":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":108},{"i":130,"t":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":108},{"i":132,"t":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":108},{"i":134,"t":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":108},{"i":138,"t":"Cookie Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#cookie-storage","p":136},{"i":140,"t":"Redis Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#redis-storage","p":136},{"i":144,"t":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":142},{"i":146,"t":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":142},{"i":150,"t":"Sign out","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#sign-out","p":148},{"i":152,"t":"Auth","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#auth","p":148}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/7",[0,4.031,1,3.493]],["t/9",[1,3.493,2,4.031]],["t/13",[3,2.64,4,3.39,5,1.854]],["t/15",[5,1.6,6,2.925,7,2.535,8,2.925]],["t/17",[9,4.031,10,3.493]],["t/19",[5,2.205,11,4.031]],["t/20",[12,4.97]],["t/22",[13,4.97]],["t/24",[14,4.97]],["t/26",[15,4.97]],["t/28",[16,4.97]],["t/30",[17,4.97]],["t/32",[18,4.97]],["t/34",[19,4.97]],["t/36",[20,4.97]],["t/38",[21,4.97]],["t/40",[22,4.97]],["t/42",[23,4.97]],["t/44",[24,4.97]],["t/46",[25,4.97]],["t/48",[26,2.925,27,2.925,28,2.925,29,2.925]],["t/50",[30,4.97]],["t/52",[31,1.64]],["t/54",[32,4.97]],["t/56",[31,1.64]],["t/58",[33,4.97]],["t/60",[34,4.97]],["t/62",[35,3.87]],["t/64",[36,4.97]],["t/66",[37,3.87]],["t/68",[38,4.97]],["t/72",[31,1.119,39,3.39,40,1.381]],["t/74",[31,1.119,40,1.381,41,2.938]],["t/76",[31,1.119,40,1.381,42,3.39]],["t/78",[31,1.119,40,1.381,43,3.39]],["t/80",[31,1.119,40,1.381,44,3.39]],["t/82",[31,1.119,40,1.381,45,3.39]],["t/84",[31,1.119,40,1.381,46,2.938]],["t/86",[31,0.966,40,1.192,46,2.535,47,2.925]],["t/88",[31,1.119,40,1.381,48,3.39]],["t/90",[31,1.119,40,1.381,49,3.39]],["t/92",[31,0.966,41,2.535,50,2.925,51,2.535]],["t/94",[31,1.119,52,3.39,53,3.39]],["t/96",[31,1.33,54,4.031]],["t/98",[31,1.33,55,4.031]],["t/100",[31,1.119,40,1.381,56,3.39]],["t/102",[31,1.119,40,1.381,57,3.39]],["t/104",[58,4.031,59,4.031]],["t/106",[7,2.938,31,1.119,51,2.938]],["t/110",[60,3.39,61,2.938,62,3.39]],["t/112",[63,4.031,64,4.031]],["t/114",[10,2.938,65,3.39,66,3.39]],["t/116",[5,2.205,37,3.139]],["t/118",[67,4.031,68,4.031]],["t/120",[5,2.205,69,2.874]],["t/122",[40,1.381,69,2.417,70,2.64]],["t/124",[69,2.417,70,2.64,71,3.39]],["t/126",[69,2.417,70,2.64,72,3.39]],["t/128",[3,2.003,5,1.407,73,2.229,74,2.573,75,2.573]],["t/130",[3,1.788,5,1.256,76,2.296,77,2.296,78,1.788,79,1.989]],["t/132",[78,2.278,79,2.535,80,2.925,81,2.925]],["t/134",[5,1.6,37,2.278,78,2.278,82,2.925]],["t/138",[61,3.493,83,3.493]],["t/140",[83,3.493,84,4.031]],["t/144",[35,2.278,85,2.535,86,2.925,87,2.535]],["t/146",[35,1.788,73,1.989,85,1.989,87,1.989,88,2.296,89,2.296]],["t/150",[90,4.031,91,4.031]],["t/152",[40,2.025]]],"invertedIndex":[["401",{"_index":80,"t":{"132":{"position":[[17,3]]}}}],["ad",{"_index":51,"t":{"92":{"position":[[16,2]]},"106":{"position":[[0,6]]}}}],["adf",{"_index":42,"t":{"76":{"position":[[0,4]]}}}],["adfsopt",{"_index":12,"t":{"20":{"position":[[0,11]]}}}],["alpha",{"_index":4,"t":{"13":{"position":[[6,5]]}}}],["alphaopt",{"_index":13,"t":{"22":{"position":[[0,12]]}}}],["auth",{"_index":40,"t":{"72":{"position":[[7,4]]},"74":{"position":[[6,4]]},"76":{"position":[[5,4]]},"78":{"position":[[9,4]]},"80":{"position":[[7,4]]},"82":{"position":[[6,4]]},"84":{"position":[[9,4]]},"86":{"position":[[14,4]]},"88":{"position":[[7,4]]},"90":{"position":[[9,4]]},"100":{"position":[[13,4]]},"102":{"position":[[10,4]]},"122":{"position":[[0,4]]},"152":{"position":[[0,4]]}}}],["auth_request",{"_index":74,"t":{"128":{"position":[[35,12]]}}}],["authent",{"_index":59,"t":{"104":{"position":[[6,14]]}}}],["azur",{"_index":41,"t":{"74":{"position":[[0,5]]},"92":{"position":[[10,5]]}}}],["azureopt",{"_index":14,"t":{"24":{"position":[[0,12]]}}}],["bitbucket",{"_index":57,"t":{"102":{"position":[[0,9]]}}}],["bitbucketopt",{"_index":15,"t":{"26":{"position":[[0,16]]}}}],["claimsourc",{"_index":16,"t":{"28":{"position":[[0,11]]}}}],["command",{"_index":65,"t":{"114":{"position":[[0,7]]}}}],["config",{"_index":63,"t":{"112":{"position":[[0,6]]}}}],["configur",{"_index":5,"t":{"13":{"position":[[12,13]]},"15":{"position":[[11,13]]},"19":{"position":[[0,13]]},"116":{"position":[[10,13]]},"120":{"position":[[8,13]]},"128":{"position":[[0,11]]},"130":{"position":[[0,11]]},"134":{"position":[[34,13]]}}}],["connect",{"_index":53,"t":{"94":{"position":[[7,7]]}}}],["convert",{"_index":6,"t":{"15":{"position":[[0,10]]}}}],["cooki",{"_index":61,"t":{"110":{"position":[[13,6]]},"138":{"position":[[0,6]]}}}],["digitalocean",{"_index":56,"t":{"100":{"position":[[0,12]]}}}],["direct",{"_index":75,"t":{"128":{"position":[[48,9]]}}}],["disclosur",{"_index":1,"t":{"7":{"position":[[9,11]]},"9":{"position":[[23,12]]}}}],["durat",{"_index":17,"t":{"30":{"position":[[0,8]]}}}],["e.g",{"_index":89,"t":{"146":{"position":[[32,4]]}}}],["email",{"_index":58,"t":{"104":{"position":[[0,5]]}}}],["environ",{"_index":67,"t":{"118":{"position":[[0,11]]}}}],["error",{"_index":81,"t":{"132":{"position":[[21,6]]}}}],["facebook",{"_index":43,"t":{"78":{"position":[[0,8]]}}}],["file",{"_index":64,"t":{"112":{"position":[[7,4]]}}}],["fix",{"_index":29,"t":{"48":{"position":[[27,5]]}}}],["format",{"_index":70,"t":{"122":{"position":[[9,6]]},"124":{"position":[[12,6]]},"126":{"position":[[13,6]]}}}],["forwardauth",{"_index":78,"t":{"130":{"position":[[42,11]]},"132":{"position":[[0,11]]},"134":{"position":[[0,11]]}}}],["gener",{"_index":60,"t":{"110":{"position":[[0,10]]}}}],["gitea",{"_index":45,"t":{"82":{"position":[[0,5]]}}}],["github",{"_index":44,"t":{"80":{"position":[[0,6]]}}}],["githubopt",{"_index":18,"t":{"32":{"position":[[0,13]]}}}],["gitlab",{"_index":48,"t":{"88":{"position":[[0,6]]}}}],["gitlabopt",{"_index":19,"t":{"34":{"position":[[0,13]]}}}],["googl",{"_index":39,"t":{"72":{"position":[[0,6]]}}}],["googleopt",{"_index":20,"t":{"36":{"position":[[0,13]]}}}],["header",{"_index":21,"t":{"38":{"position":[[0,6]]}}}],["headervalu",{"_index":22,"t":{"40":{"position":[[0,11]]}}}],["keycloak",{"_index":46,"t":{"84":{"position":[[0,8]]},"86":{"position":[[0,8]]}}}],["keycloakopt",{"_index":23,"t":{"42":{"position":[[0,15]]}}}],["line",{"_index":66,"t":{"114":{"position":[[8,4]]}}}],["linkedin",{"_index":49,"t":{"90":{"position":[[0,8]]}}}],["log",{"_index":69,"t":{"120":{"position":[[0,7]]},"122":{"position":[[5,3]]},"124":{"position":[[8,3]]},"126":{"position":[[9,3]]}}}],["login.gov",{"_index":54,"t":{"96":{"position":[[0,9]]}}}],["logingovopt",{"_index":24,"t":{"44":{"position":[[0,15]]}}}],["loginurlparamet",{"_index":25,"t":{"46":{"position":[[0,17]]}}}],["microsoft",{"_index":50,"t":{"92":{"position":[[0,9]]}}}],["middlewar",{"_index":79,"t":{"130":{"position":[[54,10]]},"132":{"position":[[28,10]]}}}],["new",{"_index":7,"t":{"15":{"position":[[32,3]]},"106":{"position":[[9,3]]}}}],["nextcloud",{"_index":55,"t":{"98":{"position":[[0,9]]}}}],["nginx",{"_index":73,"t":{"128":{"position":[[29,5]]},"146":{"position":[[37,5]]}}}],["oauth2",{"_index":86,"t":{"144":{"position":[[17,6]]}}}],["oidc",{"_index":47,"t":{"86":{"position":[[9,4]]}}}],["oidcopt",{"_index":30,"t":{"50":{"position":[[0,11]]}}}],["openid",{"_index":52,"t":{"94":{"position":[[0,6]]}}}],["option",{"_index":10,"t":{"17":{"position":[[8,7]]},"114":{"position":[[13,7]]}}}],["out",{"_index":91,"t":{"150":{"position":[[5,3]]}}}],["paramet",{"_index":26,"t":{"48":{"position":[[2,9]]}}}],["provid",{"_index":31,"t":{"52":{"position":[[0,8]]},"56":{"position":[[0,9]]},"72":{"position":[[12,8]]},"74":{"position":[[11,8]]},"76":{"position":[[10,8]]},"78":{"position":[[14,8]]},"80":{"position":[[12,8]]},"82":{"position":[[11,8]]},"84":{"position":[[14,8]]},"86":{"position":[[19,8]]},"88":{"position":[[12,8]]},"90":{"position":[[14,8]]},"92":{"position":[[19,8]]},"94":{"position":[[15,8]]},"96":{"position":[[10,8]]},"98":{"position":[[10,8]]},"100":{"position":[[18,8]]},"102":{"position":[[15,8]]},"106":{"position":[[13,8]]}}}],["providertyp",{"_index":32,"t":{"54":{"position":[[0,12]]}}}],["proxi",{"_index":87,"t":{"144":{"position":[[24,5]]},"146":{"position":[[25,6]]}}}],["redi",{"_index":84,"t":{"140":{"position":[[0,5]]}}}],["refer",{"_index":11,"t":{"19":{"position":[[14,9]]}}}],["remov",{"_index":9,"t":{"17":{"position":[[0,7]]}}}],["request",{"_index":71,"t":{"124":{"position":[[0,7]]}}}],["respond",{"_index":2,"t":{"9":{"position":[[12,7]]}}}],["revers",{"_index":88,"t":{"146":{"position":[[17,7]]}}}],["secret",{"_index":62,"t":{"110":{"position":[[20,6]]}}}],["secretsourc",{"_index":33,"t":{"58":{"position":[[0,12]]}}}],["secur",{"_index":0,"t":{"7":{"position":[[0,8]]}}}],["server",{"_index":34,"t":{"60":{"position":[[0,6]]}}}],["sign",{"_index":90,"t":{"150":{"position":[[0,4]]}}}],["standard",{"_index":72,"t":{"126":{"position":[[0,8]]}}}],["static",{"_index":82,"t":{"134":{"position":[[17,6]]}}}],["storag",{"_index":83,"t":{"138":{"position":[[7,7]]},"140":{"position":[[6,7]]}}}],["structur",{"_index":8,"t":{"15":{"position":[[36,9]]}}}],["termin",{"_index":85,"t":{"144":{"position":[[0,9]]},"146":{"position":[[0,9]]}}}],["tl",{"_index":35,"t":{"62":{"position":[[0,3]]},"144":{"position":[[10,3]]},"146":{"position":[[10,3]]}}}],["traefik",{"_index":76,"t":{"130":{"position":[[29,7]]}}}],["upstream",{"_index":37,"t":{"66":{"position":[[0,8]]},"116":{"position":[[0,9]]},"134":{"position":[[24,9]]}}}],["upstreamconfig",{"_index":38,"t":{"68":{"position":[[0,14]]}}}],["urlparameterrul",{"_index":36,"t":{"64":{"position":[[0,16]]}}}],["us",{"_index":3,"t":{"13":{"position":[[0,5]]},"128":{"position":[[16,3]]},"130":{"position":[[16,3]]}}}],["v2",{"_index":77,"t":{"130":{"position":[[37,4]]}}}],["valu",{"_index":28,"t":{"48":{"position":[[18,5]]}}}],["variabl",{"_index":68,"t":{"118":{"position":[[12,9]]}}}],["whose",{"_index":27,"t":{"48":{"position":[[12,5]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":2,"t":"Choose how to deploy: a. Download Prebuilt Binary (current release is v7.5.0) b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available) d. Using a Kubernetes manifest (Helm) Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. $ sha256sum -c sha256sum.txtoauth2-proxy-x.y.z.linux-amd64: OK Select a Provider and Register an OAuth Application with a Provider Configure OAuth2 Proxy using config file, command line options, or environment variables Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)","s":"Installation","u":"/oauth2-proxy/docs/next/","h":"","p":1},{"i":4,"t":"Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens). If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned) After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) Notice that the proxy also provides a number of useful endpoints.","s":"Behaviour","u":"/oauth2-proxy/docs/next/behaviour","h":"","p":3},{"i":6,"t":"note OAuth2 Proxy is a community project. Maintainers do not work on this project full time, and as such, while we endeavour to respond to disclosures as quickly as possible, this may take longer than in projects with corporate sponsorship.","s":"Security","u":"/oauth2-proxy/docs/next/community/security","h":"","p":5},{"i":8,"t":"info If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly. Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintenance team for OAuth2 Proxy, please compose an email and send it to the list of maintainers in our MAINTAINERS file. Please include as much detail as possible. Ideally, your disclosure should include: A reproducible case that can be used to demonstrate the exploit How you discovered this vulnerability A potential fix for the issue (if you have thought of one) Versions affected (if not present in master) Your GitHub ID","s":"Security Disclosures","u":"/oauth2-proxy/docs/next/community/security","h":"#security-disclosures","p":5},{"i":10,"t":"We use GitHub Security Advisories to privately discuss fixes for disclosed vulnerabilities. If you include a GitHub ID with your disclosure we will add you as a collaborator for the advisory so that you can join the discussion and validate any fixes we may propose. For minor issues and previously disclosed vulnerabilities (typically for dependencies), we may use regular PRs for fixes and forego the security advisory. Once a fix has been agreed upon, we will merge the fix and create a new release. If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.","s":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/next/community/security","h":"#how-will-we-respond-to-disclosures","p":5},{"i":12,"t":"danger This page contains documentation for alpha features. We reserve the right to make breaking changes to the features detailed within this page with no notice. Options described in this page may be changed, removed, renamed or moved without prior warning. Please beware of this before you use alpha configuration options. This page details a set of alpha configuration options in a new format. Going forward we are intending to add structured configuration in YAML format to replace the existing TOML based configuration file and flags. Below is a reference for the structure of the configuration, with AlphaOptions as the root of the configuration. When using alpha configuration, your config file will look something like below: upstreams: - id: ... ...injectRequestHeaders: - name: ... ...injectResponseHeaders: - name: ... ... Please browse the reference below for the structure of the new configuration format.","s":"Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"","p":11},{"i":14,"t":"To use the new alpha configuration, generate a YAML file based on the format described in the reference below. Provide the path to this file using the --alpha-config flag. note When using the --alpha-config flag, some options are no longer available. See removed options below for more information.","s":"Using Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#using-alpha-configuration","p":11},{"i":16,"t":"Before adding the new --alpha-config option, start OAuth2 Proxy using the convert-config-to-alpha flag to convert existing configuration to the new format. oauth2-proxy --convert-config-to-alpha --config ./path/to/existing/config.cfg This will convert any options supported by the new format to YAML and print the new configuration to STDOUT. Copy this to a new file, remove any options from your existing configuration noted in removed options and then start OAuth2 Proxy using the new config. oauth2-proxy --alpha-config ./path/to/new/config.yaml --config ./path/to/existing/config.cfg","s":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":11},{"i":18,"t":"The following flags/options and their respective environment variables are no longer available when using alpha configuration: flush-interval/flush_interval pass-host-header/pass_host_header proxy-websockets/proxy_websockets ssl-upstream-insecure-skip-verify/ssl_upstream_insecure_skip_verify upstream/upstreams pass-basic-auth/pass_basic_auth pass-access-token/pass_access_token pass-user-headers/pass_user_headers pass-authorization-header/pass_authorization_header set-basic-auth/set_basic_auth set-xauthrequest/set_xauthrequest set-authorization-header/set_authorization_header prefer-email-to-user/prefer_email_to_user basic-auth-password/basic_auth_password skip-auth-strip-headers/skip_auth_strip_headers client-id/client_id client-secret/client_secret, and client-secret-file/client_secret_file provider provider-display-name/provider_display_name provider-ca-file/provider_ca_files login-url/login_url redeem-url/redeem_url profile-url/profile_url resource validate-url/validate_url scope prompt approval-prompt/approval_prompt acr-values/acr_values user-id-claim/user_id_claim allowed-group/allowed_groups allowed-role/allowed_roles jwt-key/jwt_key jwt-key-file/jwt_key_file pubjwk-url/pubjwk_url and all provider-specific options, i.e. any option whose name includes oidc, azure, bitbucket, github, gitlab, google or keycloak. Attempting to use any of these options via flags or via config when --alpha-config is set will result in an error. info You must remove these options before starting OAuth2 Proxy with --alpha-config","s":"Removed options","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#removed-options","p":11},{"i":21,"t":"(Appears on: Provider) Field Type Description skipScope bool Skip adding the scope parameter in login requestDefault value is 'false'","s":"ADFSOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#adfsoptions","p":11},{"i":23,"t":"AlphaOptions contains alpha structured configuration options. Usage of these options allows users to access alpha features that are not available as part of the primary configuration structure for OAuth2 Proxy. danger The options within this structure are considered alpha. They may change between releases without notice. Field Type Description upstreamConfig UpstreamConfig UpstreamConfig is used to configure upstream servers.Once a user is authenticated, requests to the server will be proxied tothese upstream servers based on the path mappings defined in this list. injectRequestHeaders []Header InjectRequestHeaders is used to configure headers that should be addedto requests to upstream servers.Headers may source values from either the authenticated user's sessionor from a static secret value. injectResponseHeaders []Header InjectResponseHeaders is used to configure headers that should be addedto responses from the proxy.This is typically used when using the proxy as an external authenticationprovider in conjunction with another proxy such as NGINX and itsauth_request module.Headers may source values from either the authenticated user's sessionor from a static secret value. server Server Server is used to configure the HTTP(S) server for the proxy application.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. metricsServer Server MetricsServer is used to configure the HTTP(S) server for metrics.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. providers Providers Providers is used to configure multiple providers.","s":"AlphaOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#alphaoptions","p":11},{"i":25,"t":"(Appears on: Provider) Field Type Description tenant string Tenant directs to a tenant-specific or common (tenant-independent) endpointDefault value is 'common' graphGroupField string GraphGroupField configures the group field to be used when building the groups list from Microsoft GraphDefault value is 'id'","s":"AzureOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#azureoptions","p":11},{"i":27,"t":"(Appears on: Provider) Field Type Description team string Team sets restrict logins to members of this team repository string Repository sets restrict logins to user with access to this repository","s":"BitbucketOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#bitbucketoptions","p":11},{"i":29,"t":"(Appears on: HeaderValue) ClaimSource allows loading a header value from a claim within the session Field Type Description claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"ClaimSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#claimsource","p":11},{"i":31,"t":"(string alias)​ (Appears on: Upstream) Duration is as string representation of a period of time. A duration string is a is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".","s":"Duration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#duration","p":11},{"i":33,"t":"(Appears on: Provider) Field Type Description org string Org sets restrict logins to members of this organisation team string Team sets restrict logins to members of this team repo string Repo sets restrict logins to collaborators of this repository token string Token is the token to use when verifying repository collaboratorsit must have push access to the repository users []string Users allows users with these usernames to logineven if they do not belong to the specified org and team or collaborators","s":"GitHubOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#githuboptions","p":11},{"i":35,"t":"(Appears on: Provider) Field Type Description group []string Group sets restrict logins to members of this group projects []string Projects restricts logins to members of any of these projects","s":"GitLabOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#gitlaboptions","p":11},{"i":37,"t":"(Appears on: Provider) Field Type Description group []string Groups sets restrict logins to members of this google group adminEmail string AdminEmail is the google admin to impersonate for api calls serviceAccountJson string ServiceAccountJSON is the path to the service account json credentials useApplicationDefaultCredentials bool UseApplicationDefaultCredentials is a boolean whether to use Application Default Credentials instead of a ServiceAccountJSON","s":"GoogleOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#googleoptions","p":11},{"i":39,"t":"(Appears on: AlphaOptions) Header represents an individual header that will be added to a request or response header. Field Type Description name string Name is the header name to be used for this set of values.Names should be unique within a list of Headers. preserveRequestValue bool PreserveRequestValue determines whether any values for this headershould be preserved for the request to the upstream server.This option only applies to injected request headers.Defaults to false (headers that match this header will be stripped). values []HeaderValue Values contains the desired values for this header","s":"Header","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#header","p":11},{"i":41,"t":"(Appears on: Header) HeaderValue represents a single header value and the sources that can make up the header value Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value. claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"HeaderValue","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#headervalue","p":11},{"i":43,"t":"(Appears on: Provider) Field Type Description groups []string Group enables to restrict login to members of indicated group roles []string Role enables to restrict login to users with role (only available when using the keycloak-oidc provider)","s":"KeycloakOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#keycloakoptions","p":11},{"i":45,"t":"(Appears on: Provider) Field Type Description jwtKey string JWTKey is a private key in PEM format used to sign JWT, jwtKeyFile string JWTKeyFile is a path to the private key file in PEM format used to sign the JWT pubjwkURL string PubJWKURL is the JWK pubkey access endpoint","s":"LoginGovOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#logingovoptions","p":11},{"i":47,"t":"(Appears on: Provider) LoginURLParameter is the configuration for a single query parameter that can be passed through from the /oauth2/start endpoint to the IdP login URL. The \"default\" option specifies the default value or values (if any) that will be passed to the IdP for this parameter, and \"allow\" is a list of options for ways in which this parameter can be set or overridden via the query string to /oauth2/start. If only a default is specified and no \"allow\" then the parameter is effectively fixed - the default value will always be used and anything passed to the start URL will be ignored. If only \"allow\" is specified but no default then the parameter will only be passed on to the IdP if the caller provides it, and no value will be sent otherwise. Examples:","s":"LoginURLParameter","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#loginurlparameter","p":11},{"i":49,"t":"name: organizationdefault:- myorg A parameter that is not passed by default, but may be set to one of a fixed set of values name: promptallow:- value: login- value: consent- value: select_account A parameter that is passed by default but may be overridden by one of a fixed set of values name: promptdefault: [\"login\"]allow:- value: consent- value: select_account A parameter that may be overridden, but only by values that match a regular expression. For example to restrict login_hint to email addresses in your organization's domain: name: login_hintallow:- pattern: '^[^@]*@example\\.com$'# this allows at most one \"@\" sign, and requires \"example.com\" domain. Note that the YAML rules around exactly which characters are allowed and/or require escaping in different types of string literals are convoluted. For regular expressions the single quoted form is simplest as backslash is not considered to be an escape character. Alternatively use the \"chomped block\" format |-: - pattern: |- ^[^@]*@example\\.com$ The hyphen is important, a | block would have a trailing newline character. Field Type Description name string Name specifies the name of the query parameter. default []string (Optional) Default specifies a default value or values that will bepassed to the IdP if not overridden. allow []URLParameterRule (Optional) Allow specifies rules about how the default (if any) may beoverridden via the query string to /oauth2/start. Onlyvalues that match one or more of the allow rules will beforwarded to the IdP.","s":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"","p":11},{"i":51,"t":"(Appears on: Provider) Field Type Description issuerURL string IssuerURL is the OpenID Connect issuer URLeg: https://accounts.google.com insecureAllowUnverifiedEmail bool InsecureAllowUnverifiedEmail prevents failures if an email address in an id_token is not verifieddefault set to 'false' insecureSkipIssuerVerification bool InsecureSkipIssuerVerification skips verification of ID token issuers. When false, ID Token Issuers must match the OIDC discovery URLdefault set to 'false' insecureSkipNonce bool InsecureSkipNonce skips verifying the ID Token's nonce claim that must matchthe random nonce sent in the initial OAuth flow. Otherwise, the nonce is checkedafter the initial OAuth redeem & subsequent token refreshes.default set to 'true'Warning: In a future release, this will change to 'false' by default for enhanced security. skipDiscovery bool SkipDiscovery allows to skip OIDC discovery and use manually supplied Endpointsdefault set to 'false' jwksURL string JwksURL is the OpenID Connect JWKS URLeg: https://www.googleapis.com/oauth2/v3/certs emailClaim string EmailClaim indicates which claim contains the user email,default set to 'email' groupsClaim string GroupsClaim indicates which claim contains the user groupsdefault set to 'groups' userIDClaim string UserIDClaim indicates which claim contains the user IDdefault set to 'email' audienceClaims []string AudienceClaim allows to define any claim that is verified against the client idBy default aud claim is used for verification. extraAudiences []string ExtraAudiences is a list of additional audiences that are allowedto pass verification in addition to the client id.","s":"OIDCOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#oidcoptions","p":11},{"i":53,"t":"(Appears on: Providers) Provider holds all configuration for a single provider Field Type Description clientID string ClientID is the OAuth Client ID that is defined in the providerThis value is required for all providers. clientSecret string ClientSecret is the OAuth Client Secret that is defined in the providerThis value is required for all providers. clientSecretFile string ClientSecretFile is the name of the filecontaining the OAuth Client Secret, it will be used if ClientSecret is not set. keycloakConfig KeycloakOptions KeycloakConfig holds all configurations for Keycloak provider. azureConfig AzureOptions AzureConfig holds all configurations for Azure provider. ADFSConfig ADFSOptions ADFSConfig holds all configurations for ADFS provider. bitbucketConfig BitbucketOptions BitbucketConfig holds all configurations for Bitbucket provider. githubConfig GitHubOptions GitHubConfig holds all configurations for GitHubC provider. gitlabConfig GitLabOptions GitLabConfig holds all configurations for GitLab provider. googleConfig GoogleOptions GoogleConfig holds all configurations for Google provider. oidcConfig OIDCOptions OIDCConfig holds all configurations for OIDC provideror providers utilize OIDC configurations. loginGovConfig LoginGovOptions LoginGovConfig holds all configurations for LoginGov provider. id string ID should be a unique identifier for the provider.This value is required for all providers. provider ProviderType Type is the OAuth providermust be set from the supported providers group,otherwise 'Google' is set as default name string Name is the providers display nameif set, it will be shown to the users in the login page. caFiles []string CAFiles is a list of paths to CA certificates that should be used when connecting to the provider.If not specified, the default Go trust sources are used instead loginURL string LoginURL is the authentication endpoint loginURLParameters []LoginURLParameter LoginURLParameters defines the parameters that can be passed from the start URL to the IdP login URL redeemURL string RedeemURL is the token redemption endpoint profileURL string ProfileURL is the profile access endpoint resource string ProtectedResource is the resource that is protected (Azure AD and ADFS only) validateURL string ValidateURL is the access token validation endpoint scope string Scope is the OAuth scope specification allowedGroups []string AllowedGroups is a list of restrict logins to members of this group code_challenge_method string The code challenge method","s":"Provider","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#provider","p":11},{"i":55,"t":"(string alias)​ (Appears on: Provider) ProviderType is used to enumerate the different provider type options Valid options are: adfs, azure, bitbucket, digitalocean facebook, github, gitlab, google, keycloak, keycloak-oidc, linkedin, login.gov, nextcloud and oidc.","s":"ProviderType","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providertype","p":11},{"i":57,"t":"([]Provider alias)​ (Appears on: AlphaOptions) Providers is a collection of definitions for providers.","s":"Providers","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providers","p":11},{"i":59,"t":"(Appears on: ClaimSource, HeaderValue, TLS) SecretSource references an individual secret value. Only one source within the struct should be defined at any time. Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value.","s":"SecretSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#secretsource","p":11},{"i":61,"t":"(Appears on: AlphaOptions) Server represents the configuration for an HTTP(S) server Field Type Description BindAddress string BindAddress is the address on which to serve traffic.Leave blank or set to \"-\" to disable. SecureBindAddress string SecureBindAddress is the address on which to serve secure traffic.Leave blank or set to \"-\" to disable. TLS TLS TLS contains the information for loading the certificate and key for thesecure traffic and further configuration for the TLS server.","s":"Server","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#server","p":11},{"i":63,"t":"(Appears on: Server) TLS contains the information for loading a TLS certificate and key as well as an optional minimal TLS version that is acceptable. Field Type Description Key SecretSource Key is the TLS key data to use.Typically this will come from a file. Cert SecretSource Cert is the TLS certificate data to use.Typically this will come from a file. MinVersion string MinVersion is the minimal TLS version that is acceptable.E.g. Set to \"TLS1.3\" to select TLS version 1.3 CipherSuites []string CipherSuites is a list of TLS cipher suites that are allowed.E.g.:- TLS_RSA_WITH_RC4_128_SHA- TLS_RSA_WITH_AES_256_GCM_SHA384If not specified, the default Go safe cipher list is used.List of valid cipher suites can be found in the crypto/tls documentation.","s":"TLS","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#tls","p":11},{"i":65,"t":"(Appears on: LoginURLParameter) URLParameterRule represents a rule by which query parameters passed to the /oauth2/start endpoint are checked to determine whether they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both. Field Type Description value string A Value rule matches just this specific value pattern string A Pattern rule gives a regular expression that must be matched bysome substring of the value. The expression is not automaticallyanchored to the start and end of the value, if you want to restrictthe whole parameter value you must anchor it yourself with ^ and $.","s":"URLParameterRule","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#urlparameterrule","p":11},{"i":67,"t":"(Appears on: UpstreamConfig) Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path. Field Type Description id string ID should be a unique identifier for the upstream.This value is required for all upstreams. path string Path is used to map requests to the upstream server.The closest match will take precedence and all Paths must be unique.Path can also take a pattern when used with RewriteTarget.Path segments can be captured and matched using regular experessions.Eg:- ^/foo$: Match only the explicit path /foo- ^/bar/$: Match any path prefixed with /bar/- ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget rewriteTarget string RewriteTarget allows users to rewrite the request path before it is sent tothe upstream server.Use the Path to capture segments for reuse within the rewrite target.Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewritethe request /baz/abc/123 to /foo/abc/123 before proxying to theupstream server. uri string The URI of the upstream server. This may be an HTTP(S) server of a Filebased URL. It may include a path, in which case all requests will be servedunder that path.Eg:- http://localhost:8080- https://service.localhost- https://service.localhost/path- file://host/pathIf the URI's path is \"/base\" and the incoming request was for \"/dir\",the upstream request will be for \"/base/dir\". insecureSkipTLSVerify bool InsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.This option is insecure and will allow potential Man-In-The-Middle attacksbetweem OAuth2 Proxy and the usptream server.Defaults to false. static bool Static will make all requests to this upstream have a static response.The response will have a body of \"Authenticated\" and a response codematching StaticCode.If StaticCode is not set, the response will return a 200 response. staticCode int StaticCode determines the response code for the Static response.This option can only be used with Static enabled. flushInterval Duration FlushInterval is the period between flushing the response buffer whenstreaming response from the upstream.Defaults to 1 second. passHostHeader bool PassHostHeader determines whether the request host header should be proxiedto the upstream server.Defaults to true. proxyWebSockets bool ProxyWebSockets enables proxying of websockets to upstream serversDefaults to true. timeout Duration Timeout is the maximum duration the server will wait for a response from the upstream server.Defaults to 30 seconds.","s":"Upstream","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstream","p":11},{"i":69,"t":"(Appears on: AlphaOptions) UpstreamConfig is a collection of definitions for upstream servers. Field Type Description proxyRawPath bool ProxyRawPath will pass the raw url path to upstream allowing for url'slike: \"/%2F/\" which would otherwise be redirected to \"/\" upstreams []Upstream Upstreams represents the configuration for the upstream servers.Requests will be proxied to this upstream if the path matches the request path.","s":"UpstreamConfig","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstreamconfig","p":11},{"i":71,"t":"You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on. Valid providers are : Google default Azure ADFS Facebook GitHub Gitea Keycloak GitLab LinkedIn Microsoft Azure AD OpenID Connect login.gov Nextcloud DigitalOcean Bitbucket The provider can be selected using the provider configuration value. Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.","s":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"","p":70},{"i":73,"t":"For Google, the registration steps are: Create a new project: https://console.developers.google.com/project Choose the new project from the top right project dropdown (only if another project is selected) In the project Dashboard center pane, choose \"APIs & Services\" In the left Nav pane, choose \"Credentials\" In the center pane, choose \"OAuth consent screen\" tab. Fill in \"Product name shown to users\" and hit save. In the center pane, choose \"Credentials\" tab. Open the \"New credentials\" drop down Choose \"OAuth client ID\" Choose \"Web application\" Application name is freeform, choose something appropriate Authorized JavaScript origins is your domain ex: https://internal.yourcompany.com Authorized redirect URIs is the location of oauth2/callback ex: https://internal.yourcompany.com/oauth2/callback Choose \"Create\" Take note of the Client ID and Client Secret It's recommended to refresh sessions on a short interval (1h) with cookie-refresh setting which validates that the account is still authorized. Restrict auth to specific Google groups on your domain. (optional)​ Create a service account and download the json file if you're not using Application Default Credentials / Workload Identity / Workload Identity Federation (recommended). Make note of the Client ID for a future step. Under \"APIs & Auth\", choose APIs. Click on Admin SDK and then Enable API. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: Using Application Default Credentials (ADC) / Workload Identity / Workload Identity Federation (recommended)​ oauth2-proxy can make use of Application Default Credentials. When deployed within GCP, this means that it can automatically use the service account attached to the resource. When deployed to GKE, ADC can be leveraged through a feature called Workload Identity. Follow Google's guide to set up Workload Identity. When deployed outside of GCP, Workload Identity Federation might be an option. https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. Create or choose an existing administrative email address on the Gmail domain to assign to the google-admin-email flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. Create or choose an existing email group and set that email to the google-group flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the google-service-account-json flag. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).","s":"Google Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#google-auth-provider","p":70},{"i":75,"t":"Add an application: go to https://portal.azure.com, choose Azure Active Directory, select App registrations and then click on New registration. Pick a name, check the supported account type(single-tenant, multi-tenant, etc). In the Redirect URI section create a new Web platform entry for each app that you want to protect by the oauth2 proxy(e.g. https://internal.yourcompanycom/oauth2/callback). Click Register. Next we need to add group read permissions for the app registration, on the API Permissions page of the app, click on Add a permission, select Microsoft Graph, then select Application permissions, then click on Group and select Group.Read.All. Hit Add permissions and then on Grant admin consent (you might need an admin to do this).**IMPORTANT**: Even if this permission is listed with **\"Admin consent required=No\"** the consent might actually be required, due to AAD policies you won't be able to see. If you get a **\"Need admin approval\"** during login, most likely this is what you're missing! Next, if you are planning to use v2.0 Azure Auth endpoint, go to the Manifest page and set \"accessTokenAcceptedVersion\": 2 in the App registration manifest file. On the Certificates & secrets page of the app, add a new client secret and note down the value after hitting Add. Configure the proxy with: for V1 Azure Auth endpoint (Azure Active Directory Endpoints - https://login.microsoftonline.com/common/oauth2/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://sts.windows.net/{tenant-id}/ for V2 Azure Auth endpoint (Microsoft Identity Platform Endpoints - https://login.microsoftonline.com/common/oauth2/v2.0/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://login.microsoftonline.com/{tenant-id}/v2.0 Notes: When using v2.0 Azure Auth endpoint (https://login.microsoftonline.com/{tenant-id}/v2.0) as --oidc_issuer_url, in conjunction with --resource flag, be sure to append /.default at the end of the resource name. See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope for more details. When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"Azure Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#azure-auth-provider","p":70},{"i":77,"t":"Open the ADFS administration console on your Windows Server and add a new Application Group Provide a name for the integration, select Server Application from the Standalone applications section and click Next Follow the wizard to get the client-id, client-secret and configure the application credentials Configure the proxy with --provider=adfs --client-id= --client-secret= Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"ADFS Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adfs-auth-provider","p":70},{"i":79,"t":"Create a new FB App from https://developers.facebook.com/ Under FB Login, set your Valid OAuth redirect URIs to https://internal.yourcompany.com/oauth2/callback","s":"Facebook Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#facebook-auth-provider","p":70},{"i":81,"t":"Create a new project: https://github.com/settings/developers Under Authorization callback URL enter the correct url ie https://internal.yourcompany.com/oauth2/callback The GitHub auth provider supports two additional ways to restrict authentication to either organization and optional team level access, or to collaborators of a repository. Restricting by these options is normally accompanied with --email-domain=* NOTE: When --github-user is set, the specified users are allowed to login even if they do not belong to the specified org and team or collaborators. To restrict by organization only, include the following flag: -github-org=\"\": restrict logins to members of this organisation To restrict within an organization to specific teams, include the following flag in addition to -github-org: -github-team=\"\": restrict logins to members of any of these teams (slug), separated by a comma If you would rather restrict access to collaborators of a repository, those users must either have push access to a public repository or any access to a private repository: -github-repo=\"\": restrict logins to collaborators of this repository formatted as orgname/repo If you'd like to allow access to users with read only access to a public repository you will need to provide a token for a user that has write access to the repository. The token must be created with at least the public_repo scope: -github-token=\"\": the token to use when verifying repository collaborators To allow a user to login with their username even if they do not belong to the specified org and team or collaborators, separated by a comma -github-user=\"\": allow logins by username, separated by a comma If you are using GitHub enterprise, make sure you set the following to the appropriate url: -login-url=\"http(s):///login/oauth/authorize\"-redeem-url=\"http(s):///login/oauth/access_token\"-validate-url=\"http(s):///api/v3\"","s":"GitHub Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#github-auth-provider","p":70},{"i":83,"t":"Create a new application: https://< your gitea host >/user/settings/applications Under Redirect URI enter the correct URL i.e. https:///oauth2/callback Note the Client ID and Client Secret. Pass the following options to the proxy: --provider=\"github\" --redirect-url=\"https:///oauth2/callback\" --provider-display-name=\"Gitea\" --client-id=\"< client_id as generated by Gitea >\" --client-secret=\"< client_secret as generated by Gitea >\" --login-url=\"https://< your gitea host >/login/oauth/authorize\" --redeem-url=\"https://< your gitea host >/login/oauth/access_token\" --validate-url=\"https://< your gitea host >/api/v1/user/emails\"","s":"Gitea Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitea-auth-provider","p":70},{"i":85,"t":"note This is the legacy provider for Keycloak, use Keycloak OIDC Auth Provider if possible. Create new client in your Keycloak realm with Access Type 'confidental' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Make sure you set the following to the appropriate url: --provider=keycloak --client-id= --client-secret= --login-url=\"http(s):///auth/realms//protocol/openid-connect/auth\" --redeem-url=\"http(s):///auth/realms//protocol/openid-connect/token\" --profile-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --validate-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --keycloak-group= --keycloak-group= For group based authorization, the optional --keycloak-group (legacy) or --allowed-group (global standard) flags can be used to specify which groups to limit access to. If these are unset but a groups mapper is set up above in step (3), the provider will still populate the X-Forwarded-Groups header to your upstream server with the groups data in the Keycloak userinfo endpoint response. The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.","s":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-auth-provider","p":70},{"i":87,"t":"--provider=keycloak-oidc --client-id= --client-secret= --redirect-url=https://internal.yourcompany.com/oauth2/callback --oidc-issuer-url=https:///auth/realms/ --email-domain= // Validate email domain for users, see option documentation --allowed-role= // Optional, required realm role --allowed-role=: // Optional, required client role --allowed-group= // Optional, requires group client scope --code-challenge-method=S256 // PKCE note Keycloak has updated its admin console and as of version 19.0.0, the new admin console is enabled by default. The legacy admin console has been announced for removal with the release of version 21.0.0. Keycloak legacy admin console Create new client in your Keycloak realm with Access Type 'confidential', Client protocol 'openid-connect' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Create a mapper with Mapper Type 'Audience' and Included Client Audience and Included Custom Audience set to your client name. Keycloak new admin console (default as of v19.0.0) The following example shows how to create a simple OIDC client using the new Keycloak admin2 console. However, for best practices, it is recommended to consult the Keycloak documentation. The OIDC client must be configured with an audience mapper to include the client's name in the aud claim of the JWT token. The aud claim specifies the intended recipient of the token, and OAuth2 Proxy expects a match against the values of either --client-id or --oidc-extra-audience. In Keycloak, claims are added to JWT tokens through the use of mappers at either the realm level using \"client scopes\" or through \"dedicated\" client mappers. Creating the client Create a new OIDC client in your Keycloak realm by navigating to:Clients -> Create client Client Type 'OpenID Connect' Client ID , please complete the remaining fields as appropriate and click Next. Client authentication 'On' Authentication flow Standard flow 'selected' Direct access grants 'deselect' Save the configuration. Settings / Access settings: Valid redirect URIs https://internal.yourcompany.com/oauth2/callback Save the configuration. Under the Credentials tab you will now be able to locate . Configure a dedicated audience mapper for your client by navigating to Clients -> -> Client scopes. Access the dedicated mappers pane by clicking -dedicated, located under Assigned client scope.(It should have a description of \"Dedicated scope and mappers for this client\") Click Configure a new mapper and select Audience Name 'aud-mapper-' Included Client Audience select from the dropdown. OAuth2 proxy can be set up to pass both the access and ID JWT tokens to your upstream services. If you require additional audience entries, you can use the Included Custom Audience field in addition to the \"Included Client Audience\" dropdown. Note that the \"aud\" claim of a JWT token should be limited and only specify its intended recipients. Add to ID token 'On' Add to access token 'On' - #1916 Save the configuration. Any subsequent dedicated client mappers can be defined by clicking Dedicated scopes -> Add mapper -> By configuration -> Select mapper You should now be able to create a test user in Keycloak and get access to the OAuth2 Proxy instance, make sure to set an email address matching and select Email verified. Authorization OAuth2 Proxy will perform authorization by requiring a valid user, this authorization can be extended to take into account a user's membership in Keycloak groups, realm roles, and client roles using the keycloak-oidc provider options--allowed-role or --allowed-group Roles A standard Keycloak installation comes with the required mappers for realm roles and client roles through the pre-defined client scope \"roles\". This ensures that any roles assigned to a user are included in the JWT tokens when using an OIDC client that has the \"Full scope allowed\" feature activated, the feature is enabled by default. Creating a realm role Navigate to Realm roles -> Create role Role name, -> save Creating a client role Navigate to Clients -> -> Roles -> Create role Role name, -> save Assign a role to a user Users -> Username -> Role mapping -> Assign role -> filter by roles or clients and select -> Assign. Keycloak \"realm roles\" can be authorized using the --allowed-role= option, while \"client roles\" can be evaluated using --allowed-role=:. You may limit the realm roles included in the JWT tokens for any given client by navigating to: Clients -> -> Client scopes -> -dedicated -> Scope Disabling Full scope allowed activates the Assign role option, allowing you to select which roles, if assigned to a user, will be included in the user's JWT tokens. This can be useful when a user has many associated roles, and you want to reduce the size and impact of the JWT token. Groups You may also do authorization on group memberships by using the OAuth2 Proxy option --allowed-group. We will only do a brief description of creating the required client scope groups and refer you to read the Keycloak documentation. To summarize, the steps required to authorize Keycloak group membership with OAuth2 Proxy are as follows: Create a new Client Scope with the name groups in Keycloak. Include a mapper of type Group Membership. Set the \"Token Claim Name\" to groups or customize by matching it to the --oidc-groups-claim option of OAuth2 Proxy. If the \"Full group path\" option is selected, you need to include a \"/\" separator in the group names defined in the --allowed-group option of OAuth2 Proxy. Example: \"/groupname\" or \"/groupname/childgroup\". After creating the Client Scope named groups you will need to attach it to your client. Clients -> -> Client scopes -> Add client scope -> Select groups and choose Optional and you should now have a client that maps group memberships into the JWT tokens so that Oauth2 Proxy may evaluate them. Create a group by navigating to Groups -> Create group and add your test user as a member. The OAuth2 Proxy option --allowed-group=/groupname will now allow you to filter on group membership Keycloak also has the option of attaching roles to groups, please refer to the Keycloak documentation for more information. Tip To check if roles or groups are added to JWT tokens, you can preview a users token in the Keycloak console by following these steps: Clients -> -> Client scopes -> Evaluate. Select a realm user and optional scope parameters such as groups, and generate the JSON representation of an access or id token to examine its contents.","s":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":70},{"i":89,"t":"This auth provider has been tested against Gitlab version 12.X. Due to Gitlab API changes, it may not work for version prior to 12.X (see 994). Whether you are using GitLab.com or self-hosting GitLab, follow these steps to add an application. Make sure to enable at least the openid, profile and email scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. If you need projects filtering, add the extra read_api scope to your application. The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow these steps --provider=\"gitlab\" --redirect-url=\"https://myapp.com/oauth2/callback\" // Should be the same as the redirect url for the application in gitlab --client-id=GITLAB_CLIENT_ID --client-secret=GITLAB_CLIENT_SECRET --cookie-secret=COOKIE_SECRET Restricting by group membership is possible with the following option: --gitlab-group=\"mygroup,myothergroup\": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: --oidc-issuer-url=\"\" If your self-hosted GitLab is on a sub-directory (e.g. domain.tld/gitlab), as opposed to its own sub-domain (e.g. gitlab.domain.tld), you may need to add a redirect from domain.tld/oauth pointing at e.g. domain.tld/gitlab/oauth.","s":"GitLab Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitlab-auth-provider","p":70},{"i":91,"t":"For LinkedIn, the registration steps are: Create a new project: https://www.linkedin.com/secure/developer In the OAuth User Agreement section: In default scope, select r_basicprofile and r_emailaddress. In \"OAuth 2.0 Redirect URLs\", enter https://internal.yourcompany.com/oauth2/callback Fill in the remaining required fields and Save. Take note of the Consumer Key / API Key and Consumer Secret / Secret Key","s":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#linkedin-auth-provider","p":70},{"i":93,"t":"For adding an application to the Microsoft Azure AD follow these steps to add an application. Take note of your TenantId if applicable for your situation. The TenantId can be used to override the default common authorization server with a tenant specific server.","s":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":70},{"i":95,"t":"OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. The OpenID Connect Provider (OIDC) can also be used to connect to other Identity Providers such as Okta, an example can be found below. Dex​ To configure the OIDC provider for Dex, perform the following steps: Download Dex: go get github.com/dexidp/dex See the getting started guide for more details. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. Add a configuration block to the staticClients section of examples/config-dev.yaml: - id: oauth2-proxyredirectURIs:- 'http://127.0.0.1:4180/oauth2/callback'name: 'oauth2-proxy'secret: proxy Launch Dex: from $GOPATH/github.com/dexidp/dex, run: bin/dex serve examples/config-dev.yaml In a second terminal, run the oauth2-proxy with the following args: -provider oidc-provider-display-name \"My OIDC Provider\"-client-id oauth2-proxy-client-secret proxy-redirect-url http://127.0.0.1:4180/oauth2/callback-oidc-issuer-url http://127.0.0.1:5556/dex-cookie-secure=false-cookie-secret=secret-email-domain kilgore.trout To serve the current working directory as a web site under the /static endpoint, add: -upstream file://$PWD/#/static/ Test the setup by visiting http://127.0.0.1:4180 or http://127.0.0.1:4180/static . See also our local testing environment for a self-contained example using Docker and etcd as storage for Dex. Okta​ To configure the OIDC provider for Okta, perform the following steps: Log in to Okta using an administrative account. It is suggested you try this in preview first, example.oktapreview.com (OPTIONAL) If you want to configure authorization scopes and claims to be passed on to multiple applications, you may wish to configure an authorization server for each application. Otherwise, the provided default will work. Navigate to Security then select API Click Add Authorization Server, if this option is not available you may require an additional license for a custom authorization server. Fill out the Name with something to describe the application you are protecting. e.g. 'Example App'. For Audience, pick the URL of the application you wish to protect: https://example.corp.com Fill out a Description Add any Access Policies you wish to configure to limit application access. The default settings will work for other options. See Okta documentation for more information on Authorization Servers Navigate to Applications then select Add Application. Select Web for the Platform setting. Select OpenID Connect and click Create Pick an Application Name such as Example App. Set the Login redirect URI to https://example.corp.com. Under General set the Allowed grant types to Authorization Code and Refresh Token. Leave the rest as default, taking note of the Client ID and Client Secret. Under Assignments select the users or groups you wish to access your application. Create a configuration file like the following: provider = \"oidc\"redirect_url = \"https://example.corp.com/oauth2/callback\"oidc_issuer_url = \"https://corp.okta.com/oauth2/abCd1234\"upstreams = [ \"https://example.corp.com\"]email_domains = [ \"corp.com\"]client_id = \"XXXXX\"client_secret = \"YYYYY\"pass_access_token = truecookie_secret = \"ZZZZZ\"skip_provider_button = true The oidc_issuer_url is based on URL from your Authorization Server's Issuer field in step 2, or simply https://corp.okta.com . The client_id and client_secret are configured in the application settings. Generate a unique cookie_secret to encrypt the cookie. Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/example.cfg Okta - localhost​ Signup for developer account: https://developer.okta.com/signup/ Create New Web Application: https://${your-okta-domain}/dev/console/apps/new Example Application Settings for localhost: Name: My Web App Base URIs: http://localhost:4180/ Login redirect URIs: http://localhost:4180/oauth2/callback Logout redirect URIs: http://localhost:4180/ Group assignments: Everyone Grant type allowed: Authorization Code and Refresh Token Make note of the Client ID and Client secret, they are needed in a future step Make note of the default Authorization Server Issuer URI from: https://${your-okta-domain}/admin/oauth2/as Example config file /etc/localhost.cfg provider = \"oidc\"redirect_url = \"http://localhost:4180/oauth2/callback\"oidc_issuer_url = \"https://${your-okta-domain}/oauth2/default\"upstreams = [ \"http://0.0.0.0:8080\"]email_domains = [ \"*\"]client_id = \"XXX\"client_secret = \"YYY\"pass_access_token = truecookie_secret = \"ZZZ\"cookie_secure = falseskip_provider_button = true# Note: use the following for testing within a container# http_address = \"0.0.0.0:4180\" Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/localhost.cfg","s":"OpenID Connect Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#openid-connect-provider","p":70},{"i":97,"t":"login.gov is an OIDC provider for the US Government. If you are a US Government agency, you can contact the login.gov team through the contact information that you can find on https://login.gov/developers/ and work with them to understand how to get login.gov accounts for integration/test and production access. A developer guide is available here: https://developers.login.gov/, though this proxy handles everything but the data you need to create to register your application in the login.gov dashboard. As a demo, we will assume that you are running your application that you want to secure locally on http://localhost:3000/, that you will be starting your proxy up on http://localhost:4180/, and that you have an agency integration account for testing. First, register your application in the dashboard. The important bits are: Identity protocol: make this Openid connect Issuer: do what they say for OpenID Connect. We will refer to this string as ${LOGINGOV_ISSUER}. Public key: This is a self-signed certificate in .pem format generated from a 2048 bit RSA private key. A quick way to do this is openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/C=US/ST=Washington/L=DC/O=GSA/OU=18F/CN=localhost', The contents of the key.pem shall be referred to as ${OAUTH2_PROXY_JWT_KEY}. Return to App URL: Make this be http://localhost:4180/ Redirect URIs: Make this be http://localhost:4180/oauth2/callback. Attribute Bundle: Make sure that email is selected. Now start the proxy up with the following options: ./oauth2-proxy -provider login.gov \\ -client-id=${LOGINGOV_ISSUER} \\ -redirect-url=http://localhost:4180/oauth2/callback \\ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \\ -cookie-secure=false \\ -email-domain=gsa.gov \\ -upstream=http://localhost:3000/ \\ -cookie-secret=somerandomstring12341234567890AB \\ -cookie-domain=localhost \\ -skip-provider-button=true \\ -pubjwk-url=https://idp.int.identitysandbox.gov/api/openid_connect/certs \\ -profile-url=https://idp.int.identitysandbox.gov/api/openid_connect/userinfo \\ -jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\" You can also set all these options with environment variables, for use in cloud/docker environments. One tricky thing that you may encounter is that some cloud environments will pass in environment variables in a docker env-file, which does not allow multiline variables like a PEM file. If you encounter this, then you can create a jwt_signing_key.pem file in the top level directory of the repo which contains the key in PEM format and then do your docker build. The docker build process will copy that file into your image which you can then access by setting the OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem environment variable, or by setting --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem on the commandline. Once it is running, you should be able to go to http://localhost:4180/ in your browser, get authenticated by the login.gov integration server, and then get proxied on to your application running on http://localhost:3000/. In a real deployment, you would secure your application with a firewall or something so that it was only accessible from the proxy, and you would use real hostnames everywhere. Skip OIDC discovery​ Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the --skip-oidc-discovery option, and supply those required endpoints manually: -provider oidc -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -skip-oidc-discovery -login-url http://127.0.0.1:5556/authorize -redeem-url http://127.0.0.1:5556/token -oidc-jwks-url http://127.0.0.1:5556/keys -cookie-secure=false -email-domain example.com","s":"login.gov Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#logingov-provider","p":70},{"i":99,"t":"The Nextcloud provider allows you to authenticate against users in your Nextcloud instance. When you are using the Nextcloud provider, you must specify the urls via configuration, environment variable, or command line argument. Depending on whether your Nextcloud instance is using pretty urls your urls may be of the form /index.php/apps/oauth2/* or /apps/oauth2/*. Refer to the OAuth2 documentation to setup the client id and client secret. Your \"Redirection URI\" will be https://internalapp.yourcompany.com/oauth2/callback. -provider nextcloud -client-id -client-secret -login-url=\"/index.php/apps/oauth2/authorize\" -redeem-url=\"/index.php/apps/oauth2/api/v1/token\" -validate-url=\"/ocs/v2.php/cloud/user?format=json\" Note: in all cases the validate-url will not have the index.php.","s":"Nextcloud Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#nextcloud-provider","p":70},{"i":101,"t":"Create a new OAuth application You can fill in the name, homepage, and description however you wish. In the \"Application callback URL\" field, enter: https://oauth-proxy/oauth2/callback, substituting oauth2-proxy with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=digitalocean --client-id= --client-secret= Alternatively, set the equivalent options in the config file. The redirect URL defaults to https:///oauth2/callback. If you need to change it, you can use the --redirect-url command-line option.","s":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":70},{"i":103,"t":"Add a new OAuth consumer In \"Callback URL\" use https:///oauth2/callback, substituting with the actual hostname that oauth2-proxy is running on. In Permissions section select: Account -> Email Team membership -> Read Repositories -> Read Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=bitbucket --client-id= --client-secret= The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: --bitbucket-team=. To restrict the access to only these users who has access to one selected repository use --bitbucket-repository=.","s":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":70},{"i":105,"t":"To authorize by email domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.","s":"Email Authentication","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#email-authentication","p":70},{"i":107,"t":"Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.","s":"Adding a new Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adding-a-new-provider","p":70},{"i":109,"t":"oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).","s":"Overview","u":"/oauth2-proxy/docs/next/configuration/overview","h":"","p":108},{"i":111,"t":"To generate a strong cookie secret use one of the below commands: Python Bash OpenSSL PowerShell Terraform python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\\n' | tr -- '+/' '-_'; echo openssl rand -base64 32 | tr -- '+/' '-_' # Add System.Web assembly to session, just in caseAdd-Type -AssemblyName System.Web[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace(\"+\",\"-\").Replace(\"/\",\"_\") # Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secretresource \"random_password\" \"cookie_secret\" { length = 32 override_special = \"-_\"}","s":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#generating-a-cookie-secret","p":108},{"i":113,"t":"Every command line argument can be specified in a config file by replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the config option should be plural (trailing s). An example oauth2-proxy.cfg config file is in the contrib directory. It can be used by specifying --config=/etc/oauth2-proxy.cfg","s":"Config File","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#config-file","p":108},{"i":115,"t":"Option Type Description Default --acr-values string optional, see docs \"\" --api-route string | list return HTTP 401 instead of redirecting to authentication server if token is not valid. Format: path_regex --approval-prompt string OAuth approval_prompt \"force\" --auth-logging bool Log authentication attempts true --auth-logging-format string Template for authentication log lines see Logging Configuration --authenticated-emails-file string authenticate against emails via file (one per line) --azure-tenant string go to a tenant-specific or common (tenant-independent) endpoint. \"common\" --basic-auth-password string the password to set when passing the HTTP Basic Auth header --client-id string the OAuth Client ID, e.g. \"123456.apps.googleusercontent.com\" --client-secret string the OAuth Client Secret --client-secret-file string the file with OAuth Client Secret --code-challenge-method string use PKCE code challenges with the specified method. Either 'plain' or 'S256' (recommended) --config string path to config file --cookie-domain string | list Optional cookie domains to force cookies to (e.g. .yourcompany.com). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). --cookie-expire duration expire timeframe for cookie. If set to 0, cookie becomes a session-cookie which will expire when the browser is closed. 168h0m0s --cookie-httponly bool set HttpOnly cookie flag true --cookie-name string the name of the cookie that the oauth_proxy creates. Should be changed to use a cookie prefix (__Host- or __Secure-) if --cookie-secure is set. \"_oauth2_proxy\" --cookie-path string an optional cookie path to force cookies to (e.g. /poc/) \"/\" --cookie-refresh duration refresh the cookie after this duration; 0 to disable; not supported by all providers [1] --cookie-secret string the seed string for secure cookies (optionally base64 encoded) --cookie-secure bool set secure (HTTPS only) cookie flag true --cookie-samesite string set SameSite cookie attribute (\"lax\", \"strict\", \"none\", or \"\"). \"\" --cookie-csrf-per-request bool Enable having different CSRF cookies per request, making it possible to have parallel requests. false --cookie-csrf-expire duration expire timeframe for CSRF cookie 15m --custom-templates-dir string path to custom html templates --custom-sign-in-logo string path or a URL to an custom image for the sign_in page logo. Use \"-\" to disable default logo. --display-htpasswd-form bool display username / password login form if an htpasswd file is provided true --email-domain string | list authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email --errors-to-info-log bool redirects error-level logging to default log channel instead of stderr false --extra-jwt-issuers string if --skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience (see a token's iss, aud fields) pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json) --exclude-logging-path string comma separated list of paths to exclude from logging, e.g. \"/ping,/path2\" \"\" (no paths excluded) --flush-interval duration period between flushing response buffers when streaming responses \"1s\" --force-https bool enforce https redirect false --force-json-errors bool force JSON errors instead of HTTP error pages or redirects false --banner string custom (html) banner string. Use \"-\" to disable default banner. --footer string custom (html) footer string. Use \"-\" to disable default footer. --github-org string restrict logins to members of this organisation --github-team string restrict logins to members of any of these teams (slug), separated by a comma --github-repo string restrict logins to collaborators of this repository formatted as orgname/repo --github-token string the token to use when verifying repository collaborators (must have push access to the repository) --github-user string | list To allow users to login by username even if they do not belong to the specified org and team or collaborators --gitlab-group string | list restrict logins to members of any of these groups (slug), separated by a comma --gitlab-projects string | list restrict logins to members of any of these projects (may be given multiple times) formatted as orgname/repo=accesslevel. Access level should be a value matching Gitlab access levels, defaulted to 20 if absent --google-admin-email string the google admin to impersonate for api calls --google-group string restrict logins to members of this google group (may be given multiple times). --google-service-account-json string the path to the service account json credentials --google-use-application-default-credentials bool use application default credentials instead of service account json (i.e. GKE Workload Identity) --htpasswd-file string additionally authenticate against a htpasswd file. Entries must be created with htpasswd -B for bcrypt encryption --htpasswd-user-group string | list the groups to be set on sessions for htpasswd users --http-address string [http://]: or unix:// to listen on for HTTP clients. Square brackets are required for ipv6 address, e.g. http://[::1]:4180 \"127.0.0.1:4180\" --https-address string [https://]: to listen on for HTTPS clients. Square brackets are required for ipv6 address, e.g. https://[::1]:443 \":443\" --logging-compress bool Should rotated log files be compressed using gzip false --logging-filename string File to log requests to, empty for stdout \"\" (stdout) --logging-local-time bool Use local time in log files and backup filenames instead of UTC true (local time) --logging-max-age int Maximum number of days to retain old log files 7 --logging-max-backups int Maximum number of old log files to retain; 0 to disable 0 --logging-max-size int Maximum size in megabytes of the log file before rotation 100 --jwt-key string private key in PEM format used to sign JWT, so that you can say something like --jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\": required by login.gov --jwt-key-file string path to the private key file in PEM format used to sign the JWT so that you can say something like --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov --login-url string Authentication endpoint --insecure-oidc-allow-unverified-email bool don't fail if an email address in an id_token is not verified false --insecure-oidc-skip-issuer-verification bool allow the OIDC issuer URL to differ from the expected (currently required for Azure multi-tenant compatibility) false --insecure-oidc-skip-nonce bool skip verifying the OIDC ID Token's nonce claim true --oidc-issuer-url string the OpenID Connect issuer URL, e.g. \"https://accounts.google.com\" --oidc-jwks-url string OIDC JWKS URI for token verification; required if OIDC discovery is disabled --oidc-email-claim string which OIDC claim contains the user's email \"email\" --oidc-groups-claim string which OIDC claim contains the user groups \"groups\" --oidc-audience-claim string which OIDC claim contains the audience \"aud\" --oidc-extra-audience string | list additional audiences which are allowed to pass verification \"[]\" --pass-access-token bool pass OAuth access_token to upstream via X-Forwarded-Access-Token header. When used with --set-xauthrequest this adds the X-Auth-Request-Access-Token header to the response false --pass-authorization-header bool pass OIDC IDToken to upstream via Authorization Bearer header false --pass-basic-auth bool pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --prefer-email-to-user bool Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, e.g. htaccess authentication. Used in conjunction with --pass-basic-auth and --pass-user-headers false --pass-host-header bool pass the request Host Header to upstream true --pass-user-headers bool pass X-Forwarded-User, X-Forwarded-Groups, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --profile-url string Profile access endpoint --prompt string OIDC prompt; if present, approval-prompt is ignored \"\" --provider string OAuth provider google --provider-ca-file string | list Paths to CA certificates that should be used when connecting to the provider. If not specified, the default Go trust sources are used instead. --provider-display-name string Override the provider's name with the given string; used for the sign-in page (depends on provider) --ping-path string the ping endpoint that can be used for basic health checks \"/ping\" --ping-user-agent string a User-Agent that can be used for basic health checks \"\" (don't check user agent) --ready-path string the ready endpoint that can be used for deep health checks \"/ready\" --metrics-address string the address prometheus metrics will be scraped from \"\" --proxy-prefix string the url root path that this proxy should be nested under (e.g. //sign_in) \"/oauth2\" --proxy-websockets bool enables WebSocket proxying true --pubjwk-url string JWK pubkey access endpoint: required by login.gov --real-client-ip-header string Header used to determine the real IP of the client, requires --reverse-proxy to be set (one of: X-Forwarded-For, X-Real-IP, or X-ProxyUser-IP) X-Real-IP --redeem-url string Token redemption endpoint --redirect-url string the OAuth Redirect URL, e.g. \"https://internalapp.yourcompany.com/oauth2/callback\" --redis-cluster-connection-urls string | list List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster --redis-connection-url string URL of redis server for redis session storage (e.g. redis://HOST[:PORT]) --redis-insecure-skip-tls-verify bool skip TLS verification when connecting to Redis false --redis-password string Redis password. Applicable for all Redis configurations. Will override any password set in --redis-connection-url --redis-sentinel-password string Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use --redis-password --redis-sentinel-master-name string Redis sentinel master name. Used in conjunction with --redis-use-sentinel --redis-sentinel-connection-urls string | list List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel --redis-use-cluster bool Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature false --redis-use-sentinel bool Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature false --redis-connection-idle-timeout int Redis connection idle timeout seconds. If Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. Exmpale: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14 0 --request-id-header string Request header to use as the request ID in logging X-Request-Id --request-logging bool Log requests true --request-logging-format string Template for request log lines see Logging Configuration --resource string The resource that is protected (Azure AD only) --reverse-proxy bool are we running behind a reverse proxy, controls whether headers like X-Real-IP are accepted and allows X-Forwarded-{Proto,Host,Uri} headers to be used on redirect selection false --scope string OAuth scope specification --session-cookie-minimal bool strip OAuth tokens from cookie session stores if they aren't needed (cookie session store only) false --session-store-type string Session data storage backend; redis or cookie cookie --set-xauthrequest bool set X-Auth-Request-User, X-Auth-Request-Groups, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode). When used with --pass-access-token, X-Auth-Request-Access-Token is added to response headers. false --set-authorization-header bool set Authorization Bearer response header (useful in Nginx auth_request mode) false --set-basic-auth bool set HTTP Basic Auth information in response (useful in Nginx auth_request mode) false --show-debug-on-error bool show detailed error information on error pages (WARNING: this may contain sensitive information - do not use in production) false --signature-key string GAP-Signature request signature key (algorithm:secretkey) --silence-ping-logging bool disable logging of requests to ping & ready endpoints false --skip-auth-preflight bool will skip authentication for OPTIONS requests false --skip-auth-regex string | list (DEPRECATED for --skip-auth-route) bypass authentication for requests paths that match (may be given multiple times) --skip-auth-route string | list bypass authentication for requests that match the method & path. Format: method=path_regex OR method!=path_regex. For all methods: path_regex OR !=path_regex --skip-auth-strip-headers bool strips X-Forwarded-* style authentication headers & Authorization header if they would be set by oauth2-proxy true --skip-jwt-bearer-tokens bool will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers) false --skip-oidc-discovery bool bypass OIDC endpoint discovery. --login-url, --redeem-url and --oidc-jwks-url must be configured in this case false --skip-provider-button bool will skip sign-in-page to directly reach the next step: oauth/start false --ssl-insecure-skip-verify bool skip validation of certificates presented when using HTTPS providers false --ssl-upstream-insecure-skip-verify bool skip validation of certificates presented when using HTTPS upstreams false --standard-logging bool Log standard runtime information true --standard-logging-format string Template for standard log lines see Logging Configuration --tls-cert-file string path to certificate file --tls-cipher-suite string | list Restricts TLS cipher suites used by server to those listed (e.g. TLS_RSA_WITH_RC4_128_SHA) (may be given multiple times). If not specified, the default Go safe cipher list is used. List of valid cipher suites can be found in the crypto/tls documentation. --tls-key-file string path to private key file --tls-min-version string minimum TLS version that is acceptable, either \"TLS1.2\" or \"TLS1.3\" \"TLS1.2\" --upstream string | list the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path --upstream-timeout duration maximum amount of time the server will wait for a response from the upstream 30s --allowed-group string | list restrict logins to members of this group (may be given multiple times) --allowed-role string | list restrict logins to users with this role (may be given multiple times). Only works with the keycloak-oidc provider. --validate-url string Access token validation endpoint --version n/a print version string --whitelist-domain string | list allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains (e.g. .example.com, *.example.com) [2] --trusted-ip string | list list of IPs or CIDR ranges to allow to bypass authentication (may be given multiple times). When combined with --reverse-proxy and optionally --real-client-ip-header this will evaluate the trust of the IP stored in an HTTP header by a reverse proxy rather than the layer-3/4 remote address. WARNING: trusting IPs has inherent security flaws, especially when obtaining the IP address from an HTTP header (reverse-proxy mode). Use this option only if you understand the risks and how to manage them. [1]: Only these providers support --cookie-refresh: GitLab, Google and OIDC [2]: When using the whitelist-domain option, any domain prefixed with a . or a *. will allow any subdomain of the specified domain as a valid redirect URL. By default, only empty ports are allowed. This translates to allowing the default port of the URL's protocol (80 for HTTP, 443 for HTTPS, etc.) since browsers omit them. To allow only a specific port, add it to the whitelisted domain: example.com:8080. To allow any port, use *: example.com:*. See below for provider specific options","s":"Command Line Options","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#command-line-options","p":108},{"i":117,"t":"oauth2-proxy supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as http://127.0.0.1:8080/ for the upstream parameter. This will forward all authenticated requests to the upstream server. If you instead provide http://127.0.0.1:8080/some/path/ then it will only be requests that start with /some/path/ which are forwarded to the upstream. Static file paths are configured as a file:// URL. file:///var/www/static/ will serve the files from that directory at http://[oauth2-proxy url]/var/www/static/, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at, e.g. file:///var/www/static/#/static/ will make /var/www/static/ available at http://[oauth2-proxy url]/static/. Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file. When multiple upstreams are used routing to them will be based on the path they are set up with.","s":"Upstreams Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#upstreams-configuration","p":108},{"i":119,"t":"Every command line argument can be specified as an environment variable by prefixing it with OAUTH2_PROXY_, capitalising it, and replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the environment variable should be plural (trailing S). This is particularly useful for storing secrets outside of a configuration file or the command line. For example, the --cookie-secret flag becomes OAUTH2_PROXY_COOKIE_SECRET, and the --email-domain flag becomes OAUTH2_PROXY_EMAIL_DOMAINS.","s":"Environment variables","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#environment-variables","p":108},{"i":121,"t":"By default, OAuth2 Proxy logs all output to stdout. Logging can be configured to output to a rotating log file using the --logging-filename command. If logging to a file you can also configure the maximum file size (--logging-max-size), age (--logging-max-age), max backup logs (--logging-max-backups), and if backup logs should be compressed (--logging-compress). There are three different types of logging: standard, authentication, and HTTP requests. These can each be enabled or disabled with --standard-logging, --auth-logging, and --request-logging. Each type of logging has its own configurable format and variables. By default these formats are similar to the Apache Combined Log. Logging of requests to the /ping endpoint (or using --ping-user-agent) and the /ready endpoint can be disabled with --silence-ping-logging reducing log volume.","s":"Logging Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#logging-configuration","p":108},{"i":123,"t":"Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] [] The status block will contain one of the below strings: AuthSuccess If a user has authenticated successfully by any method AuthFailure If the user failed to authenticate explicitly AuthError If there was an unexpected error during authentication If you require a different format than that, you can configure it with the --auth-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}} Available variables for auth logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Message Authenticated via OAuth2 The details of the auth attempt. Protocol HTTP/1.0 The request protocol. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request. Status AuthSuccess The status of the auth request. See above for details.","s":"Auth Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#auth-log-format","p":108},{"i":125,"t":"HTTP request logs will output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] GET \"/path/\" HTTP/1.1 \"\" If you require a different format than that, you can configure it with the --request-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}} Available variables for request logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestDuration 0.001 The time in seconds that a request took to process. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. RequestURI \"/oauth2/auth\" The URI path of the request. ResponseSize 12 The size in bytes of the response. StatusCode 200 The HTTP status code of the response. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. Upstream - The upstream data of the HTTP request. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request.","s":"Request Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#request-log-format","p":108},{"i":127,"t":"All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below: [19/Mar/2015:17:20:19 -0400] [main.go:40] If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows: [{{.Timestamp}}] [{{.File}}] {{.Message}} Available variables for standard logging: Variable Example Description Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. File main.go:40 The file and line number of the logging statement. Message HTTP: listening on 127.0.0.1:4180 The details of the log statement.","s":"Standard Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#standard-log-format","p":108},{"i":129,"t":"The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: server { listen 443 ssl; server_name ...; include ssl/ssl.conf; location /oauth2/ { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; # or, if you are handling multiple domains: # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # nginx auth_request includes headers but not body proxy_set_header Content-Length \"\"; proxy_pass_request_body off; } location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; # pass information via X-User and X-Email headers to backend, # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; # if you enabled --pass-access-token, this will pass the token to the backend auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb # limit and so the OAuth2 Proxy splits these into multiple parts. # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; # Extract the Cookie attributes from the first Set-Cookie header and append them # to the second part ($upstream_cookie_* variables only contain the raw cookie content) if ($auth_cookie ~* \"(; .*)\") { set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_1 \"auth_cookie_name_1=$auth_cookie_name_upstream_1$1\"; } # Send both Set-Cookie headers now if there was a second part if ($auth_cookie_name_upstream_1) { add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_1; } proxy_pass http://backend/; # or \"root /path/to/site;\" or \"fastcgi_pass ...\" etc }} When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module. nginx.ingress.kubernetes.io/auth-response-headers: Authorizationnginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uringinx.ingress.kubernetes.io/auth-url: https://$host/oauth2/authnginx.ingress.kubernetes.io/configuration-snippet: | auth_request_set $name_upstream_1 $upstream_cookie_name_1; access_by_lua_block { if ngx.var.name_upstream_1 ~= \"\" then ngx.header[\"Set-Cookie\"] = \"name_1=\" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match(\"(; .*)\") end } It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure). You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be \"$upstream_cookie__oauth2_proxy_1\" instead of \"$upstream_cookie_name_1\" and the new cookie-name should be \"_oauth2_proxy_1=\" instead of \"name_1=\".","s":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":108},{"i":131,"t":"This option requires --reverse-proxy option to be set.","s":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":108},{"i":133,"t":"The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration: http: routers: a-service: rule: \"Host(`a-service.example.com`)\" service: a-service-backend middlewares: - oauth-errors - oauth-auth tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth: rule: \"Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true oauth-errors: errors: status: - \"401-403\" service: oauth-backend query: \"/oauth2/sign_in\"","s":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":108},{"i":135,"t":"Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint Following options need to be set on oauth2-proxy: --upstream=static://202: Configures a static response for authenticated sessions --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly http: routers: a-service-route-1: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)\" service: a-service-backend middlewares: - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" a-service-route-2: rule: \"Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)\" service: a-service-backend middlewares: - oauth-auth-wo-redirect # unauthenticated session will return a 401 tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services-oauth2-route: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth2-proxy-route: rule: \"Host(`oauth.example.com`) && PathPrefix(`/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 b-service-backend: loadBalancer: servers: - url: http://172.16.0.3:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth-redirect: forwardAuth: address: https://oauth.example.com/ trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization oauth-auth-wo-redirect: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization note If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.","s":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":108},{"i":137,"t":"Sessions allow a user's authentication to be tracked between multiple HTTP requests to a service. The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type): cookie (default) redis","s":"Session Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"","p":136},{"i":139,"t":"The Cookie storage backend is the default backend implementation and has been used in the OAuth2 Proxy historically. With the Cookie storage backend, all session information is stored in client side cookies and transferred with each and every request. The following should be known when using this implementation: Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless Cookies are signed server side to prevent modification client-side It is mandatory to set a cookie-secret which will ensure data is encrypted within the cookie data. Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate","s":"Cookie Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#cookie-storage","p":136},{"i":141,"t":"The Redis Storage backend stores sessions, encrypted, in redis. Instead sending all the information back the client for storage, as in the Cookie storage, a ticket is sent back to the user as the cookie value instead. A ticket is composed as the following: {CookieName}-{ticketID}.{secret} Where: The CookieName is the OAuth2 cookie name (_oauth2_proxy by default) The ticketID is a 128 bit random number, hex-encoded The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session. The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from disclosure. Additionally the browser only has to send a short Cookie with every request and not the whole JWT, which can get quite big. Two settings are used to configure the OAuth2 Proxy cookie lifetime: --cookie-refresh duration refresh the cookie after this duration; 0 to disable--cookie-expire duration expire timeframe for cookie 168h0m0s The \"cookie-expire\" value should be equal to the lifetime of the Refresh-Token that is issued by the OAuth2 authorization server. If it expires earlier and is deleted by the browser, OAuth2 Proxy cannot find the stored Refresh-Tokens in Redis and thus cannot start the refresh flow to get new Access-Tokens. If it is longer, it might be that the old Refresh-Token will be found in Redis but has already expired. The \"cookie-refresh\" value controls when OAuth2 Proxy tries to refresh an Access-Token. If it is set to \"0\", the Access-Token will never be refreshed, even it is already expired and there would be a valid Refresh-Token in the available. If set, OAuth2 Proxy will refresh the Access-Token after this many seconds even if it is still valid. Of course, it will also be refreshed after it has expired, as long as a Refresh Token is available. Caveat: It can happen that the Access-Token is valid for e.g. \"1m\" and a request happens after exactly \"59s\". It would pass OAuth2 Proxy and be forwarded to the backend but is just expired when the backend tries to validate it. This is especially relevant if the backend uses the JWT to make requests to other backends. For this reason, it's advised to set the cookie-refresh a couple of seconds less than the Access-Token lifespan. Recommended settings: cookie_refresh := Access-Token lifespan - 1m cookie_expire := Refresh-Token lifespan (i.e. Keycloak's client_session_idle) Usage​ When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number]. You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately. Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately. Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive. Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14","s":"Redis Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#redis-storage","p":136},{"i":143,"t":"There are two recommended configurations: At OAuth2 Proxy At Reverse Proxy","s":"TLS Configuration","u":"/oauth2-proxy/docs/next/configuration/tls","h":"","p":142},{"i":145,"t":"Configure SSL Termination with OAuth2 Proxy by providing a --tls-cert-file=/path/to/cert.pem and --tls-key-file=/path/to/cert.key. The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --tls-cert-file=/path/to/cert.pem \\ --tls-key-file=/path/to/cert.key \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --client-id=... \\ --client-secret=... With this configuration approach the customization of the TLS settings is limited. The minimal acceptable TLS version can be set with --tls-min-version=TLS1.3. The defaults set TLS1.2 as the minimal version. Regardless of the minimum version configured, TLS1.3 is currently always used as the maximal version. TLS server side cipher suites can be specified with --tls-cipher-suite=TLS_RSA_WITH_RC4_128_SHA. If not specified, the defaults from crypto/tls of the currently used go version for building oauth2-proxy will be used. A complete list of valid TLS cipher suite names can be found in crypto/tls.","s":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":142},{"i":147,"t":"Configure SSL Termination with Nginx (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or ... Because oauth2-proxy listens on 127.0.0.1:4180 by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use --http-address=\"0.0.0.0:4180\" or --http-address=\"http://:4180\". Nginx will listen on port 443 and handle SSL connections while proxying to oauth2-proxy on port 4180. oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/. An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS: server { listen 443 default ssl; server_name internal.yourcompany.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/cert.key; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_connect_timeout 1; proxy_send_timeout 30; proxy_read_timeout 30; }} The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --reverse-proxy=true \\ --client-id=... \\ --client-secret=...","s":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":142},{"i":149,"t":"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable. /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info /ping - returns a 200 OK response, which is intended for use with health checks /ready - returns a 200 OK response if all the underlying connections (e.g., Redis store) are connected /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) /oauth2/sign_out - this URL is used to clear the session cookie /oauth2/start - a URL that will redirect to start the OAuth cycle /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. /oauth2/userinfo - the URL is used to return user's email from the session in JSON format. /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive /oauth2/static/* - stylesheets and other dependencies used in the sign_in and error pages","s":"Endpoints","u":"/oauth2-proxy/docs/next/features/endpoints","h":"","p":148},{"i":151,"t":"To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!): /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page Alternatively, include the redirect URL in the X-Auth-Request-Redirect header: GET /oauth2/sign_out HTTP/1.1X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page... (The \"sign_out_page\" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g \"localhost:8081\" instead of \"http://localhost:8081\").","s":"Sign out","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#sign-out","p":148},{"i":153,"t":"This endpoint returns 202 Accepted response or a 401 Unauthorized response. It can be configured using the following query parameters query parameters: allowed_groups: comma separated list of allowed groups allowed_email_domains: comma separated list of allowed email domains allowed_emails: comma separated list of allowed emails","s":"Auth","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#auth","p":148}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/2",[0,3.013,1,4.647,2,3.53,3,6.62,4,6.62,5,3.013,6,3.968,7,4.497,8,3.53,9,3.243,10,1.297,11,2.389,12,3.914,13,4.497,14,5.921,15,4.497,16,4.497,17,4.497,18,5.153,19,0.491,20,3.53,21,3.53,22,4.497,23,1.209,24,5.921,25,4.497,26,4.497,27,4.497,28,4.497,29,4.497,30,1.988,31,3.914,32,3.914,33,3.914,34,4.497,35,1.511,36,3.914,37,1.995,38,2.823,39,2.516,40,4.497,41,4.497,42,1.192,43,2.823,44,2.171,45,2.659,46,4.497,47,4.497,48,4.497,49,4.497,50,3.914,51,2.076,52,3.243,53,1.759,54,1.83,55,1.004,56,0.917,57,1.759,58,2.171,59,2.171,60,0.95,61,2.389,62,1.907,63,3.716,64,3.914,65,1.568,66,1.759,67,2.516]],["t/4",[10,1.345,19,0.353,23,1.122,42,1.153,53,1.861,55,1.041,65,1.659,68,2.463,69,1.486,70,2.528,71,2.407,72,3.632,73,1.723,74,4.141,75,2.814,76,3.188,77,2.403,78,2.603,79,1.541,80,1.434,81,3.632,82,2.884,83,2.407,84,4.141,85,2.166,86,1.937,87,4.141,88,1.664,89,4.758,90,2.662,91,1.599,92,4.758,93,4.758,94,2.814,95,2.297,96,2.662,97,4.758,98,2.662,99,2.814,100,3.188,101,3.264,102,3.108,103,2.814,104,0.837,105,2.814,106,1.861,107,1.599,108,2.297,109,3.188,110,1.937,111,2.986,112,3.431,113,3.188]],["t/6",[23,1.093,56,1.22,114,1.869,115,5.984,116,4.218,117,4.697,118,3.756,119,4.315,120,2.889,121,3.756,122,5.984,123,5.208,124,4.315,125,5.984,126,3.756,127,3.349,128,4.315,129,5.984,130,5.984]],["t/8",[19,0.368,23,1.154,37,1.497,45,2.938,56,1.288,95,2.399,98,2.781,109,3.33,111,3.119,117,4.957,124,4.554,126,3.119,131,4.969,132,3.964,133,5.497,134,2.399,135,5.268,136,3.583,137,5.45,138,4.325,139,3.735,140,4.969,141,3.735,142,4.969,143,2.64,144,4.325,145,3.119,146,4.969,147,4.969,148,4.969,149,2.938,150,4.325,151,1.61,152,3.9,153,2.107,154,3.049,155,4.969,156,4.969,157,4.969,158,4.969,159,4.969,160,4.969,161,4.325,162,3.583,163,4.969,164,4.969,165,3.9,166,3.9,167,1.497]],["t/10",[6,4.254,19,0.471,35,1.683,111,3.144,117,3.932,124,3.612,133,5.525,137,4.983,138,4.36,139,3.754,143,3.703,145,3.144,154,2.419,162,5.658,167,1.51,168,6.97,169,6.349,170,6.349,171,2.313,172,3.612,173,5.01,174,5.01,175,5.01,176,5.01,177,4.36,178,3.612,179,5.01,180,3.932,181,5.01,182,5.01,183,6.349,184,2.215,185,1.747,186,2.419,187,5.01,188,5.01,189,5.01,190,5.01,191,5.01,192,3.612,193,5.01,194,5.01,195,5.01]],["t/12",[10,1.541,11,2.389,19,0.439,37,1.784,55,1.316,57,1.759,60,1.399,79,1.918,104,0.791,105,2.659,106,1.759,112,3.243,134,2.171,135,4.269,141,3.501,167,1.355,171,2.076,185,2.065,196,3.914,197,4.415,198,1.988,199,2.823,200,4.714,201,3.968,202,4.497,203,3.914,204,1.907,205,4.497,206,3.501,207,3.53,208,2.823,209,4.497,210,4.497,211,3.013,212,3.914,213,3.914,214,3.914,215,3.013,216,2.926,217,3.243,218,5.761,219,3.013,220,3.53,221,3.013,222,4.497,223,2.516,224,1.83,225,3.517,226,3.716,227,2.823,228,3.53,229,3.53,230,2.823,231,3.914,232,3.914,233,4.497]],["t/14",[19,0.546,30,2.5,37,2.062,42,0.958,55,0.958,57,2.677,60,1.446,83,2.861,114,1.766,128,4.077,185,1.972,200,4.931,207,4.438,208,3.549,216,2.5,219,3.789,223,3.164,224,2.785,225,3.636,226,3.549,234,3.549,235,2.301,236,3.549,237,2.73]],["t/16",[19,0.473,23,1.343,37,1.522,44,3.081,55,1.186,56,1.498,57,3.075,60,1.553,108,2.439,114,1.578,185,2.7,200,4.925,208,4.006,215,3.385,216,2.821,219,3.385,221,4.276,224,2.056,238,5.769,239,6.382,240,2.684,241,4.396,242,3.964,243,3.964,244,5.051]],["t/18",[19,0.398,23,0.98,30,1.718,35,1.306,42,1.123,44,1.876,55,0.659,56,0.792,57,2.404,60,1.401,61,2.065,62,1.648,63,2.439,69,2.172,72,3.173,73,1.943,79,1.259,80,1.617,81,3.173,88,1.453,94,2.298,104,1.166,106,1.52,109,2.604,128,2.802,139,2.298,151,1.259,154,1.876,167,1.171,200,4.118,208,2.439,215,2.604,224,1.582,245,1.13,246,3.886,247,3.886,248,3.05,249,3.886,250,1.966,251,3.886,252,3.886,253,3.05,254,3.886,255,3.886,256,4.431,257,3.886,258,1.407,259,3.886,260,3.886,261,2.372,262,3.886,263,3.886,264,3.886,265,3.886,266,3.382,267,3.886,268,3.886,269,3.05,270,3.886,271,1.852,272,3.886,273,3.886,274,1.053,275,3.886,276,2.604,277,3.886,278,3.05,279,3.886,280,1.171,281,3.886,282,2.175,283,3.886,284,2.439,285,3.886,286,2.604,287,3.886,288,1.876,289,3.382,290,3.05,291,3.886,292,3.382,293,3.886,294,3.886,295,3.886,296,3.886,297,3.886,298,1.966,299,3.886,300,3.05,301,3.886,302,2.175,303,3.886,304,1.718,305,2.175,306,2.604,307,2.439,308,2.175,309,2.175,310,3.05,311,2.477,312,3.886,313,2.298]],["t/21",[42,1.045,72,3.645,108,2.976,280,1.858,288,2.976,314,1.858,315,1.669,316,1.449,317,1.556,318,6.164,319,3.645,320,3.118,321,6.164,322,1.997,323,4.131]],["t/23",[0,3.361,6,2.365,19,0.561,23,1.226,30,1.56,42,1.077,55,1.282,56,0.72,60,1.233,67,1.975,68,1.816,80,1.064,85,1.758,88,1.358,104,0.883,106,2.282,107,2.597,110,2.586,112,2.545,121,2.215,134,1.704,143,2.665,144,4.365,153,1.496,177,3.072,186,1.704,196,3.072,198,1.56,200,3.91,201,2.365,206,2.087,211,2.365,218,5.078,223,1.975,227,2.215,231,4.365,232,4.365,235,1.437,258,1.278,274,1.358,298,2.538,315,0.956,316,0.83,317,0.891,322,2.058,324,3.072,325,3.072,326,3.53,327,3.072,328,2.545,329,4.58,330,3.53,331,3.53,332,2.77,333,2.087,334,5.016,335,3.53,336,3.148,337,3.361,338,5.016,339,3.148,340,1.704,341,3.53,342,3.072,343,3.53,344,2.77,345,2.77,346,3.53,347,3.53,348,3.617,349,3.53,350,2.538,351,3.617,352,2.933,353,5.016,354,4.365,355,4.365,356,5.016,357,2.665,358,2.966,359,5.016,360,3.53]],["t/25",[9,4.115,19,0.423,42,0.967,55,0.967,153,2.419,167,1.72,302,3.193,314,1.72,315,1.864,316,1.342,317,1.44,322,2.229,361,5.531,362,2.001,363,4.115,364,5.401,365,4.966,366,5.707,367,6.881,368,2.801,369,4.115,370,5.707]],["t/27",[42,1.009,88,1.613,104,1.242,149,4.449,258,2.156,280,2.127,314,1.795,315,1.613,316,1.4,317,1.503,362,2.052,371,3.259,372,2.749,373,5.041]],["t/29",[19,0.391,60,1.113,73,2.372,77,2.563,79,1.706,80,1.587,110,2.144,134,2.543,238,4.134,256,4.724,314,1.587,315,1.427,316,1.239,317,1.329,322,2.486,362,1.905,374,3.798,375,4.584,376,3.798,377,4.378,378,4.584,379,4.476,380,4.584,381,4.584,382,3.798,383,3.529,384,5.702,385,3.798,386,4.584,387,3.798,388,2.947,389,4.584,390,4.134]],["t/31",[10,1.227,35,1.883,43,3.517,60,1.184,106,2.191,113,3.754,120,3.286,121,3.517,126,3.517,314,1.688,362,2.131,391,4.397,392,4.907,393,4.876,394,4.397,395,3.135,396,5.603,397,5.603,398,5.603,399,6.805,400,5.603,401,5.603,402,5.603,403,5.603,404,5.603,405,5.341,406,4.876,407,5.603,408,5.603]],["t/33",[19,0.386,38,3.264,42,0.881,80,1.567,82,3.006,88,1.92,104,1.248,149,4.392,172,4.686,258,1.883,280,2.137,314,1.567,315,1.408,316,1.223,317,1.312,362,2.223,371,3.273,372,3,373,4.751,388,2.91,409,5.565,410,4.081,411,4.686,412,5.2,413,4.081,414,5.2,415,4.081,416,2.034]],["t/35",[42,1.019,104,1.058,116,4.227,280,2.139,314,1.812,315,1.629,316,1.414,317,1.518,362,2.064,368,3.075,371,3.277,372,3.277]],["t/37",[19,0.404,42,0.924,54,2.22,104,0.96,235,2.22,280,1.643,308,3.746,314,1.643,315,1.477,316,1.282,317,1.376,319,3.225,362,2.106,368,2.948,371,2.518,372,2.518,417,6.694,418,3.225,419,4.28,420,3.225,421,4.28,422,7.243,423,3.225,424,3.052,425,3.655,426,4.202,427,6.694,428,5.454,429,3.225,430,1.376,431,3.225]],["t/39",[19,0.384,60,1.094,68,2.562,71,2.62,79,2.292,104,0.911,106,2.025,108,2.5,110,3.253,134,2.5,153,2.195,198,2.289,227,3.25,269,4.064,314,1.56,315,1.402,316,1.218,317,1.307,319,3.062,322,2.402,323,3.47,340,2.5,362,1.506,374,3.734,429,3.062,432,3.25,433,4.064,434,5.178,435,3.47,436,6.482,437,3.47,438,5.178,439,5.178,440,5.178,441,5.178,442,5.178,443,5.178,444,5.178]],["t/41",[19,0.351,37,1.428,60,1.002,61,2.518,62,2.009,73,2.219,77,1.854,79,1.985,110,2.764,198,2.095,204,2.009,235,1.929,238,3.72,256,4.418,274,1.284,314,1.428,315,1.284,316,1.114,317,1.196,322,2.592,336,2.975,362,2.161,374,3.417,377,4.159,378,4.125,379,4.262,380,4.125,381,4.125,382,3.417,383,3.176,384,5.333,385,3.417,386,4.125,387,3.417,388,2.652,389,4.125,390,3.72,432,2.975,445,3.417,446,2.803,447,3.417,448,4.55,449,3.417,450,2.975,451,5.333,452,5.333]],["t/43",[19,0.431,30,2.571,42,1.179,88,1.575,280,2.097,304,2.571,309,3.254,314,1.752,315,1.575,316,1.367,317,1.467,362,2.023,368,3.031,371,3.213,372,2.684,453,3.697,454,5.06,455,5.845]],["t/45",[19,0.506,37,1.696,42,0.954,65,1.963,81,4.035,145,4.283,216,3.017,235,2.291,258,2.038,298,3.452,314,1.696,315,1.524,316,1.323,317,1.42,362,2.135,395,3.818,456,6.824,457,5.356,458,6.824,459,6.824,460,4.058,461,4.898]],["t/47",[19,0.371,42,1.076,44,2.419,55,0.849,60,1.342,65,1.747,66,1.959,69,2.289,70,2.662,80,2.1,104,0.882,153,2.124,162,3.612,280,1.51,311,2.313,314,1.51,320,3.825,322,2.374,362,1.457,416,2.726,430,1.908,445,3.612,462,3.932,463,3.985,464,4.578,465,5.47,466,1.846,467,3.932,468,4.36,469,5.01,470,4.36,471,5.01,472,3.932,473,5.01,474,3.612,475,3.357]],["t/49",[10,1.508,19,0.28,60,1.112,66,1.478,69,1.644,71,2.662,79,2.369,80,2.075,86,2.142,95,3.161,104,1.066,114,1.18,151,1.224,162,3.795,178,3.795,216,1.671,219,2.532,236,2.372,280,1.139,311,1.744,315,1.023,316,1.237,317,0.954,320,3.313,322,2.485,327,3.289,362,1.904,371,1.744,395,2.115,416,2.368,430,1.799,445,2.725,463,3.303,464,2.725,465,4.13,468,5.27,476,3.779,477,3.779,478,3.779,479,4.13,480,5.263,481,3.779,482,3.779,483,4.58,484,3.779,485,1.744,486,3.779,487,2.058,488,3.779,489,4.13,490,5.263,491,2.532,492,4.366,493,3.779,494,3.289,495,6.055,496,3.779,497,5.263,498,2.115,499,3.779,500,3.779,501,3.779,502,2.966,503,3.779,504,3.779,505,2.966,506,3.779,507,4.13,508,2.966,509,2.966,510,2.966,511,3.779,512,3.779,513,3.289,514,3.779,515,3.779,516,3.779]],["t/51",[6,2.428,10,0.794,19,0.379,38,3.207,39,2.027,42,0.614,53,1.999,69,1.132,71,1.833,72,3.5,80,1.54,82,2.509,88,1.603,104,1.272,143,1.925,151,1.917,153,1.536,167,1.937,198,2.617,206,2.142,271,1.54,282,2.027,304,2.259,314,1.092,315,0.981,316,0.852,317,0.914,319,3.801,323,4.542,333,2.142,362,2.102,368,1.475,377,3.936,430,1.289,454,5.151,460,2.612,474,2.612,475,2.428,485,1.673,517,5.11,518,3.022,519,2.585,520,3.5,521,5.11,522,3.153,523,5.11,524,3.153,525,3.623,526,3.153,527,3.623,528,5.11,529,4.646,530,3.684,531,3.623,532,5.11,533,3.153,534,5.151,535,3.623,536,2.612,537,4.447,538,2.844,539,3.623,540,3.153,541,3.623,542,3.623,543,2.844,544,3.623,545,5.11,546,2.844,547,2.612,548,3.623,549,5.11,550,3.623,551,5.11,552,3.623,553,5.11,554,3.623,555,5.11,556,3.623,557,5.11,558,3.623,559,2.844,560,5.11,561,3.022,562,2.612,563,3.623]],["t/53",[11,1.612,19,0.397,35,1.019,42,1.331,44,1.465,53,2.471,55,1.256,65,2.064,69,0.948,79,1.734,82,1.905,85,0.914,86,2.179,88,0.822,104,1.042,108,1.465,153,1.905,167,1.613,197,1.904,235,1.235,240,1.612,258,1.627,271,1.613,274,1.217,276,2.033,278,2.381,280,1.613,284,1.904,286,3.011,288,2.584,302,1.697,304,1.987,305,2.515,306,2.033,307,1.904,308,2.515,309,1.697,314,0.914,315,0.822,316,1.057,317,0.766,320,1.535,322,1.734,333,3.165,336,1.904,358,1.794,362,2.224,368,1.235,371,1.4,372,1.4,416,1.187,430,1.134,431,1.794,435,2.033,445,2.187,462,4.201,465,2.381,466,1.307,519,1.535,564,7.308,565,4.494,566,4.494,567,5.353,568,4.494,569,3.034,570,4.494,571,3.034,572,4.494,573,3.034,574,4.494,575,3.034,576,3.24,577,4.494,578,3.034,579,4.494,580,3.034,581,3.034,582,4.494,583,3.034,584,4.494,585,3.034,586,4.494,587,3.034,588,3.034,589,3.034,590,4.494,591,3.034,592,3.034,593,2.64,594,3.034,595,2.64,596,3.034,597,3.034,598,3.034,599,2.64,600,4.494,601,3.034,602,2.64,603,4.494,604,4.494,605,2.64,606,4.494,607,3.034,608,2.033,609,4.494,610,4.494,611,3.034,612,1.904,613,2.381,614,2.187]],["t/55",[19,0.429,35,1.945,42,1.176,60,1.466,139,3.422,304,3.068,305,3.238,306,3.878,307,3.632,308,3.238,309,3.883,314,1.744,316,1.361,362,1.683,391,4.542,498,3.238,576,4.173,595,5.037,615,5.787,616,5.037,617,5.037,618,4.542,619,4.173,620,4.542]],["t/57",[42,1.313,227,4.01,314,1.925,391,5.014,621,5.56,622,5.56]],["t/59",[37,1.636,61,2.885,62,2.302,79,1.759,95,2.621,120,2.621,134,2.621,198,2.4,226,3.408,235,2.21,274,1.808,314,1.636,315,1.471,316,1.277,317,1.37,322,2.508,333,3.211,336,3.408,357,2.885,362,2.102,374,3.915,375,4.725,385,3.915,433,4.262,447,3.915,448,4.844,449,3.915,450,3.408,451,5.81,452,5.81,623,5.43]],["t/61",[10,1.639,55,1.116,104,1.159,107,2.406,143,2.823,198,2.349,227,3.335,237,2.565,298,2.688,314,1.601,315,1.439,316,1.249,317,1.341,348,3.831,354,5.732,355,5.732,357,3.976,358,3.141,362,1.915,376,3.831,432,3.335,485,3.041,624,4.749,625,6.586,626,6.586,627,4.134,628,5.312,629,5.312,630,5.312]],["t/63",[11,2.548,35,1.611,37,1.86,45,4.038,51,2.214,60,1.013,96,2.683,104,0.844,107,1.611,132,3.01,153,2.617,198,2.12,199,3.01,237,2.315,298,3.647,314,1.445,315,1.299,316,1.128,317,1.21,357,4.182,358,3.651,362,1.795,376,3.457,385,4.451,416,1.875,430,1.21,631,3.763,632,4.845,633,3.651,634,6.173,635,5.373,636,4.845,637,6.173,638,4.795,639,3.763,640,4.795,641,6.173,642,5.359,643,4.845,644,4.795,645,4.173,646,4.795,647,4.173,648,4.795,649,3.763]],["t/65",[10,1.394,35,1.69,44,2.429,65,1.754,69,1.988,71,3.22,75,2.975,178,3.627,280,1.516,302,2.815,314,1.516,315,1.362,316,1.183,317,1.269,320,3.533,322,2.544,351,3.627,362,1.851,429,2.975,432,3.157,437,3.371,462,3.948,463,3.157,464,3.627,466,1.463,483,5.539,489,5.48,492,5.035,513,4.378,547,3.627,650,3.948,651,3.948,652,5.03,653,4.378,654,5.03,655,5.03,656,5.03,657,3.627,658,2.815,659,5.03,660,3.948,661,5.03,662,5.03]],["t/67",[19,0.465,23,1.071,55,0.504,56,0.606,60,0.936,68,2.634,71,3.324,72,1.759,80,1.335,85,0.896,86,1.211,88,0.806,98,1.665,101,1.581,104,0.524,106,2.954,107,2.106,110,1.211,127,2.478,134,1.436,154,1.436,161,2.589,167,1.335,178,2.145,204,1.261,215,2.968,223,1.665,235,3.103,248,2.335,250,1.505,253,2.335,314,0.896,315,0.806,316,0.7,317,0.751,319,3.466,322,0.964,323,1.993,328,2.145,329,2.335,332,2.335,339,3.934,340,3.376,348,2.145,352,1.373,357,1.581,362,1.704,379,2.78,392,3.815,394,2.335,429,1.759,432,1.867,435,1.993,437,2.968,453,2.353,466,0.865,474,2.145,489,2.335,529,2.335,593,2.589,612,1.867,663,2.975,664,2.975,665,2.975,666,2.589,667,2.975,668,2.975,669,4.429,670,5.291,671,2.975,672,4.429,673,2.975,674,4.429,675,5.291,676,2.335,677,5.862,678,4.429,679,2.975,680,2.975,681,2.975,682,2.975,683,2.975,684,2.975,685,2.975,686,2.975,687,2.975,688,2.045,689,2.975,690,2.975,691,2.975,692,2.975,693,2.975,694,2.975,695,2.975,696,2.975,697,2.975,698,2.975,699,2.975,700,4.429,701,2.975,702,2.975,703,2.975,704,2.975,705,2.975,706,5.291,707,2.975,708,2.589,709,2.975,710,2.975,711,5.291,712,2.335,713,2.589,714,2.975,715,4.429,716,2.589,717,2.975,718,2.975,719,1.993,720,2.78,721,4.429,722,2.975,723,2.619,724,4.429,725,2.589,726,2.975,727,3.476,728,2.335,729,2.589,730,2.335]],["t/69",[10,1.216,23,1.014,55,0.941,68,2.01,69,1.734,71,2.809,80,1.673,91,1.866,106,3.138,107,1.866,227,3.485,235,2.971,314,1.673,315,1.504,316,1.306,317,1.401,319,3.283,329,4.358,432,3.485,466,1.614,475,3.72,621,4.832,622,4.832,731,6.768,732,4.832,733,5.552,734,5.552,735,5.552]],["t/71",[5,3.413,10,1.115,19,0.378,23,0.93,35,1.711,42,1.335,51,2.351,52,3.672,53,1.992,54,2.073,55,1.087,56,1.038,91,1.711,108,2.459,114,1.591,135,3.672,139,3.793,217,3.672,240,3.408,305,3.589,306,3.413,307,3.197,308,3.589,309,2.85,322,1.65,345,3.997,350,2.576,369,3.672,377,3.589,430,1.285,487,1.992,518,3.793,519,3.245,576,3.672,616,4.432,617,4.432,618,3.997,619,3.672,620,3.997,736,2.159,737,5.093,738,4.432,739,5.093]],["t/73",[0,4.822,1,3.745,2,3.058,10,1.453,19,0.399,23,0.872,35,0.844,37,1.62,39,2.18,42,0.426,51,1.16,53,1.866,54,2.368,56,0.973,60,0.823,69,0.785,70,1.335,73,1.411,75,2.304,77,0.983,78,0.91,79,1.262,82,1.065,83,1.271,85,0.757,88,1.292,91,0.844,104,0.946,114,1.679,116,3.255,120,1.213,127,1.406,134,1.213,136,1.812,151,1.884,153,1.065,167,1.62,180,1.972,184,2.572,185,1.664,186,1.213,201,1.684,203,2.187,204,2.023,221,2.611,224,2.188,230,1.577,235,1.023,245,1.563,258,0.91,261,2.109,271,1.854,274,0.681,286,1.684,288,1.213,302,1.406,308,3.255,345,1.972,368,2.505,371,1.16,372,1.16,418,3.179,419,1.972,420,3.44,421,3.058,423,3.179,424,3.008,425,3.197,426,3.863,430,1.204,446,1.486,453,2.07,479,1.972,485,1.16,487,1.866,498,1.406,537,2.187,543,1.972,599,2.187,653,2.187,688,1.16,719,1.684,740,1.972,741,3.248,742,2.513,743,2.187,744,2.187,745,2.187,746,4.771,747,4.678,748,2.513,749,2.513,750,2.513,751,3.058,752,1.812,753,1.972,754,2.187,755,1.972,756,2.513,757,3.391,758,1.972,759,2.513,760,1.577,761,2.513,762,2.187,763,3.896,764,2.187,765,1.812,766,2.187,767,1.577,768,2.187,769,2.995,770,2.995,771,2.187,772,2.187,773,2.513,774,1.812,775,2.187,776,5.587,777,4.302,778,4.771,779,1.486,780,1.684,781,3.896,782,2.513,783,2.513,784,2.513,785,1.684,786,3.896,787,3.896,788,2.187,789,2.187,790,2.187,791,2.187,792,2.187,793,2.513,794,1.972,795,1.972,796,2.513,797,2.513,798,1.972,799,2.513,800,1.972,801,2.513,802,2.187,803,2.187,804,1.812,805,2.187,806,1.972,807,1.684,808,2.513,809,2.513]],["t/75",[0,1.979,10,0.647,11,2.341,19,0.391,23,0.54,33,3.834,37,0.89,42,0.501,43,1.854,51,2.696,52,2.13,54,1.793,55,0.501,56,0.602,65,2.285,67,2.465,69,0.923,70,1.569,73,2.262,75,1.747,77,1.723,78,1.595,79,1.427,83,2.229,86,1.202,87,2.57,91,0.992,102,1.494,103,1.747,104,0.52,114,1.376,141,1.747,153,1.252,167,1.883,171,3.025,184,1.306,185,1.837,197,3.307,224,1.202,236,1.854,240,1.569,271,1.883,274,1.193,280,0.89,286,2.952,288,1.426,290,2.318,304,1.948,305,3.991,322,0.957,344,2.318,358,1.747,361,3.176,368,1.793,369,3.176,418,3.454,420,1.747,424,1.653,430,1.112,479,4.135,520,2.605,608,1.979,657,2.13,658,1.653,688,1.363,736,2.234,740,4.584,741,2.955,754,3.834,757,2.57,758,2.318,775,2.57,777,1.979,780,3.914,785,1.979,802,3.834,806,5.328,807,1.979,810,2.953,811,3.834,812,2.765,813,4.391,814,2.57,815,2.953,816,2.57,817,2.318,818,1.979,819,3.458,820,2.318,821,2.953,822,2.953,823,3.176,824,2.953,825,2.953,826,2.318,827,2.953,828,2.13,829,2.953,830,1.979,831,2.57,832,2.953,833,2.57,834,2.953,835,2.57,836,2.953,837,4.405,838,2.953,839,2.953,840,2.953,841,4.405,842,3.834,843,3.458,844,3.834,845,4.405,846,2.953,847,2.318,848,2.953,849,2.953,850,4.405,851,2.953,852,2.57,853,1.747,854,2.57,855,2.953,856,2.953,857,2.953,858,2.953,859,2.13,860,2.318,861,2.57,862,2.318,863,2.57,864,2.57,865,2.13,866,1.747,867,2.57]],["t/77",[19,0.364,23,0.897,42,1.062,51,2.267,54,2.961,55,1.062,67,3.507,69,1.534,70,2.609,73,1.778,77,2.452,78,2.269,79,1.59,102,2.484,103,2.903,107,2.106,114,1.534,136,3.54,167,1.889,171,2.267,185,1.712,245,1.428,271,2.192,274,1.33,368,1.998,426,3.082,576,4.519,741,3.171,780,3.29,798,3.853,818,3.29,823,3.54,842,4.273,843,4.919,844,4.273,859,3.54,860,3.853,861,4.273,862,3.853,863,4.273,864,4.273,865,3.54,866,2.903,867,4.273,868,4.273,869,4.91,870,4.273,871,4.91,872,4.91,873,4.91]],["t/79",[35,2.082,53,2.423,91,2.082,104,1.09,184,2.739,185,2.16,280,1.867,688,2.86,767,3.889,779,3.663,813,4.151,874,7.225,875,6.195]],["t/81",[19,0.37,35,1.176,38,2.197,42,0.845,60,1.054,73,1.267,80,1.907,82,2.683,85,1.055,88,1.938,104,0.877,114,1.093,116,1.958,134,1.69,139,4.562,145,2.197,149,4.112,151,1.134,154,2.407,172,5.014,184,2.204,185,1.22,204,1.484,216,1.547,224,2.029,240,1.859,245,1.689,258,2.591,261,1.547,280,2.156,282,1.958,288,1.69,302,1.958,371,3.377,372,2.301,373,4.902,388,2.79,409,4.967,410,2.747,411,2.523,413,2.747,415,3.913,416,2.271,466,1.689,467,2.747,487,1.369,561,2.948,736,1.484,760,2.197,767,2.197,779,2.069,807,2.345,828,3.595,853,2.069,876,3.499,877,2.345,878,2.523,879,2.747,880,3.499,881,2.523,882,5.807,883,2.523,884,3.046,885,3.499,886,2.747,887,3.645,888,3.891,889,2.747,890,4.339,891,3.046,892,3.499,893,3.499,894,3.499,895,3.499,896,5.807,897,3.499,898,3.499,899,3.499]],["t/83",[10,1.398,23,0.923,35,1.697,42,0.856,54,2.056,60,1.067,69,1.578,91,2.144,94,2.987,114,1.578,167,1.923,184,2.233,185,1.761,234,4.006,245,1.469,250,3.718,271,2.215,274,1.728,276,3.385,280,1.522,282,2.826,352,2.332,466,1.469,688,2.332,738,6.737,779,2.987,878,3.642,879,3.964,900,5.051,901,5.051,902,6.382,903,5.051,904,5.051,905,5.051,906,4.396,907,4.396,908,6.996,909,5.051,910,5.051,911,5.051]],["t/85",[19,0.456,35,1.807,42,1.043,60,0.824,65,1.36,73,1.412,79,1.742,80,1.175,82,1.653,91,1.31,104,0.946,105,2.305,106,1.525,107,1.31,110,1.587,114,1.68,126,2.447,127,2.182,184,2.934,185,1.36,204,1.653,223,2.182,224,1.587,245,1.134,258,1.947,261,1.724,271,2,274,1.456,280,1.175,282,2.182,284,2.447,304,1.724,309,4.32,316,1.264,322,1.263,333,2.305,340,1.882,368,3.2,377,2.182,416,1.525,418,3.18,426,2.447,446,2.305,466,1.134,633,2.305,688,1.8,741,1.972,751,3.06,760,2.447,767,2.447,774,2.811,843,3.06,853,2.305,912,4.68,913,3.393,914,3.899,915,5.357,916,2.811,917,3.393,918,3.06,919,3.393,920,3.393,921,6.636,922,5.776,923,6.636,924,3.899,925,3.899,926,5.378,927,3.899,928,3.899,929,3.899,930,2.612,931,2.612,932,3.899,933,3.06,934,3.899,935,2.182,936,3.899,937,3.06,938,3.899]],["t/87",[0,0.877,6,0.877,10,1.641,12,1.138,19,0.411,23,1.013,35,1.21,38,0.821,39,0.732,42,0.222,45,1.344,51,2.56,55,0.814,56,1.131,60,1.332,66,0.889,69,0.409,70,1.602,71,1.525,75,0.774,79,2.109,80,1.863,81,3.279,82,2.76,83,0.662,85,0.685,86,2.071,88,1.553,91,1.013,104,0.787,106,0.512,108,1.097,114,0.942,119,2.173,121,0.821,127,1.272,135,1.639,151,1.167,154,2.768,167,1.932,171,1.883,184,2.878,185,1.675,199,2.261,201,1.523,204,0.555,208,0.821,217,1.639,226,1.427,234,0.821,235,0.532,236,0.821,237,0.632,245,0.876,258,1.842,261,1.977,271,2.347,274,0.816,288,3.143,304,2.357,309,3.741,315,0.616,316,0.959,317,0.574,320,0.662,322,0.424,332,1.784,333,1.782,337,1.523,351,0.943,363,0.943,368,2.919,372,0.604,377,2.688,388,0.732,393,1.138,416,0.889,418,2.411,423,0.774,424,0.732,425,0.877,426,1.427,430,0.761,446,0.774,448,0.877,453,1.208,455,5.882,485,0.604,487,0.512,518,1.344,519,1.15,520,0.774,538,1.784,540,1.138,559,2.827,561,1.344,562,4.134,612,0.821,613,1.027,627,0.821,635,1.138,651,1.027,658,0.732,676,1.027,688,1.049,736,0.964,741,1.15,744,1.978,747,1.138,751,1.784,755,3.201,760,0.821,765,1.639,767,1.427,769,0.821,779,1.344,780,2.413,790,1.978,800,3.771,804,0.943,807,0.877,811,1.978,820,1.027,823,0.943,826,1.027,853,0.774,868,4.181,883,0.943,887,0.821,912,1.978,913,5.264,915,5.666,916,3.464,917,1.138,919,1.138,920,5.484,922,1.138,930,1.523,931,1.523,939,1.308,940,1.308,941,1.308,942,1.308,943,2.273,944,1.308,945,2.273,946,1.308,947,1.308,948,1.138,949,1.027,950,1.308,951,1.308,952,1.308,953,1.308,954,0.877,955,2.02,956,1.308,957,1.138,958,1.308,959,1.308,960,1.308,961,1.308,962,1.308,963,2.273,964,1.027,965,5.088,966,3.892,967,1.308,968,1.027,969,1.308,970,2.827,971,1.308,972,1.308,973,1.639,974,1.138,975,1.138,976,1.308,977,1.308,978,1.027,979,1.978,980,2.623,981,1.308,982,1.027,983,1.308,984,1.138,985,0.943,986,1.308,987,1.308,988,1.308,989,1.308,990,1.308,991,1.308,992,1.308,993,1.138,994,1.308,995,1.027]],["t/89",[10,0.873,19,0.405,39,2.231,42,0.676,45,3.229,53,1.559,54,2.727,57,1.559,60,0.843,73,1.444,78,1.977,83,2.017,91,2.251,104,1.096,116,2.231,118,3.428,126,2.503,151,1.292,171,2.875,204,2.315,206,2.358,212,3.47,245,2.041,250,3.151,271,1.646,274,1.08,280,1.201,284,2.503,288,2.637,304,1.763,307,4.743,368,2.223,371,2.521,372,1.841,420,2.358,429,2.358,453,2.118,466,2.041,487,1.559,518,2.358,520,2.358,736,2.315,741,2.763,760,2.503,812,2.503,831,3.47,853,3.229,886,3.129,887,2.503,888,2.672,916,2.875,964,3.129,973,2.875,978,3.129,979,3.47,996,5.461,997,3.987,998,3.987,999,4.889,1000,3.749,1001,3.987,1002,3.987,1003,3.987,1004,3.987,1005,3.987,1006,3.987,1007,3.987,1008,3.987,1009,3.987,1010,3.987,1011,3.47,1012,5.461,1013,3.987,1014,3.987,1015,3.987,1016,3.987,1017,3.47,1018,3.987]],["t/91",[10,1.474,51,2.54,53,2.633,86,2.24,88,1.49,91,1.849,114,1.719,116,3.079,127,3.079,184,2.433,185,1.919,274,1.823,288,2.657,298,3.679,315,1.49,420,3.254,430,1.389,466,1.6,618,4.319,676,4.319,740,4.319,741,2.784,752,3.968,755,4.319,767,3.454,818,3.687,878,3.968,1019,5.503,1020,5.503,1021,5.503,1022,5.503,1023,4.789,1024,5.858]],["t/93",[19,0.437,54,3.05,107,2.358,108,3.389,114,1.843,127,3.3,171,2.723,245,1.715,261,2.608,302,3.3,305,3.3,361,4.253,364,4.629,369,4.253,430,1.488,650,4.629,741,2.984,1025,7.019,1026,5.898]],["t/95",[2,1.505,5,1.285,10,1.692,11,1.019,19,0.405,20,1.505,23,1.138,30,0.848,37,0.946,39,1.073,42,1.156,43,1.204,44,1.925,51,2.348,53,0.75,54,2.727,55,1.02,56,1.27,57,1.56,60,0.843,61,1.019,65,0.669,66,2.255,69,0.599,78,1.444,79,1.493,80,0.946,82,1.331,83,2.018,86,0.781,88,0.519,90,1.073,91,1.549,104,0.961,106,0.75,107,1.709,114,1.44,116,1.073,118,2.503,121,1.971,127,1.073,132,1.204,134,0.926,136,1.383,141,1.134,143,1.019,151,0.621,167,1.389,171,2.348,184,1.763,185,0.669,186,0.926,198,1.388,199,1.204,204,1.331,207,1.505,223,1.757,225,1.019,230,1.204,234,1.971,236,1.971,237,0.926,245,1.479,258,1.444,261,2.754,271,1.646,274,1.08,276,1.285,280,0.946,288,0.926,304,2.415,315,0.519,316,0.738,317,0.484,336,1.204,339,1.204,350,1.589,368,1.278,377,1.073,420,1.134,424,1.757,430,1.284,435,1.285,466,1.34,475,1.285,487,0.75,507,1.505,518,2.358,519,2.332,520,2.358,543,1.505,561,1.134,562,1.383,608,2.104,612,1.971,624,2.264,658,1.073,688,2.348,720,1.204,723,1.857,736,0.813,741,2.332,752,2.264,758,3.618,762,1.669,770,1.971,777,2.104,779,2.358,780,2.104,785,1.285,794,1.505,798,1.505,800,2.465,812,1.204,813,2.672,814,2.733,818,1.285,819,1.505,826,2.465,833,1.669,852,1.669,865,1.383,866,1.134,877,1.285,879,1.505,906,2.733,907,1.669,931,1.285,955,1.285,966,2.733,973,2.875,975,2.733,982,1.505,993,1.669,999,1.505,1000,1.073,1023,1.669,1027,1.918,1028,1.918,1029,1.918,1030,1.918,1031,1.918,1032,5.462,1033,6.229,1034,1.918,1035,1.918,1036,2.733,1037,1.383,1038,1.918,1039,3.14,1040,3.14,1041,1.918,1042,1.918,1043,1.918,1044,1.918,1045,1.918,1046,1.918,1047,1.505,1048,1.918,1049,1.669,1050,1.918,1051,1.669,1052,1.918,1053,1.918,1054,1.918,1055,1.918,1056,1.918,1057,1.505,1058,1.918,1059,1.505,1060,1.918,1061,1.918,1062,1.669,1063,1.505,1064,1.918,1065,4.012,1066,1.918,1067,2.264,1068,3.14,1069,1.918,1070,1.918,1071,3.14,1072,1.918,1073,1.918,1074,1.918,1075,1.918,1076,1.918,1077,1.918,1078,3.14,1079,1.918,1080,1.918,1081,1.669,1082,1.918,1083,1.669,1084,1.383,1085,1.918,1086,3.14,1087,1.918,1088,1.669,1089,1.918,1090,3.988,1091,1.918,1092,2.733,1093,1.669,1094,1.918,1095,1.669,1096,1.918,1097,3.14,1098,1.918,1099,1.918,1100,1.918,1101,1.918,1102,1.918,1103,1.918,1104,1.918,1105,1.918,1106,1.918]],["t/97",[1,1.949,9,2.783,10,1.572,11,1.319,19,0.286,20,3.716,21,1.949,23,1.24,30,1.098,37,1.609,42,0.98,44,1.863,51,1.146,52,2.783,54,2.354,56,0.965,60,1.001,61,3.073,62,2.264,65,1.346,69,0.776,70,1.319,72,3.158,78,1.934,80,0.748,81,2.282,82,1.053,85,0.748,86,1.011,91,1.591,95,1.199,98,1.389,101,1.319,104,0.94,107,0.834,118,1.558,143,2.051,145,1.558,149,1.468,151,1.534,167,0.748,180,1.949,184,1.706,198,1.098,204,2.264,216,1.706,226,2.423,230,1.558,234,1.558,237,1.199,240,1.319,243,1.949,245,0.722,258,1.714,261,1.098,271,1.427,274,0.672,280,0.748,282,1.389,284,1.558,298,2.702,300,1.949,304,3,311,1.146,350,2.395,358,1.468,362,0.722,395,1.389,411,1.79,424,2.16,446,2.282,457,3.716,460,2.783,466,1.858,467,1.949,487,0.971,491,1.664,509,1.949,518,2.282,519,1.953,520,3.158,530,3.851,546,1.949,547,1.79,619,4.415,633,1.468,658,1.389,688,1.782,736,1.053,743,2.161,745,3.359,753,1.949,777,1.664,794,1.949,812,1.558,813,1.664,853,1.468,859,1.79,870,3.359,883,1.79,889,1.949,890,2.161,954,1.664,970,1.949,973,1.79,995,1.949,999,1.949,1049,2.161,1051,3.359,1059,1.949,1063,1.949,1067,1.79,1081,2.161,1088,2.161,1092,4.121,1093,2.161,1107,3.86,1108,3.86,1109,3.86,1110,2.483,1111,2.161,1112,2.483,1113,2.483,1114,2.483,1115,2.483,1116,1.79,1117,2.483,1118,2.483,1119,2.483,1120,3.86,1121,3.359,1122,2.483,1123,2.483,1124,2.483,1125,2.483,1126,2.161,1127,2.483,1128,2.483,1129,2.483,1130,2.483,1131,2.483,1132,3.86,1133,2.483,1134,2.161,1135,2.483,1136,2.161,1137,2.483,1138,2.483,1139,2.483,1140,2.483,1141,1.949,1142,2.483,1143,2.483,1144,2.483,1145,2.483,1146,2.483,1147,2.483,1148,2.483,1149,2.483,1150,2.483,1151,2.483,1152,2.483,1153,2.161,1154,2.483,1155,2.483,1156,2.483,1157,3.86,1158,2.161,1159,2.483,1160,2.483,1161,2.483,1162,1.949,1163,2.483,1164,2.161,1165,2.483,1166,1.949,1167,2.423,1168,2.483,1169,1.949,1170,2.483,1171,2.483,1172,1.79,1173,2.161,1174,2.483,1175,2.483,1176,2.483,1177,2.483]],["t/99",[19,0.461,35,2.09,39,2.715,42,1.164,55,0.822,56,0.989,58,2.342,59,2.342,61,2.578,62,2.057,80,1.462,85,1.462,88,1.314,91,1.63,98,2.715,111,3.045,114,1.516,167,1.874,199,3.045,226,3.045,271,2.182,274,1.685,280,1.462,282,2.715,311,2.24,416,1.898,418,3.678,429,2.869,466,2.106,502,3.808,620,6.305,688,2.24,804,4.485,1011,5.975,1036,4.222,1178,3.808,1179,4.852,1180,4.852,1181,4.852,1182,4.222,1183,4.852,1184,4.852,1185,4.852,1186,4.852]],["t/101",[19,0.462,23,1.139,37,1.468,42,0.826,53,1.905,54,2.538,55,0.826,56,1.402,57,1.905,58,2.352,59,2.352,60,1.454,69,1.522,71,2.464,76,3.264,79,1.578,91,2.311,104,0.857,114,1.522,167,1.879,184,2.153,185,1.699,206,2.88,245,1.416,250,2.464,271,2.185,274,1.689,315,1.319,317,1.229,350,2.464,430,1.229,466,2.18,505,3.823,736,2.065,752,3.512,830,3.264,877,3.264,878,3.512,918,3.823,1065,4.239,1169,3.823,1187,4.871,1188,4.871,1189,4.871,1190,3.823,1191,4.871,1192,4.239,1193,4.871,1194,4.871,1195,4.871]],["t/103",[10,1.484,19,0.531,23,1.117,42,0.8,51,2.822,53,1.847,55,1.036,56,1.246,60,1.292,69,1.475,79,1.98,80,1.423,85,1.423,88,1.279,95,2.279,114,1.475,149,3.614,151,1.529,167,1.842,171,2.18,185,1.646,245,1.373,258,2.454,271,2.16,274,1.655,306,4.542,350,2.389,371,2.822,372,2.18,373,4.096,424,3.42,430,1.192,466,1.373,561,2.792,806,3.706,807,4.096,818,3.164,830,3.164,877,3.164,916,3.404,918,3.706,1024,4.109,1095,4.109,1169,3.706,1190,3.706,1192,4.109,1196,4.721,1197,4.721,1198,4.721,1199,4.721,1200,4.721]],["t/105",[19,0.556,59,2.848,85,1.777,95,2.848,151,2.63,261,3.313,433,4.629,485,3.24,487,2.745,1201,5.898,1202,5.898,1203,5.133]],["t/107",[19,0.45,23,1.109,42,1.286,56,1.238,66,2.375,80,1.83,98,3.398,171,2.803,185,2.645,245,1.766,333,3.591,804,4.379,1204,6.073,1205,6.073]],["t/109",[23,1.062,37,2.097,55,1.179,56,1.185,57,2.274,58,3.36,59,3.36,60,1.471,61,3.957,62,3.157,94,3.438,104,1.023,311,2.684,666,5.06,1206,5.815,1207,5.815,1208,6.959]],["t/111",[10,1.789,18,4.078,19,0.347,31,4.078,35,1.574,58,2.262,77,1.833,78,1.697,95,2.262,104,0.825,171,2.163,225,2.489,234,2.941,274,1.269,316,1.102,447,4.385,449,4.869,450,2.941,466,1.362,509,3.677,1083,4.078,1126,5.293,1209,4.685,1210,6.082,1211,4.685,1212,4.685,1213,4.685,1214,4.685,1215,4.685,1216,4.685,1217,4.685,1218,4.685,1219,4.685,1220,4.685,1221,6.753,1222,4.685,1223,5.3,1224,4.685,1225,4.685,1226,6.753,1227,4.685,1228,4.685,1229,4.685,1230,4.685,1231,4.685,1232,4.685,1233,4.685,1234,4.685,1235,4.685,1236,4.685,1237,4.685,1238,4.685,1239,4.078,1240,4.685]],["t/113",[10,1.503,19,0.421,37,2.068,56,1.158,57,2.884,58,2.743,59,2.743,60,1.2,66,2.222,120,2.743,186,2.743,220,4.458,405,4.458,416,2.884,508,4.458,510,4.458,812,3.565,1178,5.386,1223,4.458,1241,4.944,1242,4.944,1243,6.862,1244,5.68,1245,5.68]],["t/115",[5,0.389,8,0.455,10,1.464,11,0.815,19,0.507,21,0.455,23,0.698,35,0.973,37,1.626,38,1.818,39,0.608,42,0.709,45,1.142,51,0.268,53,1.33,54,0.625,55,0.442,56,0.222,57,0.6,59,0.933,60,0.847,63,0.682,64,0.505,65,1.333,67,0.859,68,2.014,69,1.446,71,1.319,72,3.08,73,1.849,74,0.505,75,1.142,77,1.236,78,2.244,79,0.938,80,1.353,81,2.37,82,1.963,83,1.319,84,1.991,85,1.395,86,1.286,88,1.216,90,3.467,91,1.142,94,0.343,95,0.741,96,0.608,98,0.325,99,0.343,101,0.308,102,0.977,103,3.722,104,0.933,105,2.26,106,1.568,107,0.649,108,0.525,109,0.389,110,2.264,111,0.364,113,0.729,116,0.608,118,0.364,120,1.935,126,0.364,132,0.364,139,1.353,141,0.343,143,1.215,145,0.963,149,0.907,151,1.542,153,2.423,154,0.28,165,1.204,166,1.204,167,0.873,171,0.502,172,1.106,184,0.481,186,1.525,192,1.393,197,1.436,198,0.854,199,0.364,201,0.729,204,0.246,206,0.343,213,0.946,215,0.389,216,1.503,223,0.325,224,0.442,225,0.308,228,0.455,230,0.682,235,2.078,237,1.398,240,0.578,241,0.505,242,0.853,248,0.853,250,0.776,253,2.046,256,2.451,258,1.384,261,1.011,266,1.991,269,1.204,271,1.208,274,0.62,276,1.028,278,0.853,280,1.208,282,0.608,284,0.682,286,0.729,288,0.525,289,1.681,290,0.853,292,0.505,298,1.72,300,0.455,302,1.081,304,2.385,305,0.859,307,1.213,308,1.768,309,0.325,310,0.455,311,0.892,313,1.868,315,0.157,316,0.256,317,0.146,319,3.8,322,0.352,323,3.78,328,0.418,336,0.364,337,0.389,339,0.682,340,1.641,344,1.516,350,0.293,352,2.307,357,1.679,358,1.142,361,1.393,362,2.188,364,0.853,365,0.505,368,1.702,371,1.569,372,1.204,373,1.028,377,1.621,379,1.213,382,0.418,383,0.729,387,0.418,388,1.621,390,2.841,392,1.88,394,0.455,395,1.28,409,0.853,410,0.455,411,0.418,413,0.455,415,0.455,416,1.02,418,0.643,419,0.455,420,0.643,421,0.455,423,0.907,424,0.859,425,1.533,426,0.963,429,0.343,430,1.012,431,1.542,437,0.389,448,0.389,449,0.418,450,0.364,453,0.578,455,0.853,457,0.853,460,1.393,461,0.505,466,1.662,472,0.455,485,1.671,487,1.635,491,1.028,498,0.608,502,0.853,518,0.343,519,2.528,520,1.713,522,0.505,526,0.505,529,1.516,530,1.106,533,0.946,534,0.946,559,1.204,561,0.343,562,1.393,602,1.681,605,0.505,608,0.389,612,0.682,613,0.853,614,1.393,619,1.106,627,1.818,631,0.853,632,0.455,633,0.343,636,0.455,639,0.455,642,1.516,643,1.204,645,0.505,647,0.505,649,0.455,650,0.853,651,2.668,688,0.268,713,1.681,716,0.505,719,0.729,720,0.364,723,2.472,725,0.946,727,2.668,728,1.516,729,0.505,730,0.455,736,0.461,741,0.293,753,0.455,769,0.364,770,0.963,772,0.505,776,0.505,777,0.389,779,0.343,785,0.729,791,0.505,816,0.505,817,0.455,820,0.455,823,0.418,828,0.418,866,0.643,883,1.106,886,0.853,887,0.963,888,1.028,889,0.455,891,0.505,930,1.295,935,2.968,937,0.455,948,0.505,954,0.389,955,1.747,957,0.946,964,1.795,974,0.505,980,0.505,985,0.784,1000,2.513,1037,1.393,1059,1.204,1084,0.418,1111,0.505,1134,0.505,1136,0.505,1141,0.455,1153,0.505,1164,0.505,1166,0.853,1167,1.637,1172,0.418,1182,0.505,1203,1.335,1246,0.58,1247,1.516,1248,1.534,1249,0.58,1250,2.269,1251,2.287,1252,0.58,1253,0.505,1254,0.58,1255,0.58,1256,0.58,1257,0.58,1258,1.991,1259,0.946,1260,1.991,1261,0.58,1262,0.505,1263,1.087,1264,0.58,1265,0.58,1266,0.58,1267,0.505,1268,0.58,1269,0.58,1270,1.087,1271,0.58,1272,0.505,1273,0.58,1274,1.932,1275,0.505,1276,0.58,1277,0.58,1278,0.58,1279,1.534,1280,1.534,1281,0.455,1282,2.897,1283,0.58,1284,0.58,1285,0.58,1286,0.58,1287,0.505,1288,0.58,1289,0.58,1290,1.534,1291,0.58,1292,0.58,1293,0.58,1294,0.58,1295,1.534,1296,1.534,1297,0.58,1298,0.58,1299,0.58,1300,0.505,1301,0.58,1302,0.58,1303,0.58,1304,0.784,1305,1.087,1306,1.087,1307,1.087,1308,0.58,1309,0.455,1310,0.58,1311,0.58,1312,0.853,1313,0.946,1314,0.853,1315,0.58,1316,0.946,1317,0.946,1318,0.58,1319,1.204,1320,0.505,1321,1.087,1322,0.946,1323,0.58,1324,0.58,1325,0.58,1326,0.58,1327,0.946,1328,0.505,1329,0.58,1330,0.58,1331,0.946,1332,0.58,1333,0.58,1334,0.58,1335,2.046,1336,1.335,1337,1.028,1338,0.58,1339,0.946,1340,0.505,1341,0.505,1342,0.58,1343,0.58,1344,2.686,1345,1.542,1346,0.58,1347,2.269,1348,1.534,1349,3.639,1350,1.991,1351,0.505,1352,0.505,1353,0.58,1354,0.505,1355,0.946,1356,0.505,1357,0.505,1358,0.58,1359,0.58,1360,0.343,1361,1.204,1362,1.932,1363,0.58,1364,0.58,1365,1.534,1366,0.58,1367,0.58,1368,0.505,1369,0.58,1370,0.58,1371,1.932,1372,0.58,1373,0.58,1374,0.58,1375,0.58,1376,0.505,1377,0.58,1378,0.58,1379,0.58,1380,0.505,1381,0.505,1382,0.946,1383,0.58,1384,0.58,1385,0.58,1386,0.58,1387,1.335,1388,1.087,1389,0.58,1390,0.58,1391,0.505,1392,0.58,1393,0.58,1394,0.58,1395,0.58,1396,0.58,1397,0.505,1398,0.58,1399,0.58,1400,0.58,1401,0.58,1402,0.58,1403,0.58,1404,0.58]],["t/117",[19,0.427,23,1.184,30,2.865,37,2.318,42,1.172,44,2.08,55,1.172,56,0.878,57,1.685,60,0.91,68,2.346,69,1.346,85,1.298,104,0.758,105,3.403,106,3.009,107,1.934,108,2.08,120,2.08,121,2.704,153,2.44,186,3.339,204,1.826,223,2.411,235,2.815,240,2.289,320,3.278,322,1.396,339,3.612,348,3.106,352,2.657,416,1.685,431,2.548,446,2.548,466,1.884,547,4.149,624,4.149,658,2.411,812,2.704,887,2.704,888,2.887,1000,2.411,1247,3.381,1275,3.749,1405,4.308,1406,4.308,1407,4.308,1408,4.308,1409,4.308,1410,5.755,1411,4.308,1412,5.755,1413,4.308,1414,4.308,1415,4.308]],["t/119",[10,1.454,19,0.399,37,1.622,55,0.912,58,3.206,59,3.206,61,3.528,62,2.815,66,2.105,78,1.949,102,2.723,120,2.599,151,1.743,186,2.599,220,4.224,224,2.703,274,1.798,379,3.378,387,4.788,405,4.224,416,2.597,487,2.105,508,4.224,510,4.224,795,4.224,1178,5.211,1223,4.224,1241,4.684,1242,4.684,1416,5.382,1417,5.382,1418,5.382,1419,5.382,1420,5.382]],["t/121",[10,1.539,19,0.438,23,0.819,37,1.991,43,3.708,55,1.12,56,0.913,58,2.163,62,1.9,65,2.06,68,2.393,73,1.622,85,1.35,88,1.214,90,4.632,192,3.231,216,2.611,242,3.517,316,1.389,352,2.068,430,1.491,453,2.381,498,2.507,627,3.708,728,3.517,930,3.958,984,3.899,985,4.259,1313,5.141,1314,3.517,1316,3.899,1317,5.751,1319,5.513,1320,5.141,1335,5.186,1337,3.002,1368,3.899,1391,3.899,1421,4.259,1422,4.481,1423,4.481,1424,4.481,1425,4.481]],["t/123",[10,0.81,19,0.274,23,0.676,30,1.635,55,0.879,56,0.754,62,2.198,66,1.447,68,2.687,73,2.473,83,1.872,85,2.134,86,1.506,88,1.757,90,3.962,95,1.786,104,0.651,110,2.436,119,2.667,120,1.786,141,3.066,151,1.68,167,1.804,198,2.292,216,2.868,221,2.479,224,1.506,225,2.755,245,1.076,250,2.623,271,1.804,310,4.069,311,1.708,313,2.188,317,0.934,322,1.198,362,1.076,383,2.479,388,3.63,430,1.308,485,2.394,498,2.07,507,2.903,536,2.667,614,3.739,723,2.188,835,3.22,933,2.903,935,2.07,954,3.474,1167,2.322,1328,3.22,1337,2.479,1344,3.474,1345,2.188,1421,2.667,1426,3.699,1427,3.22,1428,3.22,1429,4.069,1430,4.069,1431,5.361,1432,5.21,1433,5.185,1434,3.699,1435,3.699,1436,3.699,1437,3.699,1438,3.699,1439,4.512,1440,4.069,1441,3.22,1442,3.22,1443,3.22,1444,3.22,1445,3.22,1446,3.22,1447,3.22,1448,3.22,1449,3.22,1450,3.22,1451,3.22,1452,3.22,1453,2.903,1454,2.903,1455,3.22,1456,3.22,1457,3.22]],["t/125",[10,0.82,19,0.278,23,0.684,30,1.655,55,0.886,62,2.217,66,1.465,68,2.849,73,1.356,86,1.524,88,1.014,90,3.649,104,0.659,106,2.357,110,2.452,119,2.7,120,2.525,151,1.213,167,1.816,216,2.883,221,2.509,224,1.524,225,1.989,235,2.128,245,1.089,250,3.048,271,1.816,317,0.945,322,1.213,340,2.525,352,2.782,383,2.509,388,3.372,430,1.32,447,2.7,485,1.729,498,2.095,536,2.7,612,2.35,614,2.7,633,2.214,688,1.729,712,2.939,720,2.35,723,2.214,935,2.095,954,4.038,985,2.7,1162,2.939,1167,2.35,1337,2.509,1344,3.504,1345,2.214,1421,2.7,1427,3.259,1428,3.259,1429,4.104,1430,4.104,1431,2.939,1439,4.551,1440,4.104,1441,3.259,1442,3.259,1443,3.259,1444,3.259,1445,3.259,1446,3.259,1447,3.259,1448,3.259,1449,3.259,1450,3.259,1451,3.259,1452,4.551,1453,2.939,1454,2.939,1455,4.551,1456,3.259,1457,3.259,1458,3.744,1459,3.744,1460,3.744,1461,3.744,1462,3.744,1463,3.744,1464,3.744,1465,5.229,1466,5.229,1467,5.229,1468,5.229,1469,3.744,1470,3.744,1471,2.7,1472,3.744]],["t/127",[30,2.153,37,2.073,55,1.166,59,2.352,62,2.644,66,1.905,77,1.905,86,1.983,90,4.418,113,3.264,120,2.352,141,2.88,154,2.352,216,3.314,224,1.983,225,2.588,237,2.352,245,1.416,313,2.88,316,1.145,317,1.229,352,2.249,430,1.574,498,2.726,795,3.823,881,3.512,930,4.609,933,3.823,1304,3.512,1309,3.823,1421,3.512,1429,4.894,1430,4.894,1432,5.986,1440,4.894,1453,3.823,1454,3.823,1473,4.871,1474,4.871,1475,4.871,1476,6.236,1477,6.236]],["t/129",[10,1.782,19,0.374,23,0.651,32,1.952,36,3.101,55,0.604,56,0.904,57,0.877,62,1.88,63,1.408,65,0.782,66,0.877,67,3.441,68,1.828,69,1.385,70,1.192,73,1.605,76,1.503,77,0.877,78,2.685,79,1.785,80,0.676,82,2.487,85,0.676,86,0.913,88,1.368,91,1.197,96,1.255,99,2.107,100,1.503,101,1.192,102,1.135,104,1.25,107,0.754,110,2.503,114,0.701,118,1.408,151,1.636,152,1.76,154,2.438,185,0.782,186,1.72,198,0.992,211,1.503,224,1.45,228,1.76,237,1.083,243,1.76,245,0.652,250,2.555,258,1.29,261,0.992,305,1.255,311,2.331,320,1.135,325,3.858,340,2.438,350,1.135,351,1.617,363,1.617,406,1.952,431,2.107,448,1.503,453,1.893,466,0.652,487,0.877,546,1.76,561,1.326,657,1.617,708,1.952,720,2.237,732,1.952,736,1.511,765,3.641,769,1.408,770,1.408,817,1.76,830,1.503,854,1.952,860,1.76,884,1.952,931,1.503,935,3.847,955,1.503,970,1.76,995,2.797,1000,1.255,1057,2.797,1063,2.797,1116,1.617,1141,1.76,1162,2.797,1167,2.237,1172,1.617,1190,1.76,1239,1.952,1253,1.952,1304,1.617,1312,1.76,1327,1.952,1331,1.952,1344,2.388,1360,2.107,1361,4.324,1471,2.569,1478,1.617,1479,1.952,1480,2.243,1481,4.395,1482,6.088,1483,3.101,1484,4.395,1485,2.243,1486,2.243,1487,2.243,1488,2.243,1489,1.76,1490,6.149,1491,2.243,1492,2.243,1493,2.243,1494,5.05,1495,2.243,1496,3.858,1497,2.243,1498,3.563,1499,2.243,1500,2.243,1501,3.563,1502,2.243,1503,2.243,1504,3.563,1505,3.563,1506,2.243,1507,2.243,1508,2.243,1509,2.243,1510,4.433,1511,2.243,1512,4.433,1513,3.563,1514,3.563,1515,2.243,1516,2.243,1517,2.243,1518,1.952,1519,2.243,1520,2.243,1521,2.243,1522,3.563,1523,2.243,1524,3.563,1525,2.243,1526,3.563,1527,2.243,1528,1.952,1529,2.243,1530,2.243,1531,2.243]],["t/131",[23,1.179,60,1.563,86,2.627,104,1.136,1345,3.817]],["t/133",[10,0.865,23,0.721,37,1.19,53,2.949,55,0.669,56,0.805,65,1.377,66,1.544,68,2.244,70,2.098,73,2.416,76,2.646,80,1.19,85,1.19,96,2.21,99,3.208,100,2.646,101,2.098,107,1.823,110,2.522,211,2.646,219,2.646,311,1.823,313,3.665,340,2.619,352,1.823,357,2.882,423,4.377,430,1.369,463,2.478,466,1.577,485,1.823,487,2.122,491,4.687,492,3.912,660,3.099,723,4.458,847,3.099,1360,4.136,1431,3.099,1471,2.847,1478,2.847,1489,3.099,1532,4.721,1533,4.721,1534,5.807,1535,3.949,1536,3.436,1537,4.721,1538,4.721,1539,4.721,1540,4.721,1541,4.721,1542,3.949,1543,3.436,1544,4.721,1545,3.436,1546,3.436,1547,3.436,1548,3.436,1549,3.436,1550,3.436,1551,3.436,1552,3.436,1553,3.436,1554,3.436,1555,3.436,1556,3.436,1557,3.436,1558,3.436,1559,3.949]],["t/135",[8,4.1,10,1.522,19,0.387,23,0.954,37,0.877,42,0.739,53,2.643,55,0.493,56,1.329,60,0.921,65,1.015,68,1.578,73,2.573,77,1.705,82,1.848,85,0.877,91,2.335,99,1.722,101,1.547,104,0.767,105,1.722,107,1.755,110,2.528,114,0.91,211,1.951,245,0.847,258,1.578,261,1.927,271,1.313,274,1.415,313,1.722,339,1.828,340,1.406,352,1.344,357,3.081,423,4.399,430,1.464,437,1.951,446,1.722,453,1.547,466,1.519,485,2.012,487,2.268,491,4.761,492,4.182,719,1.951,723,4.201,736,1.234,785,1.951,847,2.285,862,2.285,935,2.923,949,2.285,1017,2.534,1247,4.552,1281,2.285,1314,2.285,1345,1.722,1360,3.996,1518,2.534,1532,2.534,1533,4.546,1534,5.881,1536,2.534,1537,4.546,1538,5.405,1539,5.047,1540,5.047,1541,5.047,1543,2.534,1544,4.546,1545,2.534,1546,2.534,1547,2.534,1548,2.534,1549,2.534,1550,2.534,1551,2.534,1552,2.534,1553,2.534,1554,2.534,1555,2.534,1556,2.534,1557,2.534,1558,3.793,1560,2.912,1561,2.912,1562,2.912,1563,2.534,1564,4.358,1565,4.358,1566,2.912,1567,2.912,1568,4.358,1569,2.912,1570,2.912,1571,2.912,1572,4.358,1573,2.912]],["t/137",[19,0.415,23,1.024,30,3.008,56,1.142,68,2.029,69,1.75,77,3.055,78,2.464,80,1.688,85,1.688,88,1.517,95,2.705,102,3.443,103,3.313,165,4.397,186,2.705,316,1.317,328,4.04,337,3.754,352,2.586,423,3.313,430,1.414,633,3.313,866,3.313,1360,4.024,1574,6.805]],["t/139",[19,0.457,23,1.245,43,2.998,56,1.389,68,2.23,77,2.816,78,2.762,85,1.439,88,1.294,102,3.115,104,0.841,107,1.605,134,2.306,186,2.306,237,2.306,245,1.389,271,2.054,274,1.294,395,2.673,430,1.205,524,4.157,633,3.641,770,2.998,788,4.157,805,4.157,865,4.914,866,4.03,949,3.749,968,3.749,978,3.749,1084,3.444,1250,4.157,1360,4.257,1575,4.776,1576,6.265,1577,4.776,1578,4.776,1579,4.776,1580,4.776,1581,4.776,1582,4.776,1583,4.776,1584,4.776,1585,4.776,1586,4.157]],["t/141",[10,0.797,19,0.491,23,1.019,30,1.993,35,1.722,44,1.111,55,0.868,56,1.266,57,0.9,58,1.111,60,0.769,66,0.9,68,1.633,69,0.719,77,2.43,78,2.55,79,1.178,81,2.151,82,3.068,88,0.623,94,1.361,98,1.288,102,3.353,103,4.574,104,1.133,105,1.361,107,0.773,113,3.022,114,1.136,124,1.66,128,1.66,132,1.445,137,1.806,150,2.003,152,2.855,154,1.111,166,1.806,185,0.803,204,0.976,224,2.271,237,1.111,245,0.669,258,2.249,261,1.018,271,0.694,274,1.221,298,1.164,311,1.679,322,1.461,324,2.003,382,1.66,392,3.251,416,0.9,430,0.581,431,2.151,435,2.437,450,2.83,466,1.311,474,1.66,494,2.003,519,3.142,536,2.622,538,1.806,608,1.542,627,1.445,631,3.539,658,1.288,660,1.806,720,2.283,727,4.655,736,0.976,760,2.283,768,2.003,769,1.445,770,4.592,771,2.003,774,1.66,792,2.003,803,2.003,828,2.622,859,1.66,866,2.666,881,1.66,982,1.806,1000,1.288,1062,3.165,1084,3.251,1116,1.66,1121,3.165,1166,2.855,1258,5.604,1259,2.003,1260,3.165,1262,2.003,1267,2.003,1287,2.003,1300,2.003,1322,2.003,1347,3.165,1349,3.924,1350,3.924,1351,2.003,1352,3.165,1354,2.003,1355,3.165,1356,2.003,1357,2.003,1360,3.508,1397,2.003,1528,2.003,1587,3.637,1588,4.509,1589,4.509,1590,2.302,1591,3.637,1592,3.637,1593,2.302,1594,2.302,1595,2.302,1596,2.302,1597,3.637,1598,2.302,1599,2.302,1600,2.302,1601,2.302,1602,3.637,1603,2.302,1604,2.302,1605,2.302,1606,3.637,1607,2.302,1608,2.302,1609,2.302,1610,2.302,1611,3.637,1612,3.637,1613,2.302,1614,2.302,1615,2.302,1616,2.302,1617,4.509,1618,2.302,1619,2.302,1620,2.302,1621,2.302,1622,2.302,1623,3.637,1624,3.637,1625,2.302,1626,2.302]],["t/143",[23,1.347,55,1.088,56,1.309,769,4.031,881,4.63,1345,3.797]],["t/145",[5,3.812,9,3.053,10,1.7,11,2.25,19,0.476,23,1.255,35,1.423,42,0.964,45,4.237,55,1.164,56,1.4,58,2.044,59,2.044,63,2.658,78,2.06,79,1.372,96,2.369,104,1.131,107,1.423,132,2.658,151,1.372,153,1.795,167,1.276,229,3.323,271,1.714,274,1.541,298,2.878,350,2.142,357,4.167,416,2.225,430,1.436,470,3.685,632,4.464,636,4.464,639,3.323,642,5.042,643,4.464,649,4.464,931,2.837,955,2.837,968,3.323,1047,3.323,1380,3.685,1381,3.685,1382,3.685,1576,3.685,1627,5.688,1628,5.688,1629,3.685,1630,3.685,1631,3.685,1632,4.234,1633,4.234,1634,4.234,1635,4.234,1636,4.234]],["t/147",[10,1.72,19,0.444,23,1.293,42,0.627,54,1.506,55,0.879,56,1.392,57,2.028,58,1.786,59,1.786,63,4.072,65,1.29,66,2.341,67,3.35,68,1.877,78,1.877,85,1.115,106,1.447,107,1.243,110,1.506,114,1.156,143,2.755,151,1.198,167,1.115,225,1.966,229,2.903,245,1.076,250,2.623,271,1.562,274,1.404,308,2.901,311,1.708,342,4.512,350,1.872,352,2.394,376,4.316,430,1.308,519,1.872,719,2.479,730,4.069,736,1.568,764,3.22,765,2.667,819,4.069,935,2.901,1037,3.739,1047,2.903,1057,2.903,1116,2.667,1158,3.22,1167,2.322,1272,4.512,1304,4.678,1309,2.903,1312,4.069,1319,2.903,1344,2.479,1345,2.188,1479,3.22,1481,3.22,1482,5.21,1483,3.22,1484,4.512,1496,3.22,1563,3.22,1629,3.22,1630,3.22,1631,3.22,1637,5.185,1638,5.185,1639,5.986,1640,3.699,1641,3.699,1642,3.699,1643,3.699,1644,5.185,1645,3.699,1646,3.699,1647,3.699,1648,3.699,1649,3.699,1650,3.699,1651,3.699,1652,3.699,1653,3.699,1654,3.699,1655,3.699]],["t/149",[19,0.538,23,1.142,44,1.938,50,5.439,53,2.445,55,0.68,56,1.118,57,1.57,62,1.701,65,2.179,67,2.246,75,2.373,77,2.146,78,1.986,83,2.03,85,1.209,88,1.087,91,1.348,96,2.246,99,2.373,100,2.689,101,3.737,102,2.03,103,2.373,106,1.57,109,2.689,111,2.519,123,3.493,151,1.3,192,2.894,197,3.923,206,2.373,216,1.774,217,2.894,235,1.633,236,2.519,245,1.167,280,1.209,313,2.373,337,2.689,340,3.396,363,2.894,379,3.443,395,2.246,416,1.57,425,2.689,430,1.013,464,2.894,466,2.045,485,2.532,519,2.775,624,2.894,627,2.519,657,2.894,712,4.905,766,3.493,813,2.689,877,2.689,1000,2.246,1067,2.894,1281,3.15,1335,3.15,1336,3.493,1337,2.689,1339,5.439,1340,3.493,1341,3.493,1361,3.15,1376,3.493,1471,2.894,1478,2.894,1489,3.15,1656,4.013,1657,4.013,1658,4.013,1659,4.013,1660,4.013,1661,5.485,1662,3.493,1663,5.485,1664,4.013,1665,4.013,1666,4.013]],["t/151",[19,0.323,42,0.982,54,1.772,55,0.738,56,0.888,60,0.92,65,1.518,66,1.703,68,2.098,73,2.098,76,2.917,77,1.703,78,1.576,85,1.746,88,1.881,90,2.436,91,2.591,94,3.427,108,2.102,110,1.772,112,3.139,154,2.798,197,2.733,204,1.846,208,2.733,214,3.789,230,2.733,240,2.313,258,1.576,280,1.312,304,3.07,320,2.203,395,3.243,431,2.575,450,2.733,463,2.733,466,1.894,472,3.417,475,2.917,487,2.548,505,3.417,530,3.139,658,2.436,736,2.457,774,3.139,789,3.789,830,2.917,853,2.575,935,2.436,937,3.417,1000,2.436,1037,3.139,1067,4.179,1172,3.139,1173,3.789,1387,3.789,1586,3.789,1662,5.044,1667,4.354,1668,4.354,1669,4.354,1670,4.354,1671,4.354,1672,4.354,1673,4.354,1674,4.354,1675,4.354,1676,4.354,1677,4.354,1678,4.354,1679,4.354]],["t/153",[19,0.417,55,0.954,65,1.963,80,2.213,96,3.149,99,3.328,100,3.772,101,2.99,151,2.21,153,3.113,245,1.637,320,3.452,340,3.295,368,2.291,463,4.283,487,2.201,887,4.61,888,4.921,1478,4.058,1680,5.628,1681,5.628,1682,5.628]]],"invertedIndex":[["",{"_index":10,"t":{"2":{"position":[[92,1],[528,1]]},"4":{"position":[[119,1],[559,4]]},"12":{"position":[[752,3],[789,3],[827,3],[831,3]]},"31":{"position":[[234,1]]},"49":{"position":[[618,3],[972,1],[974,1],[987,1],[1038,1]]},"51":{"position":[[693,1]]},"61":{"position":[[202,1],[204,1],[331,1],[333,1]]},"65":{"position":[[649,1],[655,2]]},"69":{"position":[[259,3]]},"71":{"position":[[209,1]]},"73":{"position":[[256,1],[1182,1],[1202,1],[1306,1],[1621,1],[1641,1],[3089,1],[3110,2]]},"75":{"position":[[1195,1]]},"83":{"position":[[400,2],[458,2]]},"87":{"position":[[259,2],[353,2],[432,2],[496,2],[566,2],[2038,1],[2318,1],[2591,1],[2613,1],[3485,1],[3499,1],[3519,1],[4395,1],[4439,1],[4490,1],[4512,1],[4521,1],[4566,1],[4604,1],[4616,1],[4632,1],[4647,1],[4688,1],[4993,1],[5015,1],[5032,1],[5064,1],[5987,3],[6222,1],[6244,1],[6261,1],[6281,1],[6478,1],[6899,1],[6921,1],[6938,1]]},"89":{"position":[[674,2]]},"91":{"position":[[366,1],[396,1]]},"95":{"position":[[39,1],[1414,1],[3059,1],[3080,1],[3140,1],[3191,1],[3193,1],[3236,1],[3238,1],[3261,1],[3284,1],[3311,1],[3331,1],[3361,1],[3493,1],[4386,1],[4407,1],[4464,1],[4520,1],[4522,1],[4560,1],[4562,1],[4578,1],[4599,1],[4624,1],[4644,1],[4665,1],[4693,1],[4770,1]]},"97":{"position":[[1584,1],[1616,1],[1670,1],[1726,1],[1749,1],[1773,1],[1808,1],[1858,1],[1885,1],[1914,1],[1989,1],[2068,1]]},"103":{"position":[[213,1],[238,1],[259,1]]},"111":{"position":[[239,1],[248,1],[264,1],[272,4],[277,1],[312,1],[320,4],[325,1],[330,1],[570,1],[697,1],[706,1],[728,1],[730,1]]},"113":{"position":[[83,1],[85,1]]},"115":{"position":[[71,2],[93,1],[1050,1],[1583,1],[1706,3],[2057,4],[2062,2],[2418,1],[2420,1],[2493,1],[2574,1],[2662,1],[3124,2],[3431,1],[3433,1],[3511,1],[3513,1],[3950,1],[4089,1],[4200,1],[4990,1],[5533,2],[7096,1],[7163,4],[8215,2],[8284,1],[8730,2],[8923,2],[9540,1],[10287,1],[12600,1],[12728,1],[12877,1],[12941,1],[13092,1],[13123,1],[14073,1],[14502,1],[14790,1],[14890,1],[15128,1],[15210,1],[15217,2],[15299,1],[15952,1],[15959,2],[16312,2]]},"119":{"position":[[147,1],[149,1]]},"121":{"position":[[215,1],[241,1],[278,1],[343,1]]},"123":{"position":[[927,1]]},"125":{"position":[[782,1]]},"129":{"position":[[242,1],[272,4],[317,1],[513,1],[557,1],[629,1],[640,1],[655,1],[796,1],[879,3],[912,1],[923,1],[925,1],[969,1],[988,1],[1050,1],[1282,1],[1468,1],[1644,1],[1737,1],[1803,1],[1901,1],[2080,1],[2161,1],[2266,2],[2269,3],[2273,5],[2279,1],[2396,1],[2398,1],[2494,1],[2582,1],[2612,1],[2656,4],[2665,2],[3338,1],[3419,1],[3448,2],[3451,2],[3484,1],[3496,2],[3523,2],[3556,5],[3566,1]]},"133":{"position":[[589,2]]},"135":{"position":[[154,1],[349,1],[488,2],[570,1],[757,2],[858,1],[1069,2],[1282,2]]},"141":{"position":[[2505,2],[2549,2]]},"145":{"position":[[227,1],[262,1],[298,1],[334,1],[369,1],[391,1],[414,1],[431,1],[449,1]]},"147":{"position":[[114,3],[750,1],[951,1],[953,1],[1165,2],[1264,1],[1299,1],[1335,1],[1357,1],[1380,1],[1397,1],[1420,1],[1438,1]]}}}],["0",{"_index":1260,"t":{"115":{"position":[[1304,2],[1776,1],[5793,1],[5806,1],[11048,1]]},"141":{"position":[[1110,1],[1700,4]]}}}],["0.0.0.0:4180",{"_index":1106,"t":{"95":{"position":[[4772,14]]}}}],["0.001",{"_index":1469,"t":{"125":{"position":[[916,5]]}}}],["00010203",{"_index":1445,"t":{"123":{"position":[[1121,8]]},"125":{"position":[[984,8]]}}}],["0400",{"_index":1430,"t":{"123":{"position":[[256,5],[1301,4]]},"125":{"position":[[137,5],[1323,4]]},"127":{"position":[[267,5],[593,4]]}}}],["0405",{"_index":1446,"t":{"123":{"position":[[1130,4]]},"125":{"position":[[993,4]]}}}],["0a0b0c0d0e0f",{"_index":1449,"t":{"123":{"position":[[1145,12]]},"125":{"position":[[1008,12]]}}}],["1",{"_index":719,"t":{"67":{"position":[[2225,1]]},"73":{"position":[[2828,1]]},"115":{"position":[[1821,3],[15804,4]]},"135":{"position":[[423,2]]},"147":{"position":[[1116,2]]}}}],["1.3",{"_index":640,"t":{"63":{"position":[[474,3]]}}}],["1.5h",{"_index":402,"t":{"31":{"position":[[236,5]]}}}],["100",{"_index":1325,"t":{"115":{"position":[[5889,3]]}}}],["12",{"_index":1472,"t":{"125":{"position":[[1200,2]]}}}],["12.x",{"_index":996,"t":{"89":{"position":[[58,5],[128,4]]}}}],["123456.apps.googleusercontent.com",{"_index":1252,"t":{"115":{"position":[[724,35]]}}}],["127.0.0.1:4180",{"_index":1309,"t":{"115":{"position":[[5212,16]]},"127":{"position":[[732,14]]},"147":{"position":[[150,14]]}}}],["128",{"_index":1592,"t":{"141":{"position":[[383,3],[434,3]]}}}],["15",{"_index":1355,"t":{"115":{"position":[[10926,2],[10957,2]]},"141":{"position":[[3491,2],[3522,2]]}}}],["15m",{"_index":1277,"t":{"115":{"position":[[2261,3]]}}}],["168h0m0",{"_index":1262,"t":{"115":{"position":[[1385,8]]},"141":{"position":[[1175,8]]}}}],["19.0.0",{"_index":950,"t":{"87":{"position":[[636,7]]}}}],["19/mar/2015:17:20:19",{"_index":1429,"t":{"123":{"position":[[233,21],[1279,20]]},"125":{"position":[[114,21],[1301,20]]},"127":{"position":[[244,21],[571,20]]}}}],["1916",{"_index":972,"t":{"87":{"position":[[3370,5]]}}}],["192",{"_index":1236,"t":{"111":{"position":[[644,3]]}}}],["1h",{"_index":773,"t":{"73":{"position":[[923,4]]}}}],["1m",{"_index":1612,"t":{"141":{"position":[[2097,4],[2532,2]]}}}],["1s",{"_index":1293,"t":{"115":{"position":[[3239,4]]}}}],["2",{"_index":785,"t":{"73":{"position":[[1547,1]]},"75":{"position":[[1134,1]]},"95":{"position":[[3458,2]]},"115":{"position":[[15275,3],[15880,4]]},"135":{"position":[[717,2]]}}}],["2.0",{"_index":1023,"t":{"91":{"position":[[213,3]]},"95":{"position":[[35,3]]}}}],["20",{"_index":1298,"t":{"115":{"position":[[4403,2]]}}}],["200",{"_index":712,"t":{"67":{"position":[[1941,3]]},"125":{"position":[[1249,3]]},"149":{"position":[[223,3],[336,3],[417,3]]}}}],["202",{"_index":1478,"t":{"129":{"position":[[131,3]]},"133":{"position":[[162,3]]},"149":{"position":[[1098,3]]},"153":{"position":[[22,3]]}}}],["2048",{"_index":1123,"t":{"97":{"position":[[1052,4]]}}}],["21.0.0",{"_index":952,"t":{"87":{"position":[[773,7]]}}}],["24",{"_index":1234,"t":{"111":{"position":[[630,2]]}}}],["2>/dev/nul",{"_index":1220,"t":{"111":{"position":[[227,11]]}}}],["2f",{"_index":734,"t":{"69":{"position":[[212,7]]}}}],["2h45m",{"_index":403,"t":{"31":{"position":[[245,8]]}}}],["3",{"_index":843,"t":{"75":{"position":[[1492,2],[1800,2]]},"77":{"position":[[385,2],[421,2]]},"85":{"position":[[1247,4]]}}}],["3/4",{"_index":1393,"t":{"115":{"position":[[15577,3]]}}}],["30",{"_index":730,"t":{"67":{"position":[[2598,2]]},"115":{"position":[[14763,3]]},"147":{"position":[[1138,3],[1161,3]]}}}],["300m",{"_index":401,"t":{"31":{"position":[[225,8]]}}}],["315360000",{"_index":1549,"t":{"133":{"position":[[965,9]]},"135":{"position":[[1723,9]]}}}],["32",{"_index":1226,"t":{"111":{"position":[[309,2],[578,2],[708,2]]}}}],["3650",{"_index":1135,"t":{"97":{"position":[[1175,4]]}}}],["401",{"_index":99,"t":{"4":{"position":[[403,3]]},"115":{"position":[[112,3]]},"129":{"position":[[158,3],[965,3]]},"133":{"position":[[189,3],[1254,4]]},"135":{"position":[[898,3]]},"149":{"position":[[1125,3]]},"153":{"position":[[49,3]]}}}],["403",{"_index":1559,"t":{"133":{"position":[[1259,4]]}}}],["4180",{"_index":1643,"t":{"147":{"position":[[465,5]]}}}],["443",{"_index":1312,"t":{"115":{"position":[[5378,6],[16159,3]]},"129":{"position":[[251,3]]},"147":{"position":[[395,3],[759,3]]}}}],["4607",{"_index":1447,"t":{"123":{"position":[[1135,4]]},"125":{"position":[[998,4]]}}}],["4kb",{"_index":1498,"t":{"129":{"position":[[1733,3],[1938,4]]}}}],["5",{"_index":802,"t":{"73":{"position":[[2527,1]]},"75":{"position":[[1528,2],[1836,2]]}}}],["59",{"_index":1613,"t":{"141":{"position":[[2138,6]]}}}],["7",{"_index":1323,"t":{"115":{"position":[[5722,1]]}}}],["74.125.224.72",{"_index":1441,"t":{"123":{"position":[[840,13]]},"125":{"position":[[695,13]]}}}],["80",{"_index":1402,"t":{"115":{"position":[[16145,3]]}}}],["8809",{"_index":1448,"t":{"123":{"position":[[1140,4]]},"125":{"position":[[1003,4]]}}}],["994",{"_index":997,"t":{"89":{"position":[[138,5]]}}}],["_",{"_index":1223,"t":{"111":{"position":[[279,3],[327,2],[732,3]]},"113":{"position":[[104,4]]},"119":{"position":[[168,4]]}}}],["__host",{"_index":1265,"t":{"115":{"position":[[1562,7]]}}}],["__secur",{"_index":1266,"t":{"115":{"position":[[1574,8]]}}}],["_oauth2_proxi",{"_index":1267,"t":{"115":{"position":[[1612,15]]},"141":{"position":[[338,14]]}}}],["_oauth2_proxy_1",{"_index":1531,"t":{"129":{"position":[[3951,18]]}}}],["aad",{"_index":832,"t":{"75":{"position":[[880,3]]}}}],["abov",{"_index":933,"t":{"85":{"position":[[1233,5]]},"123":{"position":[[1542,5]]},"127":{"position":[[45,5]]}}}],["absent",{"_index":1299,"t":{"115":{"position":[[4409,6]]}}}],["accept",{"_index":96,"t":{"4":{"position":[[363,7]]},"63":{"position":[[139,11]]},"115":{"position":[[11440,8],[14435,11]]},"129":{"position":[[135,8]]},"133":{"position":[[166,8]]},"145":{"position":[[566,10]]},"149":{"position":[[1102,8]]},"153":{"position":[[26,8]]}}}],["acceptable.e.g",{"_index":638,"t":{"63":{"position":[[420,15]]}}}],["access",{"_index":258,"t":{"18":{"position":[[349,6]]},"23":{"position":[[101,6]]},"27":{"position":[[171,6]]},"33":{"position":[[346,6]]},"45":{"position":[[259,6]]},"53":{"position":[[2139,6],[2286,6]]},"73":{"position":[[2285,7]]},"81":{"position":[[296,7],[924,6],[999,6],[1036,6],[1186,6],[1217,6],[1306,6]]},"85":{"position":[[138,6],[1173,6]]},"87":{"position":[[857,6],[2260,6],[2320,6],[2630,6],[3022,6],[3350,6],[3600,6],[7059,6]]},"95":{"position":[[2344,6],[2403,7],[2977,6]]},"97":{"position":[[305,7],[2650,6],[3170,10]]},"103":{"position":[[528,6],[638,6],[673,6]]},"115":{"position":[[3903,6],[4328,6],[4375,6],[7175,6],[7245,6],[7329,6],[8131,6],[9127,6],[11997,6],[12026,6],[15034,6]]},"129":{"position":[[1306,6],[1447,6]]},"135":{"position":[[2016,6],[2192,6]]},"141":{"position":[[1477,6],[1670,6],[1709,6],[1871,6],[2066,6],[2445,6],[2508,6]]},"151":{"position":[[214,9]]}}}],["access_by_lua_block",{"_index":1523,"t":{"129":{"position":[[3399,19]]}}}],["access_token",{"_index":1330,"t":{"115":{"position":[[7204,12]]}}}],["accesstokenacceptedvers",{"_index":838,"t":{"75":{"position":[[1104,29]]}}}],["accompani",{"_index":885,"t":{"81":{"position":[[382,11]]}}}],["account",{"_index":424,"t":{"37":{"position":[[271,7]]},"73":{"position":[[981,7],[1095,7],[1828,7],[2927,7]]},"75":{"position":[[177,7]]},"87":{"position":[[3854,7]]},"95":{"position":[[1641,8],[3747,8]]},"97":{"position":[[260,8],[737,7]]},"103":{"position":[[204,7],[487,7]]},"115":{"position":[[4608,7],[4652,7],[4782,7]]}}}],["acr",{"_index":292,"t":{"18":{"position":[[1037,3]]},"115":{"position":[[34,3]]}}}],["activ",{"_index":811,"t":{"75":{"position":[[65,6],[1349,6]]},"87":{"position":[[4302,10],[5101,9]]}}}],["actual",{"_index":830,"t":{"75":{"position":[[851,8]]},"101":{"position":[[221,6]]},"103":{"position":[[124,6]]},"129":{"position":[[3721,6]]},"151":{"position":[[1057,6]]}}}],["ad",{"_index":108,"t":{"4":{"position":[[637,5]]},"16":{"position":[[7,6]]},"21":{"position":[[66,6]]},"39":{"position":[[79,5]]},"53":{"position":[[2230,2]]},"71":{"position":[[300,2]]},"87":{"position":[[1810,5],[6789,5]]},"93":{"position":[[4,6],[49,2]]},"115":{"position":[[11327,2],[12042,5]]},"117":{"position":[[750,6]]},"151":{"position":[[939,5]]}}}],["adc",{"_index":786,"t":{"73":{"position":[[1615,5],[1884,3]]}}}],["add",{"_index":171,"t":{"10":{"position":[[148,3]]},"12":{"position":[[432,3]]},"75":{"position":[[0,3],[430,3],[532,3],[662,3],[1222,3],[1284,4]]},"77":{"position":[[64,3]]},"87":{"position":[[3322,3],[3343,3],[3487,3],[6263,3],[6497,3]]},"89":{"position":[[223,3],[431,3],[1312,3]]},"93":{"position":[[74,3]]},"95":{"position":[[605,3],[1296,4],[1989,3],[2336,3],[2567,3]]},"103":{"position":[[0,3]]},"107":{"position":[[80,3]]},"111":{"position":[[332,3]]},"115":{"position":[[7305,4],[16237,3]]}}}],["add_head",{"_index":1496,"t":{"129":{"position":[[1608,10],[2496,10],[2539,10]]},"147":{"position":[[888,10]]}}}],["addedto",{"_index":334,"t":{"23":{"position":[[667,7],[902,7]]}}}],["addit",{"_index":561,"t":{"51":{"position":[[1553,10],[1614,8]]},"81":{"position":[[206,10],[775,8]]},"87":{"position":[[3089,10],[3168,8]]},"95":{"position":[[2066,10]]},"103":{"position":[[559,10]]},"115":{"position":[[7103,10]]},"129":{"position":[[1968,10]]}}}],["addition",{"_index":1300,"t":{"115":{"position":[[4847,12]]},"141":{"position":[[851,12]]}}}],["address",{"_index":485,"t":{"49":{"position":[[496,9]]},"51":{"position":[[230,7]]},"61":{"position":[[146,7],[268,7]]},"73":{"position":[[2343,7]]},"87":{"position":[[3663,7]]},"105":{"position":[[95,9],[199,9]]},"115":{"position":[[5056,7],[5180,8],[5237,7],[5346,8],[6354,7],[7669,7],[8856,7],[8875,7],[15588,8],[15681,7]]},"123":{"position":[[81,7],[875,8]]},"125":{"position":[[730,8]]},"133":{"position":[[1150,8]]},"135":{"position":[[1917,8],[2082,8]]},"149":{"position":[[568,7],[599,8]]}}}],["address=\"0.0.0.0:4180",{"_index":1641,"t":{"147":{"position":[[312,22]]}}}],["address=\"http://:4180",{"_index":1642,"t":{"147":{"position":[[345,23]]}}}],["adf",{"_index":576,"t":{"53":{"position":[[739,4],[2237,4]]},"55":{"position":[[128,5]]},"71":{"position":[[232,4]]},"77":{"position":[[9,4],[445,4]]}}}],["adfsconfig",{"_index":574,"t":{"53":{"position":[[676,10],[699,10]]}}}],["adfsopt",{"_index":575,"t":{"53":{"position":[[687,11]]}}}],["admin",{"_index":418,"t":{"37":{"position":[[164,5]]},"73":{"position":[[1337,5],[2275,5],[2395,5],[2481,5]]},"75":{"position":[[696,5],[729,5],[801,8],[940,5]]},"85":{"position":[[1482,5],[1548,7]]},"87":{"position":[[604,5],[652,5],[700,5],[797,5],[1276,5]]},"99":{"position":[[574,6],[612,6]]},"115":{"position":[[4425,5],[4455,5]]}}}],["admin2",{"_index":959,"t":{"87":{"position":[[1400,6]]}}}],["adminemail",{"_index":417,"t":{"37":{"position":[[121,10],[139,10]]}}}],["administr",{"_index":798,"t":{"73":{"position":[[2322,14]]},"77":{"position":[[14,14]]},"95":{"position":[[1626,14]]}}}],["advis",{"_index":1615,"t":{"141":{"position":[[2377,7]]}}}],["advisori",{"_index":168,"t":{"10":{"position":[[23,10],[182,8],[411,9]]}}}],["ae",{"_index":1235,"t":{"111":{"position":[[640,3]]}}}],["affect",{"_index":164,"t":{"8":{"position":[[688,8]]}}}],["afterward",{"_index":1668,"t":{"151":{"position":[[334,10]]}}}],["ag",{"_index":1320,"t":{"115":{"position":[[5667,3]]},"121":{"position":[[237,3],[256,5]]}}}],["again",{"_index":1667,"t":{"151":{"position":[[240,6]]}}}],["against",{"_index":39,"t":{"2":{"position":[[432,7]]},"51":{"position":[[1433,7]]},"73":{"position":[[2731,7],[2994,7]]},"87":{"position":[[1719,7]]},"89":{"position":[[35,7]]},"95":{"position":[[163,7]]},"99":{"position":[[50,7]]},"115":{"position":[[455,7],[4873,7]]}}}],["age=2592000",{"_index":1652,"t":{"147":{"position":[[929,12]]}}}],["agenc",{"_index":1108,"t":{"97":{"position":[[80,7],[718,6]]}}}],["agent",{"_index":1337,"t":{"115":{"position":[[8663,5],[8683,5],[8751,6]]},"121":{"position":[[753,6]]},"123":{"position":[[1372,5]]},"125":{"position":[[1444,5]]},"149":{"position":[[263,6]]}}}],["agre",{"_index":181,"t":{"10":{"position":[[441,6]]}}}],["agreement",{"_index":1020,"t":{"91":{"position":[[124,9]]}}}],["ajax",{"_index":93,"t":{"4":{"position":[[335,4]]}}}],["algorithm:secretkey",{"_index":1367,"t":{"115":{"position":[[12514,21]]}}}],["alia",{"_index":391,"t":{"31":{"position":[[8,7]]},"55":{"position":[[8,7]]},"57":{"position":[[12,7]]}}}],["allow",{"_index":80,"t":{"4":{"position":[[143,8]]},"18":{"position":[[1087,7],[1116,7]]},"23":{"position":[[85,6]]},"29":{"position":[[38,6]]},"33":{"position":[[392,6]]},"47":{"position":[[295,7],[459,7],[609,7]]},"49":{"position":[[599,6],[724,7],[1291,5],[1327,5],[1477,5]]},"51":{"position":[[868,6],[1389,6]]},"67":{"position":[[788,6],[1613,5]]},"69":{"position":[[188,8]]},"81":{"position":[[473,7],[1180,5],[1473,5],[1628,5]]},"85":{"position":[[1090,7]]},"87":{"position":[[322,7],[388,7],[468,7],[3974,7],[3992,7],[4285,8],[4751,7],[4836,7],[5093,7],[5135,8],[5449,7],[6037,7],[6555,7],[6589,5]]},"95":{"position":[[2784,7],[4106,8]]},"97":{"position":[[2350,5]]},"99":{"position":[[23,6]]},"103":{"position":[[456,6]]},"107":{"position":[[117,5]]},"115":{"position":[[3960,5],[6303,5],[6445,5],[7134,7],[11453,6],[14769,7],[14870,7],[15135,7],[15223,5],[15336,5],[15967,5],[16069,8],[16097,8],[16209,5],[16292,5]]},"129":{"position":[[33,6]]},"133":{"position":[[38,6]]},"137":{"position":[[9,5]]},"153":{"position":[[192,7],[254,7],[316,7]]}}}],["allowed.e.g",{"_index":644,"t":{"63":{"position":[[553,13]]}}}],["allowed_email",{"_index":1682,"t":{"153":{"position":[[276,15]]}}}],["allowed_email_domain",{"_index":1681,"t":{"153":{"position":[[207,22]]}}}],["allowed_group",{"_index":1680,"t":{"153":{"position":[[152,15]]}}}],["allowedgroup",{"_index":610,"t":{"53":{"position":[[2371,13],[2394,13]]}}}],["allowedto",{"_index":563,"t":{"51":{"position":[[1583,9]]}}}],["alpha",{"_index":200,"t":{"12":{"position":[[44,5],[297,5],[353,5],[665,5]]},"14":{"position":[[15,5],[153,5],[194,5]]},"16":{"position":[[24,5],[92,5],[189,5],[510,5]]},"18":{"position":[[106,5],[1408,5],[1524,5]]},"23":{"position":[[22,5],[108,5],[267,6]]}}}],["alphaopt",{"_index":227,"t":{"12":{"position":[[607,12]]},"23":{"position":[[0,12]]},"39":{"position":[[13,13]]},"57":{"position":[[33,13]]},"61":{"position":[[13,13]]},"69":{"position":[[13,13]]}}}],["alreadi",{"_index":1606,"t":{"141":{"position":[[1579,7],[1758,7]]}}}],["altern",{"_index":505,"t":{"49":{"position":[[927,13]]},"101":{"position":[[496,14]]},"151":{"position":[[523,14]]}}}],["alway",{"_index":470,"t":{"47":{"position":[[532,6]]},"145":{"position":[[745,6]]}}}],["amazon",{"_index":1637,"t":{"147":{"position":[[61,6],[255,6]]}}}],["amd64",{"_index":24,"t":{"2":{"position":[[262,7],[581,6]]}}}],["amount",{"_index":1385,"t":{"115":{"position":[[14694,6]]}}}],["anchor",{"_index":661,"t":{"65":{"position":[[625,6]]}}}],["and/or",{"_index":496,"t":{"49":{"position":[[732,6]]}}}],["announc",{"_index":951,"t":{"87":{"position":[[723,9]]}}}],["anoth",{"_index":345,"t":{"23":{"position":[[1037,7]]},"71":{"position":[[82,7]]},"73":{"position":[[176,7]]}}}],["anyth",{"_index":471,"t":{"47":{"position":[[551,8]]}}}],["apach",{"_index":1424,"t":{"121":{"position":[[668,6]]}}}],["api",{"_index":420,"t":{"37":{"position":[[189,3]]},"73":{"position":[[250,5],[1300,5],[1322,5],[1363,4],[2281,3]]},"75":{"position":[[490,3]]},"89":{"position":[[78,3]]},"91":{"position":[[368,3]]},"95":{"position":[[1979,3]]},"115":{"position":[[76,3],[4480,3]]}}}],["api/v1/user/email",{"_index":911,"t":{"83":{"position":[[635,21]]}}}],["app",{"_index":813,"t":{"75":{"position":[[90,3],[294,3],[465,3],[518,4],[1143,3],[1217,4]]},"79":{"position":[[16,3]]},"95":{"position":[[2215,5],[2701,4],[3925,3]]},"97":{"position":[[1334,3]]},"149":{"position":[[923,3]]}}}],["appear",{"_index":314,"t":{"21":{"position":[[0,8]]},"25":{"position":[[0,8]]},"27":{"position":[[0,8]]},"29":{"position":[[0,8]]},"31":{"position":[[16,8]]},"33":{"position":[[0,8]]},"35":{"position":[[0,8]]},"37":{"position":[[0,8]]},"39":{"position":[[0,8]]},"41":{"position":[[0,8]]},"43":{"position":[[0,8]]},"45":{"position":[[0,8]]},"47":{"position":[[0,8]]},"51":{"position":[[0,8]]},"53":{"position":[[0,8]]},"55":{"position":[[16,8]]},"57":{"position":[[20,8]]},"59":{"position":[[0,8]]},"61":{"position":[[0,8]]},"63":{"position":[[0,8]]},"65":{"position":[[0,8]]},"67":{"position":[[0,8]]},"69":{"position":[[0,8]]}}}],["append",{"_index":854,"t":{"75":{"position":[[2101,6]]},"129":{"position":[[2149,6]]}}}],["appli",{"_index":441,"t":{"39":{"position":[[428,7]]}}}],["applic",{"_index":54,"t":{"2":{"position":[[631,11]]},"37":{"position":[[395,11]]},"71":{"position":[[35,11]]},"73":{"position":[[538,12],[551,11],[1150,11],[1583,11],[1716,11]]},"75":{"position":[[7,12],[586,11]]},"77":{"position":[[74,11],[142,11],[174,12],[282,11]]},"83":{"position":[[13,12]]},"89":{"position":[[230,12],[343,11],[468,12],[724,11]]},"93":{"position":[[14,11],[81,12],[124,10]]},"95":{"position":[[1817,13],[1890,12],[2169,11],[2255,11],[2391,11],[2542,12],[2571,12],[2668,11],[2989,12],[3549,11],[3806,12],[3876,11]]},"97":{"position":[[467,11],[559,11],[779,11],[3018,11],[3109,11]]},"101":{"position":[[19,11],[108,12]]},"115":{"position":[[4690,11],[4731,11],[9892,10]]},"147":{"position":[[532,12]]},"151":{"position":[[228,11]]}}}],["application.y",{"_index":349,"t":{"23":{"position":[[1268,15]]}}}],["application/json",{"_index":97,"t":{"4":{"position":[[371,17]]}}}],["approach",{"_index":1632,"t":{"145":{"position":[[495,8]]}}}],["appropri",{"_index":760,"t":{"73":{"position":[[598,11]]},"81":{"position":[[1750,11]]},"85":{"position":[[421,11]]},"87":{"position":[[2153,11]]},"89":{"position":[[1107,11]]},"141":{"position":[[3001,14],[3204,14]]}}}],["approv",{"_index":290,"t":{"18":{"position":[[1005,8]]},"75":{"position":[[946,11]]},"115":{"position":[[208,8],[8188,8]]}}}],["approval_prompt",{"_index":1249,"t":{"115":{"position":[[237,15]]}}}],["apps/oauth2",{"_index":1181,"t":{"99":{"position":[[351,15]]}}}],["aren't",{"_index":1359,"t":{"115":{"position":[[11661,6]]}}}],["arg",{"_index":1048,"t":{"95":{"position":[[949,5]]}}}],["argument",{"_index":1178,"t":{"99":{"position":[[218,9]]},"113":{"position":[[19,8],[116,8]]},"119":{"position":[[19,8],[180,8]]}}}],["arm64",{"_index":28,"t":{"2":{"position":[[297,5]]}}}],["armv6",{"_index":26,"t":{"2":{"position":[[279,6]]}}}],["armv7",{"_index":27,"t":{"2":{"position":[[286,6]]}}}],["around",{"_index":493,"t":{"49":{"position":[[688,6]]}}}],["ask",{"_index":89,"t":{"4":{"position":[[256,5]]}}}],["assembl",{"_index":1228,"t":{"111":{"position":[[347,8]]}}}],["assemblynam",{"_index":1230,"t":{"111":{"position":[[390,12]]}}}],["assign",{"_index":800,"t":{"73":{"position":[[2374,6]]},"87":{"position":[[2720,8],[4184,8],[4573,6],[4634,6],[4690,7],[5115,6],[5174,8]]},"95":{"position":[[2926,11],[4073,12]]}}}],["associ",{"_index":983,"t":{"87":{"position":[[5277,10]]}}}],["assum",{"_index":1119,"t":{"97":{"position":[[526,6]]}}}],["attach",{"_index":790,"t":{"73":{"position":[[1836,8]]},"87":{"position":[[6187,6],[6661,9]]}}}],["attacksbetweem",{"_index":704,"t":{"67":{"position":[[1647,14]]}}}],["attempt",{"_index":310,"t":{"18":{"position":[[1338,10]]},"115":{"position":[[300,8]]},"123":{"position":[[99,10],[1062,8]]}}}],["attent",{"_index":147,"t":{"8":{"position":[[294,9]]}}}],["attribut",{"_index":1141,"t":{"97":{"position":[[1446,9]]},"115":{"position":[[2018,9]]},"129":{"position":[[2101,10]]}}}],["aud",{"_index":559,"t":{"51":{"position":[[1465,3]]},"87":{"position":[[1597,3],[1629,3],[2876,4],[3235,5]]},"115":{"position":[[2912,3],[7061,5],[13295,3]]}}}],["audienc",{"_index":562,"t":{"51":{"position":[[1564,9]]},"87":{"position":[[1169,10],[1200,8],[1229,8],[1545,8],[1776,9],[2533,8],[2862,8],[2924,8],[3100,8],[3150,8],[3201,9]]},"95":{"position":[[2225,9]]},"115":{"position":[[7000,8],[7052,8],[7080,8],[7114,9]]}}}],["audienceclaim",{"_index":557,"t":{"51":{"position":[[1351,14],[1375,13]]}}}],["auth",{"_index":73,"t":{"4":{"position":[[65,4]]},"18":{"position":[[630,4],[669,4]]},"29":{"position":[[412,4],[470,4]]},"41":{"position":[[633,4],[691,4]]},"73":{"position":[[1019,4],[1308,6]]},"75":{"position":[[1057,4],[1328,4],[1626,4],[1964,4],[2303,4]]},"77":{"position":[[450,4]]},"81":{"position":[[179,4]]},"85":{"position":[[65,4]]},"89":{"position":[[5,4]]},"115":{"position":[[263,4],[316,4],[598,4],[667,4],[7316,4],[7485,4],[7511,5],[7847,4],[11820,4],[11841,4],[11864,4],[11889,4],[12013,4],[12202,4],[12227,4],[12631,4],[12710,4],[12758,4],[12859,4],[13049,4]]},"121":{"position":[[519,4]]},"123":{"position":[[606,4],[790,4],[1057,4],[1473,4],[1524,4]]},"125":{"position":[[1545,4]]},"129":{"position":[[94,5],[477,4],[578,4]]},"133":{"position":[[437,4],[631,4],[912,4],[1131,5]]},"135":{"position":[[556,4],[841,4],[1111,4],[1317,4],[1670,4],[1889,4],[2003,4],[2051,4],[2179,4]]},"151":{"position":[[572,4],[633,4]]}}}],["auth/pass_basic_auth",{"_index":257,"t":{"18":{"position":[[323,20]]}}}],["auth/set_basic_auth",{"_index":263,"t":{"18":{"position":[[478,19]]}}}],["auth_cooki",{"_index":1494,"t":{"129":{"position":[[1568,12],[1630,13],[2252,13],[2305,13]]}}}],["auth_cookie_name_0",{"_index":1504,"t":{"129":{"position":[[2285,19],[2518,20]]}}}],["auth_cookie_name_1",{"_index":1505,"t":{"129":{"position":[[2323,19],[2561,20]]}}}],["auth_cookie_name_1=$auth_cookie_name_upstream_1$1",{"_index":1506,"t":{"129":{"position":[[2343,52]]}}}],["auth_cookie_name_upstream_1",{"_index":1501,"t":{"129":{"position":[[2014,28],[2463,30]]}}}],["auth_request",{"_index":1361,"t":{"115":{"position":[[11955,12],[12165,12],[12273,12]]},"129":{"position":[[10,12],[804,12],[927,12],[1538,12],[1871,12]]},"149":{"position":[[1175,12]]}}}],["auth_request_set",{"_index":1490,"t":{"129":{"position":[[1098,16],[1157,16],[1360,16],[1551,16],[1997,16],[2857,16],[3340,16]]}}}],["authent",{"_index":85,"t":{"4":{"position":[[200,14],[294,14],[458,14],[657,14]]},"23":{"position":[[444,14],[746,13],[1134,13]]},"53":{"position":[[1871,14]]},"67":{"position":[[1833,15]]},"73":{"position":[[3036,14]]},"81":{"position":[[234,14]]},"87":{"position":[[2188,14],[2208,14]]},"97":{"position":[[2935,13]]},"99":{"position":[[37,12]]},"103":{"position":[[498,13]]},"105":{"position":[[111,13]]},"115":{"position":[[142,14],[285,14],[356,14],[409,13],[442,12],[2581,12],[2667,12],[4860,12],[6263,14],[7793,15],[12661,14],[12777,14],[12891,14],[13100,14],[15173,15],[15352,14]]},"117":{"position":[[291,13]]},"121":{"position":[[419,15]]},"123":{"position":[[0,14],[113,13],[365,13],[440,12],[514,14],[1013,13]]},"129":{"position":[[49,12]]},"133":{"position":[[56,12]]},"135":{"position":[[273,13]]},"137":{"position":[[24,14]]},"139":{"position":[[802,12]]},"147":{"position":[[494,12]]},"149":{"position":[[109,14]]},"151":{"position":[[154,14],[294,14]]}}}],["authenticationprovid",{"_index":343,"t":{"23":{"position":[[994,22]]}}}],["autherror",{"_index":1437,"t":{"123":{"position":[[464,9]]}}}],["authfailur",{"_index":1435,"t":{"123":{"position":[[406,11]]}}}],["author",{"_index":261,"t":{"18":{"position":[[421,13],[536,13]]},"73":{"position":[[610,10],[692,10],[998,11]]},"81":{"position":[[67,13]]},"85":{"position":[[1031,14]]},"87":{"position":[[3725,13],[3765,13],[3811,13],[4728,10],[5379,13],[5631,9]]},"93":{"position":[[211,13]]},"95":{"position":[[1757,13],[1860,13],[1993,13],[2098,13],[2508,13],[2807,13],[3414,13],[4115,13],[4256,13]]},"97":{"position":[[3369,14]]},"105":{"position":[[3,9],[68,9],[179,9]]},"115":{"position":[[7378,13],[7438,13],[12081,13],[12111,13],[13125,13]]},"129":{"position":[[1667,13]]},"135":{"position":[[2031,13],[2207,13]]},"141":{"position":[[1292,13]]}}}],["authorizationnginx.ingress.kubernetes.io/auth",{"_index":1517,"t":{"129":{"position":[[3120,45]]}}}],["authresponsehead",{"_index":1572,"t":{"135":{"position":[[1978,20],[2154,20]]}}}],["authsuccess",{"_index":1433,"t":{"123":{"position":[[339,11],[1494,11]]}}}],["auto",{"_index":1567,"t":{"135":{"position":[[776,4]]}}}],["automat",{"_index":789,"t":{"73":{"position":[[1798,13]]},"151":{"position":[[186,13]]}}}],["automaticallyanchor",{"_index":656,"t":{"65":{"position":[[510,21]]}}}],["avail",{"_index":30,"t":{"2":{"position":[[308,10]]},"14":{"position":[[240,10]]},"18":{"position":[[85,9]]},"23":{"position":[[136,9]]},"43":{"position":[[195,9]]},"95":{"position":[[2037,9]]},"97":{"position":[[334,9]]},"117":{"position":[[737,9],[871,9],[950,9]]},"123":{"position":[[766,9]]},"125":{"position":[[618,9]]},"127":{"position":[[490,9]]},"137":{"position":[[198,9],[249,9]]},"141":{"position":[[1822,10],[2024,10],[3033,9]]}}}],["azur",{"_index":305,"t":{"18":{"position":[[1284,6]]},"53":{"position":[[660,5],[2223,6]]},"55":{"position":[[134,6]]},"71":{"position":[[226,5],[294,5]]},"75":{"position":[[59,5],[1051,5],[1322,5],[1342,6],[1533,5],[1620,5],[1841,5],[1958,5],[2297,5]]},"93":{"position":[[43,5]]},"115":{"position":[[496,5],[6523,5],[11320,6]]},"129":{"position":[[3676,7]]}}}],["azureconfig",{"_index":572,"t":{"53":{"position":[[594,11],[619,11]]}}}],["azureopt",{"_index":573,"t":{"53":{"position":[[606,12]]}}}],["b",{"_index":8,"t":{"2":{"position":[[78,2]]},"115":{"position":[[4937,1]]},"135":{"position":[[463,2],[1044,2],[1517,1]]}}}],["back",{"_index":1587,"t":{"141":{"position":[[100,4],[172,4]]}}}],["backend",{"_index":1360,"t":{"115":{"position":[[11758,8]]},"129":{"position":[[1041,8],[1352,7]]},"133":{"position":[[393,7],[659,7],[769,8],[837,8],[1279,7]]},"135":{"position":[[527,7],[812,7],[1139,7],[1345,7],[1455,8],[1527,8],[1595,8]]},"137":{"position":[[224,9],[259,8]]},"139":{"position":[[19,7],[42,7],[141,8],[366,7]]},"141":{"position":[[18,7],[2196,7],[2233,7],[2298,7],[2345,9],[3053,7]]}}}],["backport",{"_index":193,"t":{"10":{"position":[[632,8]]}}}],["backslash",{"_index":504,"t":{"49":{"position":[[872,9]]}}}],["backup",{"_index":1317,"t":{"115":{"position":[[5603,6],[5738,7]]},"121":{"position":[[266,6],[293,9],[310,6]]}}}],["balanc",{"_index":1639,"t":{"147":{"position":[[100,10],[241,8],[290,10]]}}}],["banner",{"_index":1295,"t":{"115":{"position":[[3384,6],[3412,6],[3454,7]]}}}],["bar",{"_index":674,"t":{"67":{"position":[[603,8],[641,5]]}}}],["base",{"_index":223,"t":{"12":{"position":[[505,5]]},"14":{"position":[[57,5]]},"23":{"position":[[523,5]]},"67":{"position":[[1386,7]]},"85":{"position":[[1025,5]]},"95":{"position":[[3391,5],[3929,4]]},"115":{"position":[[14640,5]]},"117":{"position":[[1243,5]]}}}],["base/dir",{"_index":699,"t":{"67":{"position":[[1467,12]]}}}],["base64",{"_index":449,"t":{"41":{"position":[[168,6]]},"59":{"position":[[213,6]]},"111":{"position":[[241,6],[302,6],[586,6]]},"115":{"position":[[1895,6]]}}}],["base64url",{"_index":1594,"t":{"141":{"position":[[457,9]]}}}],["bash",{"_index":1211,"t":{"111":{"position":[[73,4]]}}}],["basic",{"_index":256,"t":{"18":{"position":[[317,5],[472,5],[624,5]]},"29":{"position":[[406,5],[464,5]]},"41":{"position":[[627,5],[685,5]]},"115":{"position":[[592,5],[661,5],[7479,5],[7505,5],[7841,5],[8623,5],[8710,5],[12196,5],[12221,5]]}}}],["basicauthpassword",{"_index":384,"t":{"29":{"position":[[330,17],[361,17]]},"41":{"position":[[551,17],[582,17]]}}}],["baz",{"_index":675,"t":{"67":{"position":[[648,12],[690,4],[957,11]]}}}],["baz/abc/123",{"_index":685,"t":{"67":{"position":[[1021,12]]}}}],["bcrypt",{"_index":1301,"t":{"115":{"position":[[4943,6]]}}}],["bearer",{"_index":84,"t":{"4":{"position":[[181,6]]},"115":{"position":[[2834,6],[7452,6],[12125,6],[13199,6],[13260,6]]}}}],["becom",{"_index":387,"t":{"29":{"position":[[453,6]]},"41":{"position":[[674,6]]},"115":{"position":[[1314,7]]},"119":{"position":[[417,7],[481,7]]}}}],["befor",{"_index":215,"t":{"12":{"position":[[282,6]]},"16":{"position":[[0,6]]},"18":{"position":[[1488,6]]},"67":{"position":[[829,6],[1050,6]]},"115":{"position":[[5873,6]]}}}],["beforward",{"_index":516,"t":{"49":{"position":[[1494,11]]}}}],["behind",{"_index":64,"t":{"2":{"position":[[772,6]]},"115":{"position":[[11372,6]]}}}],["believ",{"_index":131,"t":{"8":{"position":[[12,7]]}}}],["beload",{"_index":378,"t":{"29":{"position":[[204,8]]},"41":{"position":[[425,8]]}}}],["belong",{"_index":415,"t":{"33":{"position":[[454,6]]},"81":{"position":[[510,6],[1535,6]]},"115":{"position":[[4013,6]]}}}],["below",{"_index":225,"t":{"12":{"position":[[541,5],[728,6],[863,5]]},"14":{"position":[[104,6],[271,5]]},"95":{"position":[[345,6]]},"111":{"position":[[50,5]]},"115":{"position":[[16334,5]]},"123":{"position":[[167,5],[324,5]]},"125":{"position":[[48,5]]},"127":{"position":[[237,6]]},"147":{"position":[[53,7]]}}}],["beoverridden",{"_index":514,"t":{"49":{"position":[[1384,12]]}}}],["bepass",{"_index":512,"t":{"49":{"position":[[1252,8]]}}}],["best",{"_index":960,"t":{"87":{"position":[[1429,4]]}}}],["between",{"_index":328,"t":{"23":{"position":[[290,7]]},"67":{"position":[[2135,7]]},"115":{"position":[[3180,7]]},"137":{"position":[[53,7]]}}}],["bewar",{"_index":214,"t":{"12":{"position":[[267,6]]},"151":{"position":[[838,6]]}}}],["big",{"_index":1601,"t":{"141":{"position":[[970,4]]}}}],["bin/dex",{"_index":1046,"t":{"95":{"position":[[848,7]]}}}],["binari",{"_index":4,"t":{"2":{"position":[[43,6],[171,6],[366,8]]}}}],["bindaddress",{"_index":354,"t":{"23":{"position":[[1377,11],[1685,11]]},"61":{"position":[[108,11],[127,11]]}}}],["bit",{"_index":1121,"t":{"97":{"position":[[823,4],[1057,3]]},"141":{"position":[[387,3],[438,3]]}}}],["bitbucket",{"_index":306,"t":{"18":{"position":[[1291,10]]},"53":{"position":[[832,9]]},"55":{"position":[[141,10]]},"71":{"position":[[351,9]]},"103":{"position":[[477,9],[594,9],[713,9]]}}}],["bitbucketconfig",{"_index":577,"t":{"53":{"position":[[754,15],[787,15]]}}}],["bitbucketopt",{"_index":578,"t":{"53":{"position":[[770,16]]}}}],["blank",{"_index":626,"t":{"61":{"position":[[186,5],[315,5]]}}}],["block",{"_index":507,"t":{"49":{"position":[[958,6],[1040,5]]},"95":{"position":[[625,5]]},"123":{"position":[[294,5]]}}}],["bodi",{"_index":708,"t":{"67":{"position":[[1825,4]]},"129":{"position":[[842,4]]}}}],["bool",{"_index":319,"t":{"21":{"position":[[56,4]]},"37":{"position":[[329,4]]},"39":{"position":[[281,4]]},"51":{"position":[[166,4],[322,4],[501,4],[849,4]]},"67":{"position":[[1502,4],[1725,4],[2250,4],[2387,4]]},"69":{"position":[[131,4]]},"115":{"position":[[276,4],[1412,4],[1927,4],[2091,4],[2471,4],[2711,4],[3258,4],[3312,4],[4722,4],[5404,4],[5566,4],[6326,4],[6440,4],[6590,4],[7188,4],[7399,4],[7490,4],[7640,4],[7901,4],[7972,4],[9059,4],[9794,4],[10427,4],[10546,4],[11159,4],[11352,4],[11602,4],[11809,4],[12102,4],[12207,4],[12320,4],[12559,4],[12646,4],[13068,4],[13213,4],[13400,4],[13544,4],[13650,4],[13766,4],[13865,4]]}}}],["boolean",{"_index":428,"t":{"37":{"position":[[372,7]]}}}],["both",{"_index":351,"t":{"23":{"position":[[1302,4],[1610,4]]},"65":{"position":[[291,5]]},"87":{"position":[[3013,4]]},"129":{"position":[[2405,4]]}}}],["bracket",{"_index":1306,"t":{"115":{"position":[[5149,8],[5315,8]]}}}],["break",{"_index":205,"t":{"12":{"position":[[89,8]]}}}],["brief",{"_index":987,"t":{"87":{"position":[[5482,5]]}}}],["bring",{"_index":146,"t":{"8":{"position":[[281,5]]}}}],["brows",{"_index":233,"t":{"12":{"position":[[842,6]]}}}],["browser",{"_index":1166,"t":{"97":{"position":[[2922,8]]},"115":{"position":[[1366,7],[16186,8]]},"141":{"position":[[868,7],[1358,8]]}}}],["browserxssfilt",{"_index":1550,"t":{"133":{"position":[[975,17]]},"135":{"position":[[1733,17]]}}}],["bs=32",{"_index":1218,"t":{"111":{"position":[[213,5]]}}}],["buffer",{"_index":716,"t":{"67":{"position":[[2165,6]]},"115":{"position":[[3206,7]]}}}],["build",{"_index":9,"t":{"2":{"position":[[81,5]]},"25":{"position":[[243,8]]},"97":{"position":[[2563,6],[2581,5]]},"145":{"position":[[962,8]]}}}],["built",{"_index":1030,"t":{"95":{"position":[[157,5]]}}}],["bundl",{"_index":1142,"t":{"97":{"position":[[1456,7]]}}}],["button",{"_index":1375,"t":{"115":{"position":[[13537,6]]}}}],["button=tru",{"_index":1150,"t":{"97":{"position":[[1902,11]]}}}],["bypass",{"_index":1371,"t":{"115":{"position":[[12770,6],[12884,6],[13405,6],[15345,6]]}}}],["bysom",{"_index":654,"t":{"65":{"position":[[457,6]]}}}],["byte",{"_index":447,"t":{"41":{"position":[[145,6]]},"59":{"position":[[190,6]]},"111":{"position":[[581,4],[633,6]]},"125":{"position":[[1215,5]]}}}],["c",{"_index":18,"t":{"2":{"position":[[193,2],[541,1]]},"111":{"position":[[115,1]]}}}],["c=us/st=washington/l=dc/o=gsa/ou=18f/cn=localhost",{"_index":1138,"t":{"97":{"position":[[1193,53]]}}}],["ca",{"_index":278,"t":{"18":{"position":[[865,2]]},"53":{"position":[[1707,2]]},"115":{"position":[[8269,2],[8300,2]]}}}],["cafil",{"_index":600,"t":{"53":{"position":[[1660,7],[1677,7]]}}}],["call",{"_index":421,"t":{"37":{"position":[[193,5]]},"73":{"position":[[1923,6],[2468,5]]},"115":{"position":[[4484,5]]}}}],["callback",{"_index":877,"t":{"81":{"position":[[81,8]]},"95":{"position":[[594,10]]},"101":{"position":[[121,8]]},"103":{"position":[[28,9]]},"149":{"position":[[963,8]]}}}],["caller",{"_index":473,"t":{"47":{"position":[[705,6]]}}}],["capitalis",{"_index":1417,"t":{"119":{"position":[[108,12]]}}}],["captur",{"_index":670,"t":{"67":{"position":[[507,8],[699,7],[885,7]]}}}],["case",{"_index":98,"t":{"4":{"position":[[398,4]]},"8":{"position":[[533,4]]},"67":{"position":[[1214,4]]},"97":{"position":[[3451,5]]},"99":{"position":[[839,5]]},"107":{"position":[[90,4]]},"115":{"position":[[13510,4]]},"141":{"position":[[2841,5]]}}}],["caseadd",{"_index":1229,"t":{"111":{"position":[[376,7]]}}}],["caveat",{"_index":1610,"t":{"141":{"position":[[2035,7]]}}}],["center",{"_index":746,"t":{"73":{"position":[[230,6],[318,6],[425,6]]}}}],["cert",{"_index":636,"t":{"63":{"position":[[260,4],[278,4]]},"115":{"position":[[14005,4]]},"145":{"position":[[65,4],[306,4]]}}}],["cert.pem",{"_index":1133,"t":{"97":{"position":[[1160,8]]}}}],["certif",{"_index":358,"t":{"23":{"position":[[1480,11],[1788,11]]},"53":{"position":[[1710,12]]},"61":{"position":[[400,11]]},"63":{"position":[[68,11],[294,11]]},"75":{"position":[[1182,12]]},"97":{"position":[[1008,11]]},"115":{"position":[[8303,12],[13674,12],[13790,12],[14030,11]]}}}],["certresolv",{"_index":1539,"t":{"133":{"position":[[447,13],[672,13]]},"135":{"position":[[624,13],[907,13],[1152,13],[1358,13]]}}}],["challeng",{"_index":613,"t":{"53":{"position":[[2500,9]]},"87":{"position":[[544,9]]},"115":{"position":[[876,9],[914,10]]}}}],["chang",{"_index":206,"t":{"12":{"position":[[98,7],[202,8]]},"23":{"position":[[283,6]]},"51":{"position":[[783,6]]},"89":{"position":[[82,8]]},"101":{"position":[[651,6]]},"115":{"position":[[1531,7]]},"149":{"position":[[150,7]]}}}],["channel",{"_index":1283,"t":{"115":{"position":[[2761,7]]}}}],["charact",{"_index":495,"t":{"49":{"position":[[709,10],[916,10],[1076,10]]}}}],["check",{"_index":75,"t":{"4":{"position":[[80,7]]},"65":{"position":[[134,7]]},"73":{"position":[[2723,7],[2986,7]]},"75":{"position":[[157,5]]},"87":{"position":[[6760,5]]},"115":{"position":[[8636,6],[8723,6],[8740,5],[8830,6]]},"149":{"position":[[391,6]]}}}],["checkedaft",{"_index":539,"t":{"51":{"position":[[655,12]]}}}],["checksum",{"_index":41,"t":{"2":{"position":[[458,8]]}}}],["chomp",{"_index":506,"t":{"49":{"position":[[949,8]]}}}],["choos",{"_index":0,"t":{"2":{"position":[[0,6]]},"23":{"position":[[1288,6],[1596,6]]},"73":{"position":[[108,6],[243,6],[290,6],[331,6],[438,6],[501,6],[526,6],[581,6],[805,6],[1315,6],[2303,6],[2559,6]]},"75":{"position":[[52,6]]},"87":{"position":[[6301,6]]}}}],["cidr",{"_index":1389,"t":{"115":{"position":[[15321,4]]}}}],["cipher",{"_index":642,"t":{"63":{"position":[[530,6],[663,6],[697,6]]},"115":{"position":[[14053,6],[14094,6],[14240,6],[14275,6]]},"145":{"position":[[797,6],[839,6],[1027,6]]}}}],["ciphersuit",{"_index":641,"t":{"63":{"position":[[478,12],[500,12]]}}}],["claim",{"_index":377,"t":{"29":{"position":[[75,5],[123,5],[136,5],[161,5],[393,5],[442,5]]},"41":{"position":[[344,5],[357,5],[382,5],[614,5],[663,5]]},"51":{"position":[[561,5],[1101,5],[1201,5],[1302,5],[1410,5],[1469,5]]},"71":{"position":[[477,7],[508,5]]},"85":{"position":[[361,5]]},"87":{"position":[[1115,5],[1601,5],[1633,5],[1799,6],[3241,5],[5819,5],[5890,5]]},"95":{"position":[[1782,6]]},"115":{"position":[[6636,5],[6851,5],[6875,5],[6929,5],[6953,5],[7009,5],[7033,5]]}}}],["claim/user_id_claim",{"_index":294,"t":{"18":{"position":[[1067,19]]}}}],["claimsourc",{"_index":375,"t":{"29":{"position":[[26,11]]},"59":{"position":[[13,12]]}}}],["clear",{"_index":1661,"t":{"149":{"position":[[704,6],[759,5]]}}}],["click",{"_index":780,"t":{"73":{"position":[[1328,5]]},"75":{"position":[[117,5],[398,5],[523,5],[616,5]]},"77":{"position":[[199,5]]},"87":{"position":[[2169,5],[2667,8],[2822,5],[3458,8]]},"95":{"position":[[1983,5],[2647,5]]}}}],["client",{"_index":271,"t":{"18":{"position":[[712,6],[732,6],[765,6]]},"51":{"position":[[1445,6],[1630,6]]},"53":{"position":[[140,6],[269,6],[441,6]]},"73":{"position":[[515,6],[838,6],[852,6],[1265,6],[1527,6],[2453,6]]},"75":{"position":[[1232,6],[1456,6],[1497,6],[1764,6],[1805,6]]},"77":{"position":[[239,6],[250,6],[349,6],[390,6]]},"83":{"position":[[175,6],[189,6],[355,6],[405,6]]},"85":{"position":[[103,6],[292,6],[460,6],[498,6]]},"87":{"position":[[27,6],[58,6],[454,6],[524,6],[822,6],[885,6],[1046,6],[1193,6],[1250,6],[1370,6],[1511,6],[1750,6],[1889,7],[1928,6],[1957,6],[1982,6],[2047,6],[2054,6],[2083,6],[2181,6],[2558,6],[2582,7],[2615,6],[2729,6],[2813,8],[2917,6],[3194,6],[3425,6],[3919,6],[4097,6],[4134,6],[4253,6],[4457,6],[4481,7],[4546,7],[4668,7],[4796,7],[4959,6],[4984,7],[5017,6],[5525,6],[5714,6],[6144,6],[6205,7],[6213,7],[6246,6],[6267,6],[6343,6],[6890,7],[6923,6]]},"89":{"position":[[748,6],[777,6]]},"95":{"position":[[1011,6],[1034,6],[2891,6],[2905,6],[4169,6],[4183,6]]},"97":{"position":[[1587,6],[3565,6],[3589,6]]},"99":{"position":[[414,6],[428,6],[548,6],[582,6]]},"101":{"position":[[338,6],[352,6],[442,6],[466,6]]},"103":{"position":[[275,6],[289,6],[376,6],[400,6]]},"115":{"position":[[681,6],[708,6],[762,6],[793,6],[809,6],[855,6],[5133,8],[5299,8],[9173,6],[9241,7],[13317,6],[15455,6]]},"123":{"position":[[677,11],[833,6],[1408,7]]},"125":{"position":[[413,11],[688,6],[1480,7]]},"135":{"position":[[2276,6],[2307,6]]},"139":{"position":[[187,6],[340,6],[481,6]]},"141":{"position":[[109,6]]},"145":{"position":[[435,6],[453,6]]},"147":{"position":[[1424,6],[1442,6]]}}}],["client'",{"_index":920,"t":{"85":{"position":[[518,8]]},"87":{"position":[[43,8],[78,8],[1576,8],[2099,8],[2493,8],[2599,8],[2682,8],[2894,8],[2946,8],[4498,8],[4855,8],[5001,8],[5040,8],[6230,8],[6907,8]]}}}],["client/remot",{"_index":1442,"t":{"123":{"position":[[858,13]]},"125":{"position":[[713,13]]}}}],["client_id",{"_index":906,"t":{"83":{"position":[[368,9]]},"95":{"position":[[3499,9],[4564,13]]}}}],["client_secret",{"_index":907,"t":{"83":{"position":[[422,13]]},"95":{"position":[[3513,13]]}}}],["client_session_idl",{"_index":1621,"t":{"141":{"position":[[2592,20]]}}}],["clientid",{"_index":565,"t":{"53":{"position":[[102,8],[118,8]]}}}],["clientsecret",{"_index":567,"t":{"53":{"position":[[223,12],[243,12],[475,12]]}}}],["clientsecretfil",{"_index":568,"t":{"53":{"position":[[356,16],[380,16]]}}}],["close",{"_index":1261,"t":{"115":{"position":[[1377,7]]}}}],["closest",{"_index":665,"t":{"67":{"position":[[364,7]]}}}],["cloud",{"_index":1158,"t":{"97":{"position":[[2259,5]]},"147":{"position":[[80,5]]}}}],["cloud/dock",{"_index":1154,"t":{"97":{"position":[[2179,12]]}}}],["cluster",{"_index":1347,"t":{"115":{"position":[[9509,7],[9561,7],[9650,7],[10419,7],[10449,8],[10475,7]]},"141":{"position":[[3022,7],[3180,7]]}}}],["cluster=tru",{"_index":1624,"t":{"141":{"position":[[3129,12],[3277,12]]}}}],["code",{"_index":612,"t":{"53":{"position":[[2495,4]]},"67":{"position":[[2005,4]]},"87":{"position":[[539,4]]},"95":{"position":[[2821,4],[4129,4]]},"115":{"position":[[871,4],[909,4]]},"125":{"position":[[1269,4]]}}}],["code_challenge_method",{"_index":611,"t":{"53":{"position":[[2462,21]]}}}],["codematch",{"_index":709,"t":{"67":{"position":[[1864,12]]}}}],["collabor",{"_index":172,"t":{"10":{"position":[[161,12]]},"33":{"position":[[217,13],[494,13]]},"81":{"position":[[310,13],[550,14],[934,13],[1104,13],[1456,13],[1575,14]]},"115":{"position":[[3749,13],[3873,13],[4053,13]]}}}],["collaboratorsit",{"_index":412,"t":{"33":{"position":[[315,15]]}}}],["collect",{"_index":621,"t":{"57":{"position":[[62,10]]},"69":{"position":[[47,10]]}}}],["combin",{"_index":1391,"t":{"115":{"position":[[15403,8]]},"121":{"position":[[675,8]]}}}],["come",{"_index":635,"t":{"63":{"position":[[242,4],[338,4]]},"87":{"position":[[4045,5]]}}}],["comma",{"_index":888,"t":{"81":{"position":[[889,5],[1605,5],[1669,5]]},"89":{"position":[[1025,5]]},"115":{"position":[[3049,5],[3703,5],[4169,5]]},"117":{"position":[[1057,5]]},"153":{"position":[[168,5],[230,5],[292,5]]}}}],["command",{"_index":58,"t":{"2":{"position":[[701,7]]},"99":{"position":[[205,7]]},"101":{"position":[[693,7]]},"109":{"position":[[35,7],[135,7]]},"111":{"position":[[56,9]]},"113":{"position":[[6,7]]},"119":{"position":[[6,7],[365,7]]},"121":{"position":[[140,8]]},"141":{"position":[[731,8]]},"145":{"position":[[135,7]]},"147":{"position":[[1172,7]]}}}],["commandlin",{"_index":1165,"t":{"97":{"position":[[2830,12]]}}}],["common",{"_index":364,"t":{"25":{"position":[[99,6],[152,8]]},"93":{"position":[[204,6]]},"115":{"position":[[543,6],[581,8]]}}}],["commun",{"_index":115,"t":{"6":{"position":[[23,9]]}}}],["compat",{"_index":1329,"t":{"115":{"position":[[6542,14]]}}}],["complet",{"_index":968,"t":{"87":{"position":[[2120,8]]},"139":{"position":[[405,10]]},"145":{"position":[[1000,8]]}}}],["compos",{"_index":150,"t":{"8":{"position":[[353,7]]},"141":{"position":[[230,8]]}}}],["compress",{"_index":1313,"t":{"115":{"position":[[5395,8],[5437,10]]},"121":{"position":[[332,10],[354,10]]}}}],["compris",{"_index":1596,"t":{"141":{"position":[[565,9]]}}}],["concurr",{"_index":1584,"t":{"139":{"position":[[628,12]]}}}],["confident",{"_index":914,"t":{"85":{"position":[[150,13]]}}}],["confidenti",{"_index":953,"t":{"87":{"position":[[869,15]]}}}],["config",{"_index":57,"t":{"2":{"position":[[688,6]]},"12":{"position":[[691,6]]},"14":{"position":[[159,6],[200,6]]},"16":{"position":[[30,6],[82,6],[179,6],[197,6],[487,7],[516,6],[551,6]]},"18":{"position":[[1394,6],[1414,6],[1530,6]]},"89":{"position":[[495,6]]},"95":{"position":[[3684,6],[4346,6],[4845,6]]},"101":{"position":[[545,6]]},"109":{"position":[[82,6]]},"113":{"position":[[50,6],[162,6],[235,6]]},"115":{"position":[[993,6],[1015,6],[10938,6]]},"117":{"position":[[1173,6]]},"129":{"position":[[2906,6]]},"141":{"position":[[3503,6]]},"147":{"position":[[46,6],[645,6]]},"149":{"position":[[182,6]]}}}],["config=/etc/oauth2",{"_index":1245,"t":{"113":{"position":[[307,18]]}}}],["configur",{"_index":55,"t":{"2":{"position":[[659,9],[748,9]]},"4":{"position":[[518,10],[698,14]]},"12":{"position":[[303,13],[359,13],[447,13],[511,13],[587,14],[639,14],[671,14],[898,13]]},"14":{"position":[[21,14]]},"16":{"position":[[123,13],[318,13],[406,13]]},"18":{"position":[[112,14]]},"23":{"position":[[39,13],[169,13],[402,9],[634,9],[869,9],[1225,9],[1464,9],[1547,9],[1772,9],[1850,9]]},"25":{"position":[[200,10]]},"47":{"position":[[48,13]]},"53":{"position":[[43,13],[556,14],[641,14],[720,14],[813,14],[902,14],[989,14],[1075,14],[1155,14],[1213,15],[1285,14]]},"61":{"position":[[49,13],[454,13]]},"67":{"position":[[53,13]]},"69":{"position":[[309,13]]},"71":{"position":[[105,9],[409,13]]},"75":{"position":[[1289,9]]},"77":{"position":[[268,9],[306,9]]},"87":{"position":[[1526,10],[2294,14],[2415,14],[2511,9],[2828,9],[3385,14],[3504,13]]},"95":{"position":[[360,9],[611,13],[1535,9],[1747,9],[1847,9],[2372,9],[3011,13],[3531,10]]},"99":{"position":[[165,14]]},"101":{"position":[[304,10]]},"103":{"position":[[442,13],[570,13]]},"109":{"position":[[20,10],[234,13]]},"115":{"position":[[393,13],[2977,13],[9917,15],[11257,13],[13491,10],[13985,13]]},"117":{"position":[[180,10],[511,10],[775,10],[1031,10]]},"119":{"position":[[339,13]]},"121":{"position":[[67,10],[183,9],[589,12]]},"123":{"position":[[582,9],[654,10]]},"125":{"position":[[315,9],[390,10]]},"127":{"position":[[134,13],[349,9],[425,10]]},"129":{"position":[[2798,13],[3744,10]]},"133":{"position":[[295,14]]},"135":{"position":[[240,10]]},"141":{"position":[[1000,9],[2793,9],[2915,9],[3152,9]]},"143":{"position":[[26,15]]},"145":{"position":[[0,9],[176,13],[481,13],[713,11]]},"147":{"position":[[0,9],[1213,13]]},"149":{"position":[[935,10]]},"151":{"position":[[971,13]]},"153":{"position":[[86,10]]}}}],["conflict",{"_index":1585,"t":{"139":{"position":[[768,9]]}}}],["conjunct",{"_index":344,"t":{"23":{"position":[[1020,11]]},"75":{"position":[[2056,11]]},"115":{"position":[[7817,11],[9621,11],[10209,11],[10369,11]]}}}],["connect",{"_index":519,"t":{"51":{"position":[[87,7],[993,7]]},"53":{"position":[[1748,10]]},"71":{"position":[[310,7],[556,7]]},"87":{"position":[[909,8],[2074,8]]},"95":{"position":[[7,7],[227,7],[271,7],[2635,7]]},"97":{"position":[[869,7],[913,8]]},"115":{"position":[[6683,7],[8341,10],[9517,10],[9569,10],[9666,10],[9826,10],[9975,10],[10071,11],[10264,10],[10317,10],[10432,7],[10483,10],[10551,7],[10642,10],[10692,10],[10726,10],[10815,10],[10972,10],[11021,10]]},"141":{"position":[[2704,10],[2732,10],[2985,10],[3188,10],[3376,10],[3537,10],[3586,10]]},"147":{"position":[[414,11]]},"149":{"position":[[455,11],[491,9]]}}}],["connect/auth",{"_index":924,"t":{"85":{"position":[[615,13]]}}}],["connect/token",{"_index":925,"t":{"85":{"position":[[710,14]]}}}],["connect/userinfo",{"_index":926,"t":{"85":{"position":[[807,17],[908,17]]}}}],["consent",{"_index":479,"t":{"49":{"position":[[165,7],[333,7]]},"73":{"position":[[345,7]]},"75":{"position":[[702,7],[810,7],[837,7]]}}}],["consent#th",{"_index":858,"t":{"75":{"position":[[2238,11]]}}}],["consid",{"_index":327,"t":{"23":{"position":[[256,10]]},"49":{"position":[[889,10]]}}}],["consol",{"_index":868,"t":{"77":{"position":[[29,7]]},"87":{"position":[[610,7],[658,7],[706,7],[803,7],[1282,7],[1407,8],[6856,7]]}}}],["consult",{"_index":962,"t":{"87":{"position":[[1466,7]]}}}],["consum",{"_index":1024,"t":{"91":{"position":[[353,8],[380,8]]},"103":{"position":[[16,8]]}}}],["contact",{"_index":1109,"t":{"97":{"position":[[96,7],[135,7]]}}}],["contain",{"_index":198,"t":{"12":{"position":[[17,8]]},"23":{"position":[[13,8]]},"39":{"position":[[561,8]]},"41":{"position":[[315,10]]},"51":{"position":[[1107,8],[1207,8],[1308,8]]},"59":{"position":[[360,10]]},"61":{"position":[[359,8]]},"63":{"position":[[25,8]]},"95":{"position":[[1466,9],[4746,10]]},"97":{"position":[[2508,8]]},"115":{"position":[[6881,8],[6959,8],[7039,8],[12391,7]]},"123":{"position":[[53,7],[305,7]]},"129":{"position":[[2217,7]]}}}],["content",{"_index":995,"t":{"87":{"position":[[7093,9]]},"97":{"position":[[1251,8]]},"129":{"position":[[864,7],[2240,8]]}}}],["contenttypenosniff",{"_index":1551,"t":{"133":{"position":[[998,19]]},"135":{"position":[[1756,19]]}}}],["contrib",{"_index":1244,"t":{"113":{"position":[[257,7]]}}}],["control",{"_index":1357,"t":{"115":{"position":[[11396,8]]},"141":{"position":[[1623,8]]}}}],["convert",{"_index":238,"t":{"16":{"position":[[74,7],[106,7],[171,7],[244,7]]},"29":{"position":[[379,8]]},"41":{"position":[[600,8]]}}}],["convolut",{"_index":500,"t":{"49":{"position":[[798,11]]}}}],["cooki",{"_index":78,"t":{"4":{"position":[[112,6],[122,6],[543,8],[570,6]]},"73":{"position":[[933,6]]},"75":{"position":[[2336,6],[2374,6]]},"77":{"position":[[483,6],[521,6]]},"89":{"position":[[570,6],[814,6]]},"95":{"position":[[1147,6],[1167,6],[3618,7]]},"97":{"position":[[1729,6],[1811,6],[1861,6],[3847,6]]},"111":{"position":[[21,6]]},"115":{"position":[[1029,6],[1066,6],[1090,7],[1203,6],[1242,6],[1286,7],[1307,6],[1332,6],[1396,6],[1430,6],[1449,6],[1484,6],[1548,6],[1590,6],[1630,6],[1661,6],[1682,7],[1712,6],[1748,6],[1827,6],[1875,7],[1913,6],[1956,6],[1975,6],[2011,6],[2067,6],[2125,7],[2200,6],[2254,6],[11587,6],[11631,6],[11675,7],[11776,6],[11783,6],[15840,6]]},"119":{"position":[[398,6]]},"129":{"position":[[1487,6],[1623,6],[1710,7],[1847,7],[1914,7],[1979,7],[2094,6],[2131,6],[2233,6],[2414,6],[2511,6],[2554,6],[3475,8],[3728,6],[3761,6],[3810,6],[3929,6]]},"137":{"position":[[122,6],[309,6]]},"139":{"position":[[4,6],[126,6],[199,7],[426,7],[518,6],[579,6]]},"141":{"position":[[139,6],[196,6],[326,6],[901,6],[1027,6],[1046,6],[1082,6],[1124,6],[1168,6],[1188,7],[1600,7],[2396,6]]},"145":{"position":[[373,6],[395,6]]},"147":{"position":[[1339,6],[1361,6]]},"149":{"position":[[711,8],[777,6]]},"151":{"position":[[103,8]]}}}],["cookie_expir",{"_index":1619,"t":{"141":{"position":[[2535,13]]}}}],["cookie_refresh",{"_index":1618,"t":{"141":{"position":[[2490,14]]}}}],["cookie_secret",{"_index":1083,"t":{"95":{"position":[[3589,13]]},"111":{"position":[[681,15]]}}}],["cookienam",{"_index":1589,"t":{"141":{"position":[[257,12],[301,10],[541,12]]}}}],["copi",{"_index":243,"t":{"16":{"position":[[343,4]]},"97":{"position":[[2600,4]]},"129":{"position":[[1825,6]]}}}],["coreo",{"_index":1031,"t":{"95":{"position":[[171,6]]}}}],["corp.com\"]client_id",{"_index":1075,"t":{"95":{"position":[[3240,20]]}}}],["corpor",{"_index":129,"t":{"6":{"position":[[218,9]]}}}],["correct",{"_index":879,"t":{"81":{"position":[[104,7]]},"83":{"position":[[110,7]]},"95":{"position":[[545,7]]}}}],["correctli",{"_index":862,"t":{"75":{"position":[[2425,10]]},"77":{"position":[[572,10]]},"135":{"position":[[382,9]]}}}],["count=1",{"_index":1219,"t":{"111":{"position":[[219,7]]}}}],["coupl",{"_index":1616,"t":{"141":{"position":[[2413,6]]}}}],["cours",{"_index":1608,"t":{"141":{"position":[[1938,7]]}}}],["cover",{"_index":1473,"t":{"127":{"position":[[30,7]]}}}],["creat",{"_index":184,"t":{"10":{"position":[[480,6]]},"73":{"position":[[40,6],[812,8],[1078,6],[2293,6],[2549,6]]},"75":{"position":[[253,6]]},"79":{"position":[[0,6]]},"81":{"position":[[0,6],[1350,7]]},"83":{"position":[[0,6]]},"85":{"position":[[92,6],[299,6],[487,8],[1461,6]]},"87":{"position":[[811,6],[1053,6],[1136,6],[1349,6],[1944,8],[1964,6],[2040,6],[3561,6],[4348,8],[4397,6],[4446,8],[4523,6],[5503,8],[5701,6],[6131,8],[6438,6],[6480,6]]},"91":{"position":[[42,6]]},"95":{"position":[[2653,6],[3002,6],[3791,6]]},"97":{"position":[[443,6],[2429,6]]},"101":{"position":[[0,6]]},"115":{"position":[[1512,8],[4914,7]]}}}],["credenti",{"_index":426,"t":{"37":{"position":[[284,11],[415,11]]},"73":{"position":[[297,13],[445,13],[478,12],[1170,11],[1603,11],[1736,12]]},"77":{"position":[[294,11]]},"85":{"position":[[270,10]]},"87":{"position":[[1024,10],[2440,11]]},"115":{"position":[[4665,11],[4710,11],[4751,11]]}}}],["crypto/tl",{"_index":649,"t":{"63":{"position":[[731,10]]},"115":{"position":[[14309,10]]},"145":{"position":[[914,10],[1062,11]]}}}],["csrf",{"_index":1274,"t":{"115":{"position":[[2074,4],[2120,4],[2207,4],[2249,4]]}}}],["current",{"_index":5,"t":{"2":{"position":[[50,8]]},"71":{"position":[[517,9]]},"95":{"position":[[1228,7]]},"115":{"position":[[6499,10]]},"145":{"position":[[735,9],[932,9]]}}}],["custom",{"_index":955,"t":{"87":{"position":[[1222,6],[3143,6],[5844,9]]},"95":{"position":[[2091,6]]},"115":{"position":[[2267,6],[2303,6],[2327,6],[2374,6],[3398,6],[3478,6]]},"129":{"position":[[3803,6]]},"145":{"position":[[508,13]]}}}],["cycl",{"_index":1663,"t":{"149":{"position":[[844,5],[906,6]]}}}],["d",{"_index":31,"t":{"2":{"position":[[319,2]]},"111":{"position":[[254,1]]}}}],["danger",{"_index":196,"t":{"12":{"position":[[0,6]]},"23":{"position":[[211,6]]}}}],["dashboard",{"_index":745,"t":{"73":{"position":[[220,9]]},"97":{"position":[[496,10],[798,10]]}}}],["data",{"_index":633,"t":{"63":{"position":[[210,4],[306,4]]},"85":{"position":[[1355,4]]},"97":{"position":[[426,4]]},"115":{"position":[[11745,4]]},"125":{"position":[[1392,4]]},"137":{"position":[[179,4]]},"139":{"position":[[550,4],[586,5]]}}}],["date",{"_index":1453,"t":{"123":{"position":[[1310,4]]},"125":{"position":[[1332,4]]},"127":{"position":[[602,4]]}}}],["day",{"_index":1134,"t":{"97":{"position":[[1170,4]]},"115":{"position":[[5693,4]]}}}],["dd",{"_index":1216,"t":{"111":{"position":[[194,2]]}}}],["debug",{"_index":1363,"t":{"115":{"position":[[12305,5]]}}}],["decim",{"_index":397,"t":{"31":{"position":[[153,7]]}}}],["decod",{"_index":1233,"t":{"111":{"position":[[620,6]]}}}],["decreas",{"_index":1206,"t":{"109":{"position":[[98,10]]}}}],["dedic",{"_index":965,"t":{"87":{"position":[[1916,11],[2523,9],[2641,9],[2695,10],[2775,10],[3415,9],[3467,9],[5053,9]]}}}],["deep",{"_index":1338,"t":{"115":{"position":[[8818,4]]}}}],["default",{"_index":430,"t":{"37":{"position":[[407,7]]},"47":{"position":[[176,9],[207,7],[431,7],[513,7],[637,7]]},"49":{"position":[[68,8],[226,7],[1170,7],[1198,7],[1218,7],[1363,7]]},"51":{"position":[[804,7],[1457,7]]},"53":{"position":[[1549,7],[1797,7]]},"63":{"position":[[647,7]]},"71":{"position":[[218,7]]},"73":{"position":[[1162,7],[1595,7],[1728,7]]},"75":{"position":[[2108,9],[2250,7]]},"87":{"position":[[680,8],[1290,8],[4339,8]]},"91":{"position":[[146,7]]},"93":{"position":[[196,7]]},"95":{"position":[[576,7],[1927,7],[2415,7],[2863,8],[4248,7]]},"101":{"position":[[575,8]]},"103":{"position":[[434,7]]},"115":{"position":[[24,7],[2433,7],[2749,7],[3446,7],[3526,7],[4390,9],[4702,7],[4743,7],[8391,7],[14224,7],[16039,8],[16110,7]]},"121":{"position":[[3,8],[627,7]]},"123":{"position":[[152,7],[636,7]]},"125":{"position":[[33,7],[372,7]]},"127":{"position":[[219,7],[407,7]]},"133":{"position":[[461,7],[686,7]]},"135":{"position":[[638,7],[921,7],[1166,7],[1372,7]]},"137":{"position":[[316,9]]},"139":{"position":[[34,7]]},"141":{"position":[[356,8]]},"145":{"position":[[635,8],[900,8]]},"147":{"position":[[168,8],[763,7]]},"149":{"position":[[620,7]]}}}],["defin",{"_index":333,"t":{"23":{"position":[[550,7]]},"51":{"position":[[1399,6]]},"53":{"position":[[158,7],[291,7],[1953,7]]},"59":{"position":[[140,7]]},"85":{"position":[[1511,6]]},"87":{"position":[[3447,7],[4126,7],[6020,7]]},"107":{"position":[[48,6]]}}}],["definit",{"_index":622,"t":{"57":{"position":[[76,11]]},"69":{"position":[[61,11]]}}}],["delay",{"_index":189,"t":{"10":{"position":[[571,5]]}}}],["delet",{"_index":1605,"t":{"141":{"position":[[1343,7]]}}}],["demo",{"_index":1118,"t":{"97":{"position":[[512,5]]}}}],["demonstr",{"_index":158,"t":{"8":{"position":[[558,11]]}}}],["depend",{"_index":111,"t":{"4":{"position":[[680,10]]},"8":{"position":[[85,13]]},"10":{"position":[[339,14]]},"99":{"position":[[228,9]]},"115":{"position":[[8543,8]]},"149":{"position":[[1239,12]]}}}],["deploy",{"_index":1,"t":{"2":{"position":[[14,7],[765,6]]},"73":{"position":[[1754,8],[1867,8],[2005,8]]},"97":{"position":[[3075,11]]}}}],["deprec",{"_index":1370,"t":{"115":{"position":[[12735,11]]}}}],["describ",{"_index":207,"t":{"12":{"position":[[172,9]]},"14":{"position":[[77,9]]},"95":{"position":[[2156,8]]}}}],["descript",{"_index":317,"t":{"21":{"position":[[34,11]]},"23":{"position":[[334,11]]},"25":{"position":[[34,11]]},"27":{"position":[[34,11]]},"29":{"position":[[111,11]]},"33":{"position":[[34,11]]},"35":{"position":[[34,11]]},"37":{"position":[[34,11]]},"39":{"position":[[129,11]]},"41":{"position":[[127,11]]},"43":{"position":[[34,11]]},"45":{"position":[[34,11]]},"49":{"position":[[1098,11]]},"51":{"position":[[34,11]]},"53":{"position":[[90,11]]},"59":{"position":[[172,11]]},"61":{"position":[[96,11]]},"63":{"position":[[162,11]]},"65":{"position":[[308,11]]},"67":{"position":[[182,11]]},"69":{"position":[[106,11]]},"87":{"position":[[2760,11],[5488,11]]},"95":{"position":[[2324,11]]},"101":{"position":[[71,11]]},"115":{"position":[[12,11]]},"123":{"position":[[821,11]]},"125":{"position":[[676,11]]},"127":{"position":[[549,11]]}}}],["deselect",{"_index":969,"t":{"87":{"position":[[2274,10]]}}}],["desir",{"_index":444,"t":{"39":{"position":[[574,7]]}}}],["detail",{"_index":141,"t":{"8":{"position":[[167,7],[457,6]]},"12":{"position":[[122,8],[336,7]]},"75":{"position":[[2273,8]]},"95":{"position":[[508,8]]},"115":{"position":[[12330,8]]},"123":{"position":[[1042,7],[1552,8]]},"127":{"position":[[751,7]]}}}],["determin",{"_index":437,"t":{"39":{"position":[[307,10]]},"65":{"position":[[145,9]]},"67":{"position":[[1981,10],[2270,10]]},"115":{"position":[[9212,9]]},"135":{"position":[[362,9]]}}}],["dev.yaml",{"_index":1040,"t":{"95":{"position":[[679,9],[878,8]]}}}],["develop",{"_index":1088,"t":{"95":{"position":[[3737,9]]},"97":{"position":[[315,9]]}}}],["dex",{"_index":1032,"t":{"95":{"position":[[178,3],[352,4],[392,4],[435,4],[802,4],[1521,4]]}}}],["differ",{"_index":498,"t":{"49":{"position":[[759,9]]},"55":{"position":[[77,9]]},"73":{"position":[[2685,9]]},"115":{"position":[[2110,9],[6474,6]]},"121":{"position":[[381,9]]},"123":{"position":[[546,9]]},"125":{"position":[[279,9]]},"127":{"position":[[313,9]]}}}],["digitalocean",{"_index":616,"t":{"55":{"position":[[152,12]]},"71":{"position":[[338,12]]}}}],["dir",{"_index":1278,"t":{"115":{"position":[[2284,3]]}}}],["dir\",th",{"_index":698,"t":{"67":{"position":[[1427,10]]}}}],["direct",{"_index":363,"t":{"25":{"position":[[67,7]]},"87":{"position":[[2253,6]]},"129":{"position":[[23,9]]},"149":{"position":[[1188,9]]}}}],["directli",{"_index":1376,"t":{"115":{"position":[[13575,8]]},"149":{"position":[[22,8]]}}}],["directori",{"_index":812,"t":{"75":{"position":[[72,10],[1356,9]]},"89":{"position":[[1201,9]]},"95":{"position":[[1244,9]]},"97":{"position":[[2480,9]]},"113":{"position":[[265,10]]},"117":{"position":[[595,9]]}}}],["directory/develop/v2",{"_index":857,"t":{"75":{"position":[[2201,20]]}}}],["disabl",{"_index":627,"t":{"61":{"position":[[209,8],[338,8]]},"87":{"position":[[5072,9]]},"115":{"position":[[1781,8],[2425,7],[3438,7],[3518,7],[5798,7],[6829,8],[12564,7]]},"121":{"position":[[483,8],[791,8]]},"141":{"position":[[1115,7]]},"149":{"position":[[608,8]]}}}],["disallow",{"_index":1657,"t":{"149":{"position":[[244,9]]}}}],["disclos",{"_index":170,"t":{"10":{"position":[[65,9],[298,9]]}}}],["disclosur",{"_index":124,"t":{"6":{"position":[[139,11]]},"8":{"position":[[194,11],[491,10]]},"10":{"position":[[129,10]]},"141":{"position":[[839,11]]}}}],["discov",{"_index":160,"t":{"8":{"position":[[590,10]]}}}],["discoveri",{"_index":530,"t":{"51":{"position":[[447,9],[888,9]]},"97":{"position":[[3252,10],[3298,9],[3485,9],[3711,9]]},"115":{"position":[[6816,9],[13390,9],[13426,10]]},"151":{"position":[[826,11]]}}}],["discret",{"_index":195,"t":{"10":{"position":[[695,10]]}}}],["discuss",{"_index":169,"t":{"10":{"position":[[47,7],[216,10]]}}}],["display",{"_index":276,"t":{"18":{"position":[[821,7]]},"53":{"position":[[1591,7]]},"83":{"position":[[332,7]]},"95":{"position":[[979,7]]},"115":{"position":[[2449,7],[2476,7],[8445,7]]}}}],["doc",{"_index":1246,"t":{"115":{"position":[[66,4]]}}}],["docker",{"_index":20,"t":{"2":{"position":[[215,6]]},"95":{"position":[[1490,6]]},"97":{"position":[[2318,6],[2556,6],[2574,6]]}}}],["document",{"_index":199,"t":{"12":{"position":[[26,13]]},"63":{"position":[[742,14]]},"87":{"position":[[306,13],[1487,14],[5580,14],[6717,13]]},"95":{"position":[[2470,13]]},"99":{"position":[[387,13]]},"115":{"position":[[14320,14]]}}}],["doesn't",{"_index":861,"t":{"75":{"position":[[2398,7]]},"77":{"position":[[545,7]]}}}],["domain",{"_index":487,"t":{"49":{"position":[[529,7],[655,7]]},"71":{"position":[[147,6]]},"73":{"position":[[648,6],[1058,7],[2364,6]]},"81":{"position":[[407,8]]},"87":{"position":[[277,6]]},"89":{"position":[[1263,6]]},"95":{"position":[[1194,6]]},"97":{"position":[[3874,6]]},"105":{"position":[[22,6],[221,9]]},"115":{"position":[[1036,6],[1073,7],[1138,6],[1210,6],[2560,6],[2620,6],[15114,6],[15143,7],[15196,6],[15910,6],[15929,6],[16004,6],[16263,7]]},"119":{"position":[[469,6]]},"129":{"position":[[548,8]]},"133":{"position":[[469,8],[694,8]]},"135":{"position":[[646,8],[929,8],[1174,8],[1380,8]]},"151":{"position":[[854,6],[964,6],[1064,6]]},"153":{"position":[[268,7]]}}}],["domain.com",{"_index":1443,"t":{"123":{"position":[[964,10]]},"125":{"position":[[819,10]]}}}],["domain.tld/gitlab",{"_index":1013,"t":{"89":{"position":[[1217,19]]}}}],["domain.tld/gitlab/oauth",{"_index":1018,"t":{"89":{"position":[[1366,24]]}}}],["domain.tld/oauth",{"_index":1016,"t":{"89":{"position":[[1332,16]]}}}],["domain=\"yourcompany.com",{"_index":1629,"t":{"145":{"position":[[237,24]]},"147":{"position":[[1274,24]]}}}],["domain=/oauth2/callback",{"_index":1195,"t":{"101":{"position":[[611,24]]}}}],["headers.default",{"_index":443,"t":{"39":{"position":[[456,16]]}}}],["headers/pass_user_head",{"_index":260,"t":{"18":{"position":[[390,25]]}}}],["headers/skip_auth_strip_head",{"_index":270,"t":{"18":{"position":[[680,31]]}}}],["headershould",{"_index":438,"t":{"39":{"position":[[346,12]]}}}],["headervalu",{"_index":374,"t":{"29":{"position":[[13,12]]},"39":{"position":[[540,13]]},"41":{"position":[[21,11]]},"59":{"position":[[26,12]]}}}],["health",{"_index":1336,"t":{"115":{"position":[[8629,6],[8716,6],[8823,6]]},"149":{"position":[[384,6]]}}}],["helm",{"_index":34,"t":{"2":{"position":[[350,6]]}}}],["here",{"_index":1113,"t":{"97":{"position":[[344,5]]}}}],["hex",{"_index":1593,"t":{"141":{"position":[[406,3]]}}}],["histor",{"_index":1575,"t":{"139":{"position":[[103,13]]}}}],["hit",{"_index":754,"t":{"73":{"position":[[408,3]]},"75":{"position":[[658,3],[1276,7]]}}}],["hold",{"_index":564,"t":{"53":{"position":[[33,5],[546,5],[631,5],[710,5],[803,5],[892,5],[979,5],[1065,5],[1145,5],[1275,5]]}}}],["homepag",{"_index":1187,"t":{"101":{"position":[[57,9]]}}}],["host",{"_index":250,"t":{"18":{"position":[[162,4]]},"67":{"position":[[2301,4]]},"83":{"position":[[47,4],[495,4],[560,4],[630,4]]},"89":{"position":[[185,7],[1053,6],[1175,6]]},"101":{"position":[[606,4]]},"115":{"position":[[1168,4],[7889,4],[7923,4]]},"123":{"position":[[959,4],[992,4]]},"125":{"position":[[475,9],[814,4],[847,4]]},"129":{"position":[[370,4],[375,6],[708,4],[713,6]]},"147":{"position":[[1006,4],[1011,6]]}}}],["host(`a",{"_index":1537,"t":{"133":{"position":[[342,8],[537,8]]},"135":{"position":[[432,8],[726,8],[1013,8]]}}}],["host(`oauth.example.com",{"_index":1569,"t":{"135":{"position":[[1255,26]]}}}],["host>/api/v3",{"_index":899,"t":{"81":{"position":[[1953,13]]}}}],["host>/auth/realms//login/oauth/access_token",{"_index":898,"t":{"81":{"position":[[1878,31]]}}}],["host>/login/oauth/author",{"_index":897,"t":{"81":{"position":[[1808,28]]}}}],["host>/oauth2/callback",{"_index":902,"t":{"83":{"position":[[144,21],[298,22]]}}}],["host_head",{"_index":1458,"t":{"125":{"position":[[143,13]]}}}],["hostnam",{"_index":1169,"t":{"97":{"position":[[3220,9]]},"101":{"position":[[228,8]]},"103":{"position":[[131,8]]}}}],["hosts.thi",{"_index":701,"t":{"67":{"position":[[1574,10]]}}}],["hour",{"_index":809,"t":{"73":{"position":[[3105,4]]}}}],["hst",{"_index":1646,"t":{"147":{"position":[[737,5]]}}}],["htaccess",{"_index":1334,"t":{"115":{"position":[[7784,8]]}}}],["html",{"_index":1279,"t":{"115":{"position":[[2310,4],[3405,6],[3485,6]]}}}],["htpasswd",{"_index":1282,"t":{"115":{"position":[[2457,8],[2521,8],[4826,8],[4883,8],[4927,8],[4963,8],[5034,8]]}}}],["http",{"_index":352,"t":{"23":{"position":[[1307,4],[1316,5],[1615,4],[1624,5]]},"67":{"position":[[1568,5]]},"83":{"position":[[26,9]]},"115":{"position":[[107,4],[656,4],[1943,6],[3252,5],[3271,5],[3346,4],[5051,4],[5128,4],[5231,5],[5293,5],[7500,4],[12216,4],[13708,5],[13824,5],[14513,4],[15524,4],[15697,4],[16153,5],[16167,6]]},"117":{"position":[[151,4],[160,5]]},"121":{"position":[[439,4]]},"125":{"position":[[0,4],[1257,4],[1404,4]]},"127":{"position":[[713,5]]},"133":{"position":[[310,5]]},"135":{"position":[[392,5]]},"137":{"position":[[70,4]]},"147":{"position":[[307,4],[340,4]]}}}],["http(",{"_index":348,"t":{"23":{"position":[[1239,7],[1561,7]]},"61":{"position":[[70,7]]},"67":{"position":[[1147,7]]},"117":{"position":[[91,7]]}}}],["http/1.0",{"_index":1444,"t":{"123":{"position":[[1080,8]]},"125":{"position":[[869,8]]}}}],["http/1.1",{"_index":1460,"t":{"125":{"position":[[186,8]]}}}],["http/1.1x",{"_index":1672,"t":{"151":{"position":[[623,9]]}}}],["http://0.0.0.0:8080\"]email_domain",{"_index":1100,"t":{"95":{"position":[[4524,35]]}}}],["http://127.0.0.1:4180",{"_index":1057,"t":{"95":{"position":[[1360,21]]},"129":{"position":[[330,22],[668,22]]},"147":{"position":[[966,22]]}}}],["http://127.0.0.1:4180/oauth2/callback",{"_index":1049,"t":{"95":{"position":[[1067,37]]},"97":{"position":[[3623,37]]}}}],["http://127.0.0.1:4180/oauth2/callback'nam",{"_index":1042,"t":{"95":{"position":[[722,44]]}}}],["http://127.0.0.1:4180/static",{"_index":1058,"t":{"95":{"position":[[1385,28]]}}}],["http://127.0.0.1:5556",{"_index":1174,"t":{"97":{"position":[[3678,21]]}}}],["http://127.0.0.1:5556/author",{"_index":1175,"t":{"97":{"position":[[3732,31]]}}}],["http://127.0.0.1:5556/dex",{"_index":1050,"t":{"95":{"position":[[1121,25]]}}}],["http://127.0.0.1:5556/key",{"_index":1177,"t":{"97":{"position":[[3819,26]]}}}],["http://127.0.0.1:5556/token",{"_index":1176,"t":{"97":{"position":[[3776,27]]}}}],["http://127.0.0.1:8080",{"_index":1406,"t":{"117":{"position":[[218,22]]}}}],["http://127.0.0.1:8080/some/path",{"_index":1407,"t":{"117":{"position":[[361,32]]}}}],["http://172.16.0.1:4180",{"_index":1546,"t":{"133":{"position":[[876,22]]},"135":{"position":[[1634,22]]}}}],["http://172.16.0.2:7555",{"_index":1545,"t":{"133":{"position":[[808,22]]},"135":{"position":[[1494,22]]}}}],["http://172.16.0.3:7555",{"_index":1570,"t":{"135":{"position":[[1566,22]]}}}],["http://[::1]:4180",{"_index":1308,"t":{"115":{"position":[[5194,17]]}}}],["http://[oauth2",{"_index":1410,"t":{"117":{"position":[[608,14],[963,14]]}}}],["http://]:::/sign_in",{"_index":1343,"t":{"115":{"position":[[9011,18]]}}}],["oauth2_proxy_",{"_index":1416,"t":{"119":{"position":[[93,14]]}}}],["oauth2_proxy_cookie_secret",{"_index":1419,"t":{"119":{"position":[[425,27]]}}}],["oauth2_proxy_email_domain",{"_index":1420,"t":{"119":{"position":[[489,27]]}}}],["oauth2_proxy_jwt_key",{"_index":1140,"t":{"97":{"position":[[1299,24]]}}}],["oauth2_proxy_jwt_key_file=/etc/ssl/private/jwt_signing_key.pem",{"_index":1163,"t":{"97":{"position":[[2672,62]]}}}],["oauth_proxi",{"_index":1264,"t":{"115":{"position":[[1500,11]]}}}],["obtain",{"_index":1398,"t":{"115":{"position":[[15664,9]]}}}],["occur",{"_index":1475,"t":{"127":{"position":[[187,5]]}}}],["oidc",{"_index":304,"t":{"18":{"position":[[1278,5]]},"43":{"position":[[229,4]]},"51":{"position":[[442,4],[883,4]]},"53":{"position":[[1174,4],[1208,4]]},"55":{"position":[[218,5],[259,5]]},"75":{"position":[[1560,4],[1868,4]]},"85":{"position":[[60,4]]},"87":{"position":[[20,4],[161,4],[1365,4],[1506,4],[1765,4],[1977,4],[3951,4],[4248,4],[5878,4]]},"89":{"position":[[1126,4]]},"95":{"position":[[244,6],[374,4],[965,4],[996,4],[1105,4],[1549,4]]},"97":{"position":[[16,4],[1673,4],[3247,4],[3293,4],[3480,4],[3559,4],[3662,4],[3706,4],[3805,4]]},"115":{"position":[[6298,4],[6410,4],[6455,4],[6574,4],[6614,4],[6649,4],[6740,4],[6761,4],[6811,4],[6840,4],[6870,4],[6917,4],[6948,4],[6995,4],[7028,4],[7069,4],[7409,4],[8163,4],[13385,4],[13412,4],[13469,4],[14997,4],[15875,4]]},"151":{"position":[[481,4],[667,4],[780,4],[889,4]]}}}],["oidc\"redirect_url",{"_index":1071,"t":{"95":{"position":[[3061,18],[4388,18]]}}}],["oidc_issuer_url",{"_index":852,"t":{"75":{"position":[[2036,16]]},"95":{"position":[[3372,15]]}}}],["oidcconfig",{"_index":586,"t":{"53":{"position":[[1111,10],[1134,10]]}}}],["oidcopt",{"_index":587,"t":{"53":{"position":[[1122,11]]}}}],["ok",{"_index":50,"t":{"2":{"position":[[588,2]]},"149":{"position":[[227,2],[340,2],[421,2]]}}}],["okta",{"_index":1033,"t":{"95":{"position":[[315,5],[1526,5],[1567,5],[1612,4],[2465,4],[3708,4],[3834,4],[4309,4],[4482,4]]}}}],["old",{"_index":1322,"t":{"115":{"position":[[5708,3],[5768,3]]},"141":{"position":[[1530,3]]}}}],["omit",{"_index":1403,"t":{"115":{"position":[[16195,4]]}}}],["on",{"_index":95,"t":{"4":{"position":[[354,3]]},"8":{"position":[[674,4]]},"49":{"position":[[95,3],[259,3],[614,3],[1458,3]]},"59":{"position":[[101,3]]},"97":{"position":[[2206,3]]},"103":{"position":[[683,3]]},"105":{"position":[[156,3]]},"111":{"position":[[39,3]]},"115":{"position":[[479,4],[9284,4],[13330,3]]},"123":{"position":[[313,3]]},"137":{"position":[[187,3]]}}}],["onc",{"_index":180,"t":{"10":{"position":[[421,4]]},"73":{"position":[[3097,4]]},"97":{"position":[[2843,4]]}}}],["onlyvalu",{"_index":515,"t":{"49":{"position":[[1436,10]]}}}],["open",{"_index":136,"t":{"8":{"position":[[113,4]]},"73":{"position":[[464,4]]},"77":{"position":[[0,4]]},"95":{"position":[[106,4]]}}}],["openid",{"_index":518,"t":{"51":{"position":[[80,6],[986,6]]},"71":{"position":[[303,6],[549,6]]},"87":{"position":[[901,7],[2066,7]]},"89":{"position":[[276,7]]},"95":{"position":[[0,6],[220,6],[2628,6]]},"97":{"position":[[862,6],[906,6]]},"115":{"position":[[6676,6]]}}}],["openssl",{"_index":1126,"t":{"97":{"position":[[1104,7]]},"111":{"position":[[78,7],[288,7]]}}}],["oppos",{"_index":1014,"t":{"89":{"position":[[1240,7]]}}}],["option",{"_index":60,"t":{"2":{"position":[[714,8]]},"12":{"position":[[164,7],[317,8],[373,7]]},"14":{"position":[[218,7],[263,7]]},"16":{"position":[[37,7],[256,7],[379,7],[437,7]]},"18":{"position":[[1233,8],[1251,6],[1369,7],[1480,7]]},"23":{"position":[[53,8],[77,7],[222,7]]},"29":{"position":[[246,8]]},"31":{"position":[[180,8]]},"39":{"position":[[416,6]]},"41":{"position":[[467,8]]},"47":{"position":[[186,6],[316,7]]},"49":{"position":[[1187,10],[1316,10]]},"55":{"position":[[101,7],[115,7]]},"63":{"position":[[102,8]]},"67":{"position":[[1585,6],[2039,6]]},"73":{"position":[[1066,11],[2071,7]]},"81":{"position":[[276,8],[362,7]]},"83":{"position":[[223,7]]},"85":{"position":[[1050,8]]},"87":{"position":[[299,6],[356,9],[435,9],[499,9],[3965,7],[4782,7],[5127,7],[5440,6],[5896,6],[5945,6],[6051,6],[6308,8],[6546,6],[6651,6],[6974,8]]},"89":{"position":[[905,7]]},"95":{"position":[[1721,10],[2023,6],[2452,8]]},"97":{"position":[[1540,8],[2132,7],[3495,7]]},"101":{"position":[[407,8],[530,7],[706,7]]},"103":{"position":[[344,8],[584,7]]},"109":{"position":[[48,8],[148,7]]},"113":{"position":[[169,6]]},"115":{"position":[[0,6],[52,9],[1057,8],[1652,8],[1883,11],[10776,6],[10871,7],[12680,7],[15437,10],[15740,6],[15917,7],[16362,7]]},"117":{"position":[[61,6]]},"131":{"position":[[5,6],[37,6]]},"135":{"position":[[175,7],[2326,6]]},"141":{"position":[[3337,6],[3432,7]]},"151":{"position":[[985,6]]}}}],["order",{"_index":1207,"t":{"109":{"position":[[109,5]]}}}],["org",{"_index":409,"t":{"33":{"position":[[46,3],[57,3],[478,3]]},"81":{"position":[[534,3],[635,7],[795,4],[1559,3]]},"115":{"position":[[3551,3],[4037,3]]}}}],["organ",{"_index":882,"t":{"81":{"position":[[259,12],[580,12],[713,12]]}}}],["organis",{"_index":410,"t":{"33":{"position":[[101,12]]},"81":{"position":[[678,12]]},"115":{"position":[[3597,12]]}}}],["organization'",{"_index":486,"t":{"49":{"position":[[514,14]]}}}],["organizationdefault",{"_index":476,"t":{"49":{"position":[[6,20]]}}}],["orgname/repo",{"_index":891,"t":{"81":{"position":[[1150,12]]},"115":{"position":[[3795,12]]}}}],["orgname/repo=accesslevel",{"_index":1297,"t":{"115":{"position":[[4302,25]]}}}],["origin",{"_index":762,"t":{"73":{"position":[[632,7]]},"95":{"position":[[146,10]]}}}],["os,base64",{"_index":1214,"t":{"111":{"position":[[125,10]]}}}],["otherwis",{"_index":475,"t":{"47":{"position":[[751,10]]},"51":{"position":[[631,10]]},"69":{"position":[[232,9]]},"95":{"position":[[1903,10]]},"151":{"position":[[992,9]]}}}],["out",{"_index":1067,"t":{"95":{"position":[[2125,3],[2318,3]]},"97":{"position":[[1156,3]]},"149":{"position":[[691,3]]},"151":{"position":[[17,4],[325,3]]}}}],["output",{"_index":1421,"t":{"121":{"position":[[34,6],[81,6]]},"123":{"position":[[142,6]]},"125":{"position":[[23,6]]},"127":{"position":[[80,6]]}}}],["outsid",{"_index":795,"t":{"73":{"position":[[2014,7]]},"119":{"position":[[326,7]]},"127":{"position":[[193,7]]}}}],["overrid",{"_index":650,"t":{"65":{"position":[[178,9]]},"93":{"position":[[183,8]]},"115":{"position":[[8465,8],[9938,8]]}}}],["overridden",{"_index":468,"t":{"47":{"position":[[371,10]]},"49":{"position":[[245,10],[388,11],[1279,11]]}}}],["override_speci",{"_index":1240,"t":{"111":{"position":[[711,16]]}}}],["overwrit",{"_index":1208,"t":{"109":{"position":[[161,9],[224,9]]}}}],["packag",{"_index":1204,"t":{"107":{"position":[[37,7]]}}}],["pad",{"_index":1595,"t":{"141":{"position":[[479,9]]}}}],["page",{"_index":197,"t":{"12":{"position":[[12,4],[143,4],[190,4],[331,4]]},"53":{"position":[[1654,5]]},"75":{"position":[[506,4],[1091,4],[1205,4]]},"115":{"position":[[2403,4],[3357,5],[8538,4],[12366,5],[13567,4]]},"149":{"position":[[656,5],[695,4],[1282,5]]},"151":{"position":[[329,4]]}}}],["pair",{"_index":1287,"t":{"115":{"position":[[2924,5]]},"141":{"position":[[533,4]]}}}],["pane",{"_index":747,"t":{"73":{"position":[[237,5],[284,5],[325,5],[432,5]]},"87":{"position":[[2659,4]]}}}],["parallel",{"_index":1276,"t":{"115":{"position":[[2173,8]]}}}],["paramet",{"_index":320,"t":{"21":{"position":[[83,9]]},"47":{"position":[[81,9],[280,10],[347,9],[476,9],[654,9]]},"49":{"position":[[36,9],[198,9],[366,9],[1159,10]]},"53":{"position":[[1965,10]]},"65":{"position":[[82,10],[202,9],[600,9]]},"87":{"position":[[6989,10]]},"117":{"position":[[258,10],[1096,10],[1121,9]]},"129":{"position":[[3773,10]]},"151":{"position":[[364,10]]},"153":{"position":[[123,10],[140,11]]}}}],["part",{"_index":325,"t":{"23":{"position":[[149,4]]},"129":{"position":[[1796,6],[2177,4],[2455,4]]}}}],["particularli",{"_index":1418,"t":{"119":{"position":[[286,12]]}}}],["pass",{"_index":69,"t":{"4":{"position":[[12,7]]},"18":{"position":[[157,4],[312,4],[344,4],[380,4],[416,4]]},"47":{"position":[[103,6],[253,6],[560,6],[677,6]]},"49":{"position":[[58,6],[216,6]]},"51":{"position":[[1593,4]]},"53":{"position":[[1988,6]]},"65":{"position":[[93,6],[212,6]]},"69":{"position":[[154,4]]},"73":{"position":[[2643,4]]},"75":{"position":[[2410,6]]},"77":{"position":[[557,6]]},"83":{"position":[[204,4]]},"87":{"position":[[3008,4]]},"95":{"position":[[1795,6]]},"97":{"position":[[2283,4]]},"101":{"position":[[388,4]]},"103":{"position":[[325,4]]},"115":{"position":[[644,7],[7145,4],[7170,4],[7193,4],[7373,4],[7404,4],[7474,4],[7495,4],[7698,7],[7836,4],[7858,4],[7884,4],[7906,4],[7954,4],[7977,4],[11992,4]]},"117":{"position":[[71,4]]},"129":{"position":[[990,4],[1301,4],[1330,4]]},"137":{"position":[[276,6]]},"141":{"position":[[2154,4]]}}}],["passhosthead",{"_index":721,"t":{"67":{"position":[[2235,14],[2255,14]]}}}],["password",{"_index":390,"t":{"29":{"position":[[529,8]]},"41":{"position":[[750,8]]},"115":{"position":[[603,8],[623,8],[2495,8],[9860,8],[9882,9],[9951,8],[10007,8],[10038,9],[10098,9],[10128,8]]}}}],["password/basic_auth_password",{"_index":268,"t":{"18":{"position":[[635,28]]}}}],["patch",{"_index":191,"t":{"10":{"position":[[601,7]]}}}],["path",{"_index":235,"t":{"14":{"position":[[123,4]]},"23":{"position":[[536,4]]},"37":{"position":[[251,4]]},"41":{"position":[[300,4]]},"45":{"position":[[150,4]]},"53":{"position":[[1698,5]]},"59":{"position":[[345,4]]},"67":{"position":[[140,4],[165,5],[296,4],[308,4],[407,5],[592,4],[622,4],[671,4],[721,4],[824,4],[877,4],[949,4],[1199,5],[1378,4]]},"69":{"position":[[171,4],[397,4],[422,5]]},"73":{"position":[[2888,4]]},"87":{"position":[[5939,5]]},"115":{"position":[[1007,4],[1637,4],[1668,4],[2295,4],[2354,4],[3037,4],[3073,5],[3131,5],[4632,4],[6070,4],[8291,5],[8572,4],[8766,4],[8961,4],[12805,5],[12943,5],[14022,4],[14357,4],[14559,5],[14653,4]]},"117":{"position":[[501,5],[703,4],[852,4],[1256,4]]},"125":{"position":[[177,8],[1166,4]]},"149":{"position":[[279,6]]}}}],["path.eg",{"_index":691,"t":{"67":{"position":[[1257,8]]}}}],["path/to/cert.key",{"_index":1651,"t":{"147":{"position":[[869,18]]}}}],["path/to/cert.pem",{"_index":1649,"t":{"147":{"position":[[830,18]]}}}],["path/to/existing/config.cfg",{"_index":239,"t":{"16":{"position":[[204,29],[558,29]]}}}],["path/to/new/config.yaml",{"_index":244,"t":{"16":{"position":[[523,25]]}}}],["path/to/sit",{"_index":1508,"t":{"129":{"position":[[2623,15]]}}}],["path_regex",{"_index":1248,"t":{"115":{"position":[[195,10],[13015,10],[13029,12]]}}}],["pathprefix",{"_index":1564,"t":{"135":{"position":[[491,16],[1285,16]]}}}],["pathprefix(`/no",{"_index":1566,"t":{"135":{"position":[[760,15]]}}}],["pathprefix(`/oauth2",{"_index":1543,"t":{"133":{"position":[[592,23]]},"135":{"position":[[1072,23]]}}}],["pattern",{"_index":489,"t":{"49":{"position":[[561,8],[978,8]]},"65":{"position":[[259,7],[379,7],[396,7]]},"67":{"position":[[449,7]]}}}],["pem",{"_index":457,"t":{"45":{"position":[[87,3],[182,3]]},"97":{"position":[[1023,4],[2383,3],[2528,3]]},"115":{"position":[[5925,3],[6102,3]]}}}],["per",{"_index":1203,"t":{"105":{"position":[[166,3]]},"115":{"position":[[484,3],[2079,3],[2133,3]]}}}],["perform",{"_index":975,"t":{"87":{"position":[[3757,7]]},"95":{"position":[[397,7],[1573,7]]}}}],["period",{"_index":394,"t":{"31":{"position":[[81,6]]},"67":{"position":[[2128,6]]},"115":{"position":[[3173,6]]}}}],["permiss",{"_index":806,"t":{"73":{"position":[[2778,11]]},"75":{"position":[[445,11],[494,11],[538,11],[598,12],[666,11],[775,10],[2222,11]]},"103":{"position":[[176,11]]}}}],["pick",{"_index":814,"t":{"75":{"position":[[144,4]]},"95":{"position":[[2235,4],[2660,4]]}}}],["pin",{"_index":1645,"t":{"147":{"position":[[713,3]]}}}],["ping",{"_index":1335,"t":{"115":{"position":[[8567,4],[8588,4],[8643,7],[8653,4],[12546,4],[12595,4]]},"121":{"position":[[716,5],[743,4],[815,4]]},"149":{"position":[[318,5]]}}}],["ping,/path2",{"_index":1291,"t":{"115":{"position":[[3109,14]]}}}],["pkce",{"_index":948,"t":{"87":{"position":[[569,4]]},"115":{"position":[[904,4]]}}}],["plain",{"_index":1253,"t":{"115":{"position":[[959,7]]},"129":{"position":[[2894,5]]}}}],["plan",{"_index":836,"t":{"75":{"position":[[1030,8]]}}}],["platform",{"_index":819,"t":{"75":{"position":[[270,8],[1660,8]]},"95":{"position":[[2603,8]]},"147":{"position":[[86,8],[276,8]]}}}],["pleas",{"_index":135,"t":{"8":{"position":[[99,6],[144,6],[346,6],[434,6]]},"12":{"position":[[260,6],[835,6]]},"71":{"position":[[430,6]]},"87":{"position":[[2113,6],[6688,6]]}}}],["plural",{"_index":1242,"t":{"113":{"position":[[186,6]]},"119":{"position":[[257,6]]}}}],["poc",{"_index":1268,"t":{"115":{"position":[[1699,6]]}}}],["point",{"_index":1017,"t":{"89":{"position":[[1349,8]]},"135":{"position":[[119,8]]}}}],["polici",{"_index":833,"t":{"75":{"position":[[884,8]]},"95":{"position":[[2351,8]]}}}],["popul",{"_index":934,"t":{"85":{"position":[[1276,8]]}}}],["port",{"_index":1037,"t":{"95":{"position":[[584,5]]},"115":{"position":[[16059,5],[16118,4],[16231,5],[16302,5]]},"147":{"position":[[390,4],[460,4]]},"151":{"position":[[1075,4]]}}}],["possibl",{"_index":126,"t":{"6":{"position":[[165,9]]},"8":{"position":[[467,9]]},"31":{"position":[[125,8]]},"85":{"position":[[82,9]]},"89":{"position":[[877,8]]},"115":{"position":[[2156,8]]}}}],["post",{"_index":140,"t":{"8":{"position":[[158,4]]}}}],["potenti",{"_index":161,"t":{"8":{"position":[[622,9]]},"67":{"position":[[1619,9]]}}}],["powershel",{"_index":1212,"t":{"111":{"position":[[86,10]]}}}],["ppc64le",{"_index":25,"t":{"2":{"position":[[270,8]]}}}],["pr",{"_index":138,"t":{"8":{"position":[[130,2]]},"10":{"position":[[373,3]]}}}],["practic",{"_index":961,"t":{"87":{"position":[[1434,10]]}}}],["pre",{"_index":977,"t":{"87":{"position":[[4122,3]]}}}],["prebuilt",{"_index":3,"t":{"2":{"position":[[34,8],[206,8],[357,8]]}}}],["preced",{"_index":666,"t":{"67":{"position":[[388,10]]},"109":{"position":[[118,11]]}}}],["prefer",{"_index":266,"t":{"18":{"position":[[582,6]]},"115":{"position":[[7569,9],[7619,6],[7645,6],[8054,9],[11902,9]]}}}],["preferred_usernam",{"_index":739,"t":{"71":{"position":[[489,18]]}}}],["prefix",{"_index":379,"t":{"29":{"position":[[219,6],[233,6],[255,6]]},"41":{"position":[[440,6],[454,6],[476,6]]},"67":{"position":[[627,8],[676,8]]},"115":{"position":[[1555,6],[8934,6],[15189,6],[15936,8]]},"119":{"position":[[75,9]]},"149":{"position":[[136,6],[175,6]]}}}],["preflight",{"_index":1369,"t":{"115":{"position":[[12636,9]]}}}],["prepend",{"_index":380,"t":{"29":{"position":[[275,9]]},"41":{"position":[[496,9]]}}}],["present",{"_index":165,"t":{"8":{"position":[[705,7]]},"115":{"position":[[8179,8],[13687,9],[13803,9]]},"137":{"position":[[237,7]]}}}],["preserv",{"_index":439,"t":{"39":{"position":[[362,9]]}}}],["preserverequestvalu",{"_index":436,"t":{"39":{"position":[[260,20],[286,20]]}}}],["pretti",{"_index":1179,"t":{"99":{"position":[[282,6]]}}}],["prevent",{"_index":524,"t":{"51":{"position":[[200,8]]},"139":{"position":[[460,7]]}}}],["preview",{"_index":993,"t":{"87":{"position":[[6818,7]]},"95":{"position":[[1682,7]]}}}],["previou",{"_index":194,"t":{"10":{"position":[[652,8]]}}}],["previous",{"_index":176,"t":{"10":{"position":[[287,10]]}}}],["primari",{"_index":326,"t":{"23":{"position":[[161,7]]}}}],["print",{"_index":241,"t":{"16":{"position":[[304,5]]},"115":{"position":[[15081,5]]}}}],["print(base64.urlsafe_b64encode(os.urandom(32)).decod",{"_index":1215,"t":{"111":{"position":[[136,57]]}}}],["prior",{"_index":212,"t":{"12":{"position":[[245,5]]},"89":{"position":[[119,5]]}}}],["privat",{"_index":145,"t":{"8":{"position":[[222,8]]},"10":{"position":[[37,9]]},"45":{"position":[[72,7],[162,7]]},"81":{"position":[[1048,7]]},"97":{"position":[[1065,7]]},"115":{"position":[[5910,7],[6082,7],[14365,7]]}}}],["process",{"_index":1162,"t":{"97":{"position":[[2587,7]]},"125":{"position":[[965,8]]},"129":{"position":[[2934,9],[2980,9]]}}}],["product",{"_index":753,"t":{"73":{"position":[[374,8]]},"97":{"position":[[294,10]]},"115":{"position":[[12437,11]]}}}],["profil",{"_index":284,"t":{"18":{"position":[[933,7]]},"53":{"position":[[2131,7]]},"85":{"position":[[727,7]]},"89":{"position":[[284,7]]},"97":{"position":[[1992,7]]},"115":{"position":[[8104,7],[8123,7]]}}}],["profileurl",{"_index":606,"t":{"53":{"position":[[2095,10],[2113,10]]}}}],["project",{"_index":116,"t":{"6":{"position":[[33,8],[74,7],[204,8]]},"35":{"position":[[113,8],[131,8],[184,8]]},"73":{"position":[[53,8],[123,7],[150,7],[184,7],[212,7]]},"81":{"position":[[13,8]]},"89":{"position":[[411,8]]},"91":{"position":[[55,8]]},"95":{"position":[[118,9]]},"115":{"position":[[4184,8],[4250,8]]}}}],["prometheu",{"_index":1340,"t":{"115":{"position":[[8883,10]]},"149":{"position":[[533,10]]}}}],["prompt",{"_index":289,"t":{"18":{"position":[[998,6]]},"115":{"position":[[217,6],[8149,6],[8168,7],[8197,6]]}}}],["prompt/approval_prompt",{"_index":291,"t":{"18":{"position":[[1014,22]]}}}],["promptallow",{"_index":478,"t":{"49":{"position":[[130,12]]}}}],["promptdefault",{"_index":481,"t":{"49":{"position":[[294,14]]}}}],["properli",{"_index":1003,"t":{"89":{"position":[[551,9]]}}}],["propos",{"_index":174,"t":{"10":{"position":[[257,8]]}}}],["protect",{"_index":608,"t":{"53":{"position":[[2213,9]]},"75":{"position":[[315,7]]},"95":{"position":[[2189,11],[2279,8]]},"115":{"position":[[11310,9]]},"141":{"position":[[774,8]]}}}],["protectedresourc",{"_index":607,"t":{"53":{"position":[[2171,17]]}}}],["proto,host,uri",{"_index":1358,"t":{"115":{"position":[[11472,16]]}}}],["protocol",{"_index":954,"t":{"87":{"position":[[892,8]]},"97":{"position":[[842,9]]},"115":{"position":[[16136,8]]},"123":{"position":[[1071,8],[1101,9]]},"125":{"position":[[534,13],[860,8],[890,9]]}}}],["provid",{"_index":42,"t":{"2":{"position":[[472,8],[600,8],[650,8],[803,8]]},"4":{"position":[[309,8],[473,9],[740,8]]},"14":{"position":[[111,7]]},"18":{"position":[[803,8],[812,8],[856,8],[1215,8]]},"21":{"position":[[13,9]]},"23":{"position":[[1809,9],[1819,9],[1829,9],[1869,10]]},"25":{"position":[[13,9]]},"27":{"position":[[13,9]]},"33":{"position":[[13,9]]},"35":{"position":[[13,9]]},"37":{"position":[[13,9]]},"43":{"position":[[13,9],[234,9]]},"45":{"position":[[13,9]]},"47":{"position":[[13,9],[712,8]]},"51":{"position":[[13,9]]},"53":{"position":[[13,10],[24,8],[70,8],[212,10],[345,10],[584,9],[666,9],[744,9],[842,9],[929,9],[1015,9],[1101,9],[1190,9],[1313,9],[1414,10],[1425,8],[1504,9],[1581,9]]},"55":{"position":[[29,9],[87,8]]},"57":{"position":[[0,11],[47,9],[92,10]]},"71":{"position":[[54,8],[90,10],[195,9],[365,8],[400,8],[455,9],[564,9]]},"73":{"position":[[2747,8]]},"75":{"position":[[2308,8]]},"77":{"position":[[92,7],[455,8]]},"81":{"position":[[184,8],[1264,7]]},"83":{"position":[[323,8]]},"85":{"position":[[24,8],[70,8],[1256,8]]},"87":{"position":[[3956,8]]},"89":{"position":[[10,8]]},"95":{"position":[[84,9],[133,8],[235,8],[297,9],[379,8],[553,8],[956,8],[970,8],[1001,9],[1554,8],[1918,8],[3050,8],[4377,8]]},"97":{"position":[[21,8],[1565,8],[1893,8],[3268,9],[3550,8]]},"99":{"position":[[14,8],[125,9],[528,8]]},"101":{"position":[[378,9]]},"103":{"position":[[315,9]]},"107":{"position":[[27,9],[61,8],[151,9]]},"115":{"position":[[1811,9],[2538,8],[8220,8],[8242,8],[8260,8],[8359,9],[8436,8],[8555,9],[13528,8],[13714,9],[15002,9],[15820,9],[16344,8]]},"117":{"position":[[194,9],[353,7],[691,7],[1149,9]]},"135":{"position":[[34,8],[2252,8]]},"145":{"position":[[47,9],[418,12]]},"147":{"position":[[1384,12]]},"151":{"position":[[169,8],[785,8]]}}}],["provider'",{"_index":1172,"t":{"97":{"position":[[3422,10]]},"115":{"position":[[8478,10]]},"129":{"position":[[1699,10]]},"151":{"position":[[309,10]]}}}],["provider.example.com",{"_index":1677,"t":{"151":{"position":[[894,20]]}}}],["provider.example.com%2fsign_out_pag",{"_index":1671,"t":{"151":{"position":[[486,36]]}}}],["provider.if",{"_index":601,"t":{"53":{"position":[[1766,11]]}}}],["provider.thi",{"_index":594,"t":{"53":{"position":[[1374,13]]}}}],["provider/sign_out_pag",{"_index":1674,"t":{"151":{"position":[[672,25]]}}}],["provider=\"github",{"_index":903,"t":{"83":{"position":[[247,17]]}}}],["provider=\"gitlab",{"_index":1004,"t":{"89":{"position":[[605,17]]}}}],["provider=adf",{"_index":873,"t":{"77":{"position":[[333,13]]}}}],["provider=azur",{"_index":841,"t":{"75":{"position":[[1439,14],[1747,14]]}}}],["provider=bitbucket",{"_index":1198,"t":{"103":{"position":[[355,18]]}}}],["provider=digitalocean",{"_index":1191,"t":{"101":{"position":[[418,21]]}}}],["provider=keycloak",{"_index":917,"t":{"85":{"position":[[440,17]]},"87":{"position":[[2,17]]}}}],["providermust",{"_index":596,"t":{"53":{"position":[[1465,12]]}}}],["provideror",{"_index":588,"t":{"53":{"position":[[1179,10]]}}}],["providers.new",{"_index":1205,"t":{"107":{"position":[[98,15]]}}}],["providerthi",{"_index":566,"t":{"53":{"position":[[173,12],[306,12]]}}}],["providertyp",{"_index":595,"t":{"53":{"position":[[1434,12]]},"55":{"position":[[39,12]]}}}],["proxi",{"_index":23,"t":{"2":{"position":[[256,5],[563,5],[676,5]]},"4":{"position":[[32,5],[729,5]]},"6":{"position":[[12,5]]},"8":{"position":[[65,5],[339,6]]},"16":{"position":[[58,5],[163,5],[467,5],[502,5]]},"18":{"position":[[191,5],[1511,5]]},"23":{"position":[[204,6],[490,7],[973,5],[1045,5],[1262,5]]},"67":{"position":[[108,7],[1057,8],[1669,5],[2416,8]]},"69":{"position":[[365,7]]},"71":{"position":[[179,5]]},"73":{"position":[[1694,5],[2845,5],[2961,6]]},"75":{"position":[[1303,5]]},"77":{"position":[[320,5]]},"83":{"position":[[238,6]]},"87":{"position":[[1697,5],[2985,5],[3621,5],[3746,5],[5434,5],[5679,5],[5913,6],[6068,6],[6413,5],[6540,5]]},"95":{"position":[[530,5],[789,5],[924,5],[1028,5],[1048,5],[3656,5],[3676,5],[4817,5],[4837,5]]},"97":{"position":[[393,5],[661,5],[1512,5],[1558,5],[2999,7],[3190,6],[3340,5],[3582,5],[3603,5]]},"101":{"position":[[206,5],[249,5]]},"103":{"position":[[108,6],[152,5]]},"107":{"position":[[130,5]]},"109":{"position":[[7,5]]},"115":{"position":[[8928,5],[8976,5],[9042,5],[9082,8],[9268,5],[11346,5],[11389,6],[13177,5],[15427,5],[15549,5],[15718,5]]},"117":{"position":[[7,5],[623,5],[978,5]]},"121":{"position":[[19,5]]},"123":{"position":[[937,5]]},"125":{"position":[[792,5]]},"129":{"position":[[192,8],[1763,5]]},"131":{"position":[[31,5]]},"133":{"position":[[223,8]]},"135":{"position":[[138,5],[208,6],[1236,5]]},"137":{"position":[[109,5]]},"139":{"position":[[97,5],[396,5],[655,6]]},"141":{"position":[[1021,5],[1374,5],[1644,5],[1848,5],[2166,5]]},"143":{"position":[[52,5],[69,5]]},"145":{"position":[[38,5],[162,5],[221,5],[978,5]]},"147":{"position":[[133,5],[432,8],[451,5],[478,5],[1199,5],[1258,5]]},"149":{"position":[[7,5],[87,7],[169,5]]}}}],["proxiedto",{"_index":722,"t":{"67":{"position":[[2323,9]]}}}],["proxy'",{"_index":76,"t":{"4":{"position":[[96,7]]},"101":{"position":[[296,7]]},"129":{"position":[[86,7]]},"133":{"position":[[93,7]]},"151":{"position":[[91,7]]}}}],["proxy'secret",{"_index":1043,"t":{"95":{"position":[[775,13]]}}}],["proxy(e.g",{"_index":821,"t":{"75":{"position":[[337,10]]}}}],["proxy.cfg",{"_index":1243,"t":{"113":{"position":[[225,9],[326,9]]}}}],["proxy.thi",{"_index":341,"t":{"23":{"position":[[929,10]]}}}],["proxy/oauth2",{"_index":14,"t":{"2":{"position":[[123,12],[243,12]]}}}],["proxy/oauth2/callback",{"_index":1189,"t":{"101":{"position":[[163,22]]}}}],["proxy/v7@latest",{"_index":15,"t":{"2":{"position":[[136,15]]}}}],["proxy=tru",{"_index":1563,"t":{"135":{"position":[[306,11]]},"147":{"position":[[1409,10]]}}}],["proxy>/oauth2/callback",{"_index":1197,"t":{"103":{"position":[[63,23]]}}}],["proxy_buffer_s",{"_index":864,"t":{"75":{"position":[[2451,17]]},"77":{"position":[[598,17]]}}}],["proxy_connect_timeout",{"_index":1653,"t":{"147":{"position":[[1094,21]]}}}],["proxy_pass",{"_index":1481,"t":{"129":{"position":[[319,10],[657,10],[2584,10],[2948,10]]},"147":{"position":[[955,10]]}}}],["proxy_pass_request_bodi",{"_index":1487,"t":{"129":{"position":[[883,23]]}}}],["proxy_read_timeout",{"_index":1655,"t":{"147":{"position":[[1142,18]]}}}],["proxy_send_timeout",{"_index":1654,"t":{"147":{"position":[[1119,18]]}}}],["proxy_set_head",{"_index":1482,"t":{"129":{"position":[[353,16],[382,16],[423,16],[458,16],[559,16],[691,16],[720,16],[761,16],[847,16],[1218,16],[1249,16],[1428,16]]},"147":{"position":[[989,16],[1018,16],[1059,16]]}}}],["proxyrawpath",{"_index":731,"t":{"69":{"position":[[118,12],[136,12]]}}}],["proxyredirecturi",{"_index":1041,"t":{"95":{"position":[[702,18]]}}}],["proxyus",{"_index":1346,"t":{"115":{"position":[[9326,9]]}}}],["proxywebsocket",{"_index":724,"t":{"67":{"position":[[2371,15],[2392,15]]}}}],["pubjwk",{"_index":300,"t":{"18":{"position":[[1185,6]]},"97":{"position":[[1917,6]]},"115":{"position":[[9098,6]]}}}],["pubjwkurl",{"_index":459,"t":{"45":{"position":[[214,9],[231,9]]}}}],["pubkey",{"_index":461,"t":{"45":{"position":[[252,6]]},"115":{"position":[[9120,6]]}}}],["public",{"_index":890,"t":{"81":{"position":[[1011,6],[1229,6]]},"97":{"position":[[974,6]]}}}],["public_repo",{"_index":894,"t":{"81":{"position":[[1376,11]]}}}],["publicli",{"_index":142,"t":{"8":{"position":[[175,9]]}}}],["pull",{"_index":1450,"t":{"123":{"position":[[1173,6]]},"125":{"position":[[1036,6]]}}}],["push",{"_index":413,"t":{"33":{"position":[[341,4]]},"81":{"position":[[994,4]]},"115":{"position":[[3898,4]]}}}],["put",{"_index":16,"t":{"2":{"position":[[163,3]]}}}],["python",{"_index":1210,"t":{"111":{"position":[[66,6],[107,6]]}}}],["quay.io/oauth2",{"_index":22,"t":{"2":{"position":[[228,14]]}}}],["queri",{"_index":463,"t":{"47":{"position":[[75,5],[390,5]]},"49":{"position":[[1153,5],[1405,5]]},"65":{"position":[[76,5]]},"133":{"position":[[1287,6]]},"151":{"position":[[358,5]]},"153":{"position":[[117,5],[134,5]]}}}],["quick",{"_index":1125,"t":{"97":{"position":[[1080,5]]}}}],["quickli",{"_index":125,"t":{"6":{"position":[[154,7]]}}}],["quit",{"_index":1600,"t":{"141":{"position":[[964,5]]}}}],["quot",{"_index":501,"t":{"49":{"position":[[845,6]]}}}],["r_basicprofil",{"_index":1021,"t":{"91":{"position":[[168,14]]}}}],["r_emailaddress",{"_index":1022,"t":{"91":{"position":[[187,15]]}}}],["rand",{"_index":1225,"t":{"111":{"position":[[296,4]]}}}],["random",{"_index":536,"t":{"51":{"position":[[586,6]]},"123":{"position":[[1210,6]]},"125":{"position":[[1073,6]]},"141":{"position":[[391,6],[442,6]]}}}],["random_password",{"_index":1238,"t":{"111":{"position":[[663,17]]}}}],["rang",{"_index":1390,"t":{"115":{"position":[[15326,6]]}}}],["raw",{"_index":732,"t":{"69":{"position":[[163,3]]},"129":{"position":[[2229,3]]}}}],["rd",{"_index":1669,"t":{"151":{"position":[[355,2]]}}}],["re",{"_index":1586,"t":{"139":{"position":[[799,2]]},"151":{"position":[[200,2]]}}}],["reach",{"_index":1377,"t":{"115":{"position":[[13584,5]]}}}],["read",{"_index":807,"t":{"73":{"position":[[2862,4]]},"75":{"position":[[440,4]]},"81":{"position":[[1207,4]]},"87":{"position":[[5562,4]]},"103":{"position":[[240,4],[261,4]]}}}],["read_api",{"_index":1002,"t":{"89":{"position":[[445,8]]}}}],["readi",{"_index":192,"t":{"10":{"position":[[613,6]]},"115":{"position":[[8760,5],[8782,5],[8837,8],[12602,5]]},"121":{"position":[[768,6]]},"149":{"position":[[398,6]]}}}],["real",{"_index":1167,"t":{"97":{"position":[[3070,4],[3215,4]]},"115":{"position":[[9168,4],[9226,4],[9312,4],[9342,4],[11428,4],[15450,4]]},"123":{"position":[[899,4]]},"125":{"position":[[754,4]]},"129":{"position":[[401,4],[739,4]]},"147":{"position":[[1037,4]]}}}],["realm",{"_index":913,"t":{"85":{"position":[[127,5]]},"87":{"position":[[219,6],[375,5],[846,5],[1871,5],[2006,5],[3902,5],[4081,5],[4359,5],[4382,5],[4420,6],[4707,6],[4906,5],[6959,5]]}}}],["realm>/protocol/openid",{"_index":923,"t":{"85":{"position":[[592,22],[687,22],[784,22],[885,22]]}}}],["reason",{"_index":803,"t":{"73":{"position":[[2537,6]]},"141":{"position":[[2364,7]]}}}],["recipi",{"_index":963,"t":{"87":{"position":[[1662,9],[3310,11]]}}}],["recommend",{"_index":769,"t":{"73":{"position":[[871,11],[1233,14],[1672,14]]},"87":{"position":[[1451,11]]},"115":{"position":[[977,13]]},"129":{"position":[[3574,11]]},"141":{"position":[[2468,11]]},"143":{"position":[[14,11]]}}}],["redeem",{"_index":282,"t":{"18":{"position":[[911,6]]},"51":{"position":[[686,6]]},"81":{"position":[[1837,6]]},"83":{"position":[[527,6]]},"85":{"position":[[631,6]]},"97":{"position":[[3765,6]]},"99":{"position":[[686,6]]},"115":{"position":[[9352,6],[13452,6]]}}}],["redeemurl",{"_index":604,"t":{"53":{"position":[[2035,9],[2052,9]]}}}],["redempt",{"_index":605,"t":{"53":{"position":[[2075,10]]},"115":{"position":[[9376,10]]}}}],["redi",{"_index":103,"t":{"4":{"position":[[552,6]]},"75":{"position":[[2498,5]]},"77":{"position":[[645,5]]},"115":{"position":[[9503,5],[9555,5],[9640,5],[9660,5],[9695,5],[9712,5],[9763,5],[9840,5],[9854,5],[9876,5],[9911,5],[9969,5],[9992,5],[10023,5],[10087,5],[10122,5],[10139,5],[10173,5],[10228,5],[10249,5],[10302,5],[10388,5],[10409,5],[10443,5],[10469,5],[10527,5],[10562,5],[10594,5],[10627,5],[10686,5],[10720,5],[10762,5],[10809,5],[10857,5],[10966,5],[11015,5],[11767,5]]},"137":{"position":[[326,5]]},"141":{"position":[[4,5],[57,6],[606,5],[711,5],[1421,5],[1565,5],[2635,5],[2698,5],[2726,5],[2817,5],[2874,5],[2937,5],[2970,5],[3016,5],[3119,5],[3174,5],[3237,5],[3267,5],[3323,5],[3370,5],[3418,5],[3531,5],[3580,5]]},"149":{"position":[[474,5]]}}}],["redirect",{"_index":91,"t":{"4":{"position":[[276,10]]},"69":{"position":[[245,10]]},"71":{"position":[[123,8]]},"73":{"position":[[703,8]]},"75":{"position":[[232,8]]},"79":{"position":[[95,8]]},"83":{"position":[[87,8],[267,8]]},"85":{"position":[[174,8]]},"87":{"position":[[97,8],[928,8],[2343,8]]},"89":{"position":[[322,8],[625,8],[703,8],[1318,8]]},"91":{"position":[[217,8]]},"95":{"position":[[1054,8],[2720,8],[3969,8],[4029,8]]},"97":{"position":[[1379,8],[1619,8],[3610,8]]},"99":{"position":[[448,12]]},"101":{"position":[[315,8],[562,8],[680,8]]},"115":{"position":[[127,11],[2716,9],[3277,8],[3366,9],[9398,8],[9428,8],[11511,8],[15155,11],[16022,8]]},"129":{"position":[[490,8],[591,8]]},"135":{"position":[[0,8],[372,9],[561,8],[572,9],[781,11],[849,8],[1894,9],[2059,9]]},"149":{"position":[[816,8]]},"151":{"position":[[22,8],[269,8],[380,8],[550,8],[585,8],[646,9],[873,8],[1006,8]]}}}],["redis.conf",{"_index":1354,"t":{"115":{"position":[[10898,10]]},"141":{"position":[[3463,10]]}}}],["redis://host[:port",{"_index":1348,"t":{"115":{"position":[[9591,21],[9740,20],[10339,21]]}}}],["reduc",{"_index":984,"t":{"87":{"position":[[5311,6]]},"121":{"position":[[828,8]]}}}],["refer",{"_index":226,"t":{"12":{"position":[[552,9],[853,9]]},"14":{"position":[[94,9]]},"59":{"position":[[57,10]]},"87":{"position":[[5549,5],[6695,5]]},"97":{"position":[[930,5],[1284,8]]},"99":{"position":[[367,5]]}}}],["refresh",{"_index":770,"t":{"73":{"position":[[886,7],[940,7],[3079,9]]},"95":{"position":[[2830,7],[4138,7]]},"115":{"position":[[1719,7],[1736,7],[15847,8]]},"129":{"position":[[1494,8]]},"139":{"position":[[734,10]]},"141":{"position":[[1053,7],[1070,7],[1249,7],[1403,7],[1453,7],[1534,7],[1608,8],[1659,7],[1736,10],[1801,7],[1859,7],[1962,9],[2007,7],[2403,7],[2552,7]]}}}],["refresh/access/id",{"_index":1599,"t":{"141":{"position":[[787,17]]}}}],["refreshes.default",{"_index":541,"t":{"51":{"position":[[712,17]]}}}],["regardless",{"_index":1634,"t":{"145":{"position":[[679,10]]}}}],["regex",{"_index":74,"t":{"4":{"position":[[70,6]]},"115":{"position":[[12715,5]]}}}],["regist",{"_index":52,"t":{"2":{"position":[[613,8]]},"71":{"position":[[17,8]]},"75":{"position":[[404,9]]},"97":{"position":[[453,8],[765,8]]}}}],["registr",{"_index":740,"t":{"73":{"position":[[16,12]]},"75":{"position":[[94,13],[130,13],[469,13],[1147,12]]},"91":{"position":[[18,12]]}}}],["regular",{"_index":178,"t":{"10":{"position":[[365,7]]},"49":{"position":[[432,7],[814,7]]},"65":{"position":[[417,7]]},"67":{"position":[[534,7]]}}}],["releas",{"_index":6,"t":{"2":{"position":[[59,7],[490,7]]},"10":{"position":[[493,8],[661,9]]},"23":{"position":[[298,8]]},"51":{"position":[[764,8]]},"87":{"position":[[754,7]]}}}],["relev",{"_index":1614,"t":{"141":{"position":[[2282,8]]}}}],["reload",{"_index":1573,"t":{"135":{"position":[[2336,6]]}}}],["remain",{"_index":676,"t":{"67":{"position":[[711,9]]},"87":{"position":[[2133,9]]},"91":{"position":[[300,9]]}}}],["remot",{"_index":1394,"t":{"115":{"position":[[15581,6]]}}}],["remote_addr",{"_index":1483,"t":{"129":{"position":[[409,13],[747,13]]},"147":{"position":[[1045,13]]}}}],["remote_address",{"_index":1427,"t":{"123":{"position":[[181,16]]},"125":{"position":[[62,16]]}}}],["remov",{"_index":208,"t":{"12":{"position":[[211,8]]},"14":{"position":[[255,7]]},"16":{"position":[[368,6],[429,7]]},"18":{"position":[[1467,6]]},"87":{"position":[[737,7]]},"151":{"position":[[76,7]]}}}],["renam",{"_index":209,"t":{"12":{"position":[[220,7]]}}}],["replac",{"_index":220,"t":{"12":{"position":[[479,7]]},"113":{"position":[[65,9]]},"119":{"position":[[129,9]]}}}],["replace(\"/\",\"_",{"_index":1232,"t":{"111":{"position":[[550,19]]}}}],["repo",{"_index":411,"t":{"33":{"position":[[176,4],[188,4]]},"81":{"position":[[1076,8]]},"97":{"position":[[2497,4]]},"115":{"position":[[3718,4]]}}}],["report",{"_index":1456,"t":{"123":{"position":[[1381,8]]},"125":{"position":[[1453,8]]}}}],["repositori",{"_index":373,"t":{"27":{"position":[[108,10],[126,10],[186,10]]},"33":{"position":[[239,10],[304,10],[360,10]]},"81":{"position":[[329,11],[953,11],[1018,10],[1056,11],[1126,10],[1236,10],[1320,11],[1445,10]]},"103":{"position":[[245,12],[696,10]]},"115":{"position":[[3771,10],[3862,10],[3917,11]]}}}],["repository=/index.php/apps/oauth2/api/v1/token",{"_index":1184,"t":{"99":{"position":[[714,40]]}}}],["url>/index.php/apps/oauth2/author",{"_index":1183,"t":{"99":{"position":[[647,37]]}}}],["url>/ocs/v2.php/cloud/user?format=json",{"_index":1185,"t":{"99":{"position":[[786,39]]}}}],["url]/stat",{"_index":1415,"t":{"117":{"position":[[984,13]]}}}],["url]/var/www/stat",{"_index":1411,"t":{"117":{"position":[[629,21]]}}}],["urldefault",{"_index":531,"t":{"51":{"position":[[457,10]]}}}],["urleg",{"_index":521,"t":{"51":{"position":[[102,6],[1006,6]]}}}],["urlparameterrul",{"_index":513,"t":{"49":{"position":[[1297,18]]},"65":{"position":[[32,16]]}}}],["us",{"_index":19,"t":{"2":{"position":[[196,5],[322,5],[682,5]]},"4":{"position":[[761,6]]},"8":{"position":[[550,4]]},"10":{"position":[[3,3],[361,3]]},"12":{"position":[[293,3],[659,5]]},"14":{"position":[[3,3],[141,5],[182,5]]},"16":{"position":[[64,5],[473,5]]},"18":{"position":[[100,5],[1352,3]]},"23":{"position":[[394,4],[626,4],[861,4],[953,4],[963,5],[1217,4],[1433,3],[1539,4],[1741,3],[1842,4]]},"25":{"position":[[233,4]]},"29":{"position":[[517,4]]},"33":{"position":[[285,3]]},"37":{"position":[[391,3]]},"39":{"position":[[183,4]]},"41":{"position":[[738,4]]},"43":{"position":[[210,5]]},"45":{"position":[[98,4],[193,4]]},"47":{"position":[[542,4]]},"49":{"position":[[941,3]]},"51":{"position":[[902,3],[1478,4]]},"53":{"position":[[467,4],[1738,4],[1826,4]]},"55":{"position":[[55,4]]},"67":{"position":[[316,4],[462,4],[528,5],[730,3],[2058,4]]},"71":{"position":[[390,5]]},"73":{"position":[[1144,5],[1577,5],[1709,3],[1812,3]]},"75":{"position":[[1042,3],[1947,5],[2287,5]]},"77":{"position":[[435,5]]},"81":{"position":[[1426,3],[1686,5]]},"85":{"position":[[47,3],[1135,4],[1440,5]]},"87":{"position":[[1377,5],[1842,3],[1883,5],[3126,3],[3932,5],[4239,5],[4739,5],[4828,5],[5249,6],[5417,5]]},"89":{"position":[[160,5],[1042,5]]},"93":{"position":[[175,4]]},"95":{"position":[[194,3],[263,4],[566,5],[1484,5],[1617,5],[4707,3]]},"97":{"position":[[2172,3],[3211,3]]},"99":{"position":[[105,5],[276,5]]},"101":{"position":[[370,3],[670,3]]},"103":{"position":[[43,3],[307,3],[555,3],[707,3]]},"105":{"position":[[29,3],[105,3],[209,3]]},"107":{"position":[[139,3]]},"111":{"position":[[35,3]]},"113":{"position":[[286,4]]},"115":{"position":[[900,3],[1181,4],[1542,3],[2414,3],[2658,3],[3427,3],[3507,3],[3843,3],[4686,3],[4727,3],[5448,5],[5571,3],[5936,4],[6113,4],[7271,4],[7655,3],[7741,3],[7809,4],[8331,4],[8420,4],[8517,4],[8614,4],[8701,4],[8809,4],[9204,4],[9613,4],[9646,3],[10048,4],[10116,3],[10201,4],[10234,3],[10361,4],[10394,3],[10415,3],[10502,3],[10533,3],[10661,3],[10932,5],[11095,3],[11503,4],[11938,7],[11980,4],[12148,7],[12256,7],[12430,3],[13702,5],[13818,5],[14108,4],[14255,5],[15731,3],[15890,5],[16308,3]]},"117":{"position":[[830,4],[1214,4]]},"119":{"position":[[299,6]]},"121":{"position":[[111,5],[735,5]]},"123":{"position":[[889,3]]},"125":{"position":[[744,3]]},"129":{"position":[[1651,5],[2677,3],[2719,3],[3589,3]]},"135":{"position":[[55,3],[330,3],[2299,3]]},"137":{"position":[[115,4]]},"139":{"position":[[78,4],[287,5]]},"141":{"position":[[992,4],[2306,4],[2625,5],[2864,3],[2880,3],[3125,3],[3243,3],[3273,3],[3497,5]]},"145":{"position":[[752,4],[942,4],[992,5]]},"147":{"position":[[218,5],[301,3],[670,3]]},"149":{"position":[[375,3],[751,4],[877,4],[1007,4],[1156,3],[1252,4]]},"151":{"position":[[345,5]]},"153":{"position":[[97,5]]}}}],["us/azure/act",{"_index":856,"t":{"75":{"position":[[2185,15]]}}}],["usag",{"_index":324,"t":{"23":{"position":[[62,5]]},"141":{"position":[[2613,6]]}}}],["use.typ",{"_index":634,"t":{"63":{"position":[[218,13],[314,13]]}}}],["useapplicationdefaultcredenti",{"_index":427,"t":{"37":{"position":[[296,32],[334,32]]}}}],["used.list",{"_index":648,"t":{"63":{"position":[[678,9]]}}}],["user",{"_index":88,"t":{"4":{"position":[[248,4],[643,4]]},"18":{"position":[[385,4],[1059,4]]},"23":{"position":[[92,5],[436,4]]},"27":{"position":[[161,4]]},"33":{"position":[[371,5],[386,5],[399,5]]},"43":{"position":[[173,5]]},"51":{"position":[[1120,4],[1220,4],[1321,4]]},"53":{"position":[[1635,5]]},"67":{"position":[[795,5]]},"73":{"position":[[397,6],[2710,4],[2978,4]]},"81":{"position":[[436,4],[463,5],[971,5],[1196,5],[1286,4],[1481,4],[1619,8]]},"87":{"position":[[288,6],[3575,4],[3800,5],[4198,4],[4592,4],[4597,5],[5188,5],[5263,4],[6511,4],[6828,5],[6965,4]]},"91":{"position":[[119,4]]},"95":{"position":[[2949,5]]},"99":{"position":[[58,5]]},"103":{"position":[[659,5]]},"115":{"position":[[3938,4],[3966,5],[4972,4],[5043,5],[6972,4],[7529,5],[7635,4],[7863,4],[7959,4],[7994,5],[8658,4],[8678,4],[8746,4],[11833,5],[14916,5]]},"121":{"position":[[748,4]]},"123":{"position":[[94,4],[356,4],[425,4],[1367,4]]},"125":{"position":[[1439,4]]},"129":{"position":[[1013,4],[1115,5],[1237,4],[1242,6]]},"137":{"position":[[138,4]]},"139":{"position":[[790,5]]},"141":{"position":[[184,4]]},"149":{"position":[[258,4]]},"151":{"position":[[12,4],[121,4],[282,4],[393,4]]}}}],["user'",{"_index":337,"t":{"23":{"position":[[760,6],[1148,6]]},"87":{"position":[[3864,6],[5218,6]]},"115":{"position":[[6894,6]]},"137":{"position":[[17,6]]},"149":{"position":[[1022,6]]}}}],["user/prefer_email_to_us",{"_index":267,"t":{"18":{"position":[[598,25]]}}}],["user/settings/appl",{"_index":900,"t":{"83":{"position":[[52,28]]}}}],["user@domain.com",{"_index":1428,"t":{"123":{"position":[[215,17]]},"125":{"position":[[96,17]]}}}],["user_ag",{"_index":1461,"t":{"125":{"position":[[195,14]]}}}],["userag",{"_index":1455,"t":{"123":{"position":[[1346,9]]},"125":{"position":[[548,14],[1418,9]]}}}],["useridclaim",{"_index":555,"t":{"51":{"position":[[1255,11],[1274,11]]}}}],["userinfo",{"_index":936,"t":{"85":{"position":[[1376,8]]}}}],["usernam",{"_index":388,"t":{"29":{"position":[[475,8]]},"33":{"position":[[416,9]]},"41":{"position":[[696,8]]},"81":{"position":[[1506,8],[1644,9]]},"87":{"position":[[4606,8]]},"115":{"position":[[2484,8],[3984,8],[7579,8],[7684,8],[7745,8],[8064,8],[11912,8]]},"123":{"position":[[63,8],[708,13],[1416,8],[1457,8]]},"125":{"position":[[444,13],[1488,8],[1529,8]]}}}],["username@email.com",{"_index":1457,"t":{"123":{"position":[[1425,18]]},"125":{"position":[[1497,18]]}}}],["usptream",{"_index":705,"t":{"67":{"position":[[1683,8]]}}}],["utc",{"_index":1318,"t":{"115":{"position":[[5631,3]]}}}],["util",{"_index":589,"t":{"53":{"position":[[1200,7]]}}}],["uuid",{"_index":1451,"t":{"123":{"position":[[1217,4]]},"125":{"position":[[1080,4]]}}}],["v1",{"_index":839,"t":{"75":{"position":[[1319,2]]}}}],["v19.0.0",{"_index":956,"t":{"87":{"position":[[1305,8]]}}}],["v2",{"_index":847,"t":{"75":{"position":[[1617,2]]},"133":{"position":[[12,2]]},"135":{"position":[[93,2]]}}}],["v2.0",{"_index":837,"t":{"75":{"position":[[1046,4],[1953,4]]}}}],["v3.0.0",{"_index":46,"t":{"2":{"position":[[520,7]]}}}],["v7.5.0",{"_index":7,"t":{"2":{"position":[[70,7]]}}}],["valid",{"_index":35,"t":{"2":{"position":[[382,9]]},"10":{"position":[[231,8]]},"18":{"position":[[966,8]]},"31":{"position":[[254,5]]},"53":{"position":[[2299,10]]},"55":{"position":[[109,5]]},"63":{"position":[[691,5]]},"65":{"position":[[172,5]]},"71":{"position":[[189,5]]},"73":{"position":[[962,9]]},"79":{"position":[[83,5]]},"81":{"position":[[1910,8]]},"83":{"position":[[595,8]]},"85":{"position":[[168,5],[827,8]]},"87":{"position":[[262,8],[922,5],[2337,5],[3794,5]]},"99":{"position":[[756,8],[849,8]]},"111":{"position":[[572,5]]},"115":{"position":[[180,6],[13660,10],[13776,10],[14269,5],[15014,8],[15047,10],[16016,5]]},"141":{"position":[[1795,5],[1928,6],[2082,5],[2250,8]]},"145":{"position":[[1017,5]]}}}],["validateurl",{"_index":609,"t":{"53":{"position":[[2248,11],[2267,11]]}}}],["valu",{"_index":322,"t":{"21":{"position":[[117,5]]},"23":{"position":[[723,6],[798,6],[1111,6],[1186,6]]},"25":{"position":[[143,5],[296,5]]},"29":{"position":[[62,5],[191,5],[292,5],[433,5],[538,6]]},"39":{"position":[[330,6],[533,6],[554,6],[582,6]]},"41":{"position":[[60,5],[110,5],[139,5],[152,5],[190,6],[337,6],[412,5],[513,5],[654,5],[759,6]]},"47":{"position":[[215,5],[224,6],[521,5],[732,5]]},"49":{"position":[[117,6],[144,6],[158,6],[174,6],[281,6],[326,6],[342,6],[412,6],[1226,5],[1235,6]]},"53":{"position":[[186,5],[319,5],[1388,5]]},"59":{"position":[[89,6],[184,5],[197,5],[235,6],[382,6]]},"65":{"position":[[250,5],[320,5],[335,5],[373,5],[481,6],[560,6],[610,5]]},"67":{"position":[[259,5]]},"71":{"position":[[423,6]]},"75":{"position":[[1264,5]]},"85":{"position":[[1539,5]]},"87":{"position":[[1731,6]]},"115":{"position":[[38,6],[4353,5]]},"117":{"position":[[795,5]]},"123":{"position":[[979,5]]},"125":{"position":[[834,5]]},"141":{"position":[[203,5],[1204,5],[1617,5]]}}}],["values.nam",{"_index":434,"t":{"39":{"position":[[204,12]]}}}],["values/acr_valu",{"_index":293,"t":{"18":{"position":[[1041,17]]}}}],["var/www/stat",{"_index":1414,"t":{"117":{"position":[[933,16]]}}}],["variabl",{"_index":62,"t":{"2":{"position":[[738,9]]},"18":{"position":[[61,9]]},"41":{"position":[[255,9]]},"59":{"position":[[300,9]]},"97":{"position":[[2157,10],[2303,9],[2366,9],[2747,9]]},"99":{"position":[[192,9]]},"109":{"position":[[69,9],[183,9],[209,9]]},"119":{"position":[[63,8],[238,8]]},"121":{"position":[[613,10]]},"123":{"position":[[776,9],[804,8]]},"125":{"position":[[628,9],[659,8]]},"127":{"position":[[500,9],[532,8]]},"129":{"position":[[2202,9],[2838,9],[3826,8]]},"149":{"position":[[189,9]]}}}],["verif",{"_index":529,"t":{"51":{"position":[[364,12],[1487,13],[1598,12]]},"67":{"position":[[1543,12]]},"115":{"position":[[6427,12],[6785,13],[7150,12],[9808,12]]}}}],["verifi",{"_index":38,"t":{"2":{"position":[[419,9]]},"33":{"position":[[294,9]]},"51":{"position":[[530,9],[1424,8]]},"81":{"position":[[1435,9]]},"87":{"position":[[3715,9]]},"115":{"position":[[3852,9],[6384,8],[6600,9],[9787,6],[13247,8],[13643,6],[13759,6]]}}}],["verifieddefault",{"_index":527,"t":{"51":{"position":[[260,15]]}}}],["verify/ssl_upstream_insecure_skip_verifi",{"_index":254,"t":{"18":{"position":[[252,40]]}}}],["version",{"_index":45,"t":{"2":{"position":[[512,7]]},"8":{"position":[[679,8]]},"63":{"position":[[123,7],[404,7],[466,7]]},"87":{"position":[[628,7],[765,7]]},"89":{"position":[[50,7],[111,7]]},"115":{"position":[[14392,7],[14419,7],[15069,7],[15087,7]]},"145":{"position":[[581,7],[670,8],[705,7],[772,8],[950,7]]}}}],["version=tls1.3",{"_index":1633,"t":{"145":{"position":[[615,15]]}}}],["via",{"_index":311,"t":{"18":{"position":[[1377,3],[1390,3]]},"47":{"position":[[382,3]]},"49":{"position":[[1397,3]]},"97":{"position":[[3308,3]]},"99":{"position":[[161,3]]},"109":{"position":[[31,3]]},"115":{"position":[[470,3],[7229,3],[7434,3],[10568,3]]},"123":{"position":[[1027,3]]},"129":{"position":[[71,3],[1007,3],[2944,3],[3755,3]]},"133":{"position":[[78,3]]},"141":{"position":[[717,3],[2720,3]]},"147":{"position":[[733,3]]}}}],["visit",{"_index":1056,"t":{"95":{"position":[[1351,8]]}}}],["volum",{"_index":1425,"t":{"121":{"position":[[841,7]]}}}],["vulner",{"_index":133,"t":{"8":{"position":[[37,13],[606,13]]},"10":{"position":[[75,16],[308,15]]}}}],["wait",{"_index":729,"t":{"67":{"position":[[2541,4]]},"115":{"position":[[14725,4]]}}}],["want",{"_index":658,"t":{"65":{"position":[[574,4]]},"75":{"position":[[307,4]]},"87":{"position":[[5303,4]]},"95":{"position":[[1739,4]]},"97":{"position":[[580,4]]},"117":{"position":[[677,5]]},"141":{"position":[[2856,4]]},"151":{"position":[[865,4]]}}}],["warn",{"_index":213,"t":{"12":{"position":[[251,8]]},"115":{"position":[[12372,9],[15597,8]]}}}],["way",{"_index":467,"t":{"47":{"position":[[328,4]]},"81":{"position":[[217,4]]},"97":{"position":[[1086,3]]}}}],["web",{"_index":758,"t":{"73":{"position":[[533,4]]},"75":{"position":[[266,3]]},"95":{"position":[[1259,3],[2591,3],[3802,3],[3921,3]]}}}],["websocket",{"_index":725,"t":{"67":{"position":[[2428,10]]},"115":{"position":[[9048,10],[9072,9]]}}}],["websockets/proxy_websocket",{"_index":252,"t":{"18":{"position":[[197,27]]}}}],["well",{"_index":631,"t":{"63":{"position":[[91,4]]},"115":{"position":[[2958,5],[2996,5]]},"141":{"position":[[2686,4],[2907,4],[3070,5]]}}}],["whenstream",{"_index":717,"t":{"67":{"position":[[2172,13]]}}}],["whether",{"_index":429,"t":{"37":{"position":[[380,7]]},"39":{"position":[[318,7]]},"65":{"position":[[155,7]]},"67":{"position":[[2281,7]]},"89":{"position":[[144,7]]},"99":{"position":[[241,7]]},"115":{"position":[[11405,7]]}}}],["whitelist",{"_index":1387,"t":{"115":{"position":[[15104,9],[15900,9],[16251,11]]},"151":{"position":[[954,9]]}}}],["whole",{"_index":660,"t":{"65":{"position":[[594,5]]},"133":{"position":[[236,5]]},"141":{"position":[[939,5]]}}}],["whose",{"_index":303,"t":{"18":{"position":[[1258,5]]}}}],["wide_authority_to_your_service_account",{"_index":784,"t":{"73":{"position":[[1475,38]]}}}],["window",{"_index":869,"t":{"77":{"position":[[45,7]]}}}],["wish",{"_index":1065,"t":{"95":{"position":[[1839,4],[2271,4],[2364,4],[2969,4]]},"101":{"position":[[95,5]]}}}],["within",{"_index":134,"t":{"8":{"position":[[51,6]]},"12":{"position":[[131,6]]},"23":{"position":[[230,6]]},"29":{"position":[[81,6]]},"39":{"position":[[234,6]]},"59":{"position":[[112,6]]},"67":{"position":[[912,6]]},"73":{"position":[[1763,6]]},"81":{"position":[[703,6]]},"95":{"position":[[4737,6]]},"139":{"position":[[568,6]]}}}],["without",{"_index":211,"t":{"12":{"position":[[237,7]]},"23":{"position":[[307,7]]},"129":{"position":[[184,7]]},"133":{"position":[[215,7]]},"135":{"position":[[43,7]]}}}],["wizard",{"_index":872,"t":{"77":{"position":[[221,6]]}}}],["wo",{"_index":1568,"t":{"135":{"position":[[846,2],[2056,2]]}}}],["won't",{"_index":834,"t":{"75":{"position":[[897,5]]}}}],["work",{"_index":118,"t":{"6":{"position":[[61,4]]},"89":{"position":[[102,4],[546,4]]},"95":{"position":[[1236,7],[1940,5],[2437,4]]},"97":{"position":[[210,4]]},"115":{"position":[[14973,5]]},"129":{"position":[[1528,4]]}}}],["workload",{"_index":776,"t":{"73":{"position":[[1184,8],[1204,8],[1623,8],[1643,8],[1930,8],[1981,8],[2030,8]]},"115":{"position":[[4805,8]]}}}],["write",{"_index":893,"t":{"81":{"position":[[1300,5]]}}}],["x",{"_index":935,"t":{"85":{"position":[[1289,1]]},"115":{"position":[[7233,1],[7314,1],[7517,1],[7535,1],[7557,1],[7982,1],[8000,1],[8020,1],[8042,1],[9293,1],[9310,1],[9324,1],[9340,1],[11128,1],[11426,1],[11460,1],[11818,1],[11839,1],[11862,1],[11887,1],[12011,1],[13080,1]]},"123":{"position":[[897,1]]},"125":{"position":[[752,1]]},"129":{"position":[[399,1],[440,1],[475,1],[576,1],[737,1],[778,1],[1011,1],[1022,1],[1235,1],[1266,1],[1445,1]]},"135":{"position":[[337,1],[2001,1],[2177,1]]},"147":{"position":[[1035,1],[1076,1]]},"151":{"position":[[570,1]]}}}],["x.y.z.linux",{"_index":49,"t":{"2":{"position":[[569,11]]}}}],["x509",{"_index":1128,"t":{"97":{"position":[[1117,4]]}}}],["xauthrequest",{"_index":1331,"t":{"115":{"position":[[7287,12],[11796,12]]},"129":{"position":[[1080,12]]}}}],["xauthrequest/set_xauthrequest",{"_index":264,"t":{"18":{"position":[[502,29]]}}}],["xxx\"client_secret",{"_index":1101,"t":{"95":{"position":[[4580,18]]}}}],["xxxxx\"client_secret",{"_index":1076,"t":{"95":{"position":[[3263,20]]}}}],["yaml",{"_index":219,"t":{"12":{"position":[[464,4]]},"14":{"position":[[47,4]]},"16":{"position":[[295,4]]},"49":{"position":[[677,4]]},"133":{"position":[[288,6]]}}}],["you'd",{"_index":892,"t":{"81":{"position":[[1166,5]]}}}],["you'r",{"_index":775,"t":{"73":{"position":[[1133,6]]},"75":{"position":[[997,6]]}}}],["yourcompany.com",{"_index":974,"t":{"87":{"position":[[3680,17]]},"115":{"position":[[1107,18]]}}}],["yourself",{"_index":662,"t":{"65":{"position":[[635,8]]}}}],["yyy\"pass_access_token",{"_index":1102,"t":{"95":{"position":[[4601,22]]}}}],["yyyyy\"pass_access_token",{"_index":1077,"t":{"95":{"position":[[3286,24]]}}}],["zero",{"_index":1351,"t":{"115":{"position":[[10797,5]]},"141":{"position":[[3358,5]]}}}],["zzz\"cookie_secur",{"_index":1103,"t":{"95":{"position":[[4646,18]]}}}],["zzzzz\"skip_provider_button",{"_index":1079,"t":{"95":{"position":[[3333,27]]}}}]],"pipeline":["stemmer"]}}] \ No newline at end of file +[{"documents":[{"i":1,"t":"Behaviour","u":"/oauth2-proxy/docs/next/behaviour","b":["Docs"]},{"i":3,"t":"Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","b":["Docs","Configuration"]},{"i":62,"t":"Security","u":"/oauth2-proxy/docs/next/community/security","b":["Docs","Community"]},{"i":68,"t":"Installation","u":"/oauth2-proxy/docs/next/","b":["Docs"]},{"i":70,"t":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","b":["Docs","Configuration"]},{"i":108,"t":"Session Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","b":["Docs","Configuration"]},{"i":114,"t":"Overview","u":"/oauth2-proxy/docs/next/configuration/overview","b":["Docs","Configuration"]},{"i":142,"t":"TLS Configuration","u":"/oauth2-proxy/docs/next/configuration/tls","b":["Docs","Configuration"]},{"i":148,"t":"Endpoints","u":"/oauth2-proxy/docs/next/features/endpoints","b":["Docs","Features"]}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/1",[0,2.222]],["t/3",[1,1.699,2,0.94]],["t/62",[3,2.222]],["t/68",[4,2.222]],["t/70",[2,0.761,5,1.375,6,1.375]],["t/108",[7,1.699,8,1.699]],["t/114",[9,2.222]],["t/142",[2,0.94,10,1.699]],["t/148",[11,2.222]]],"invertedIndex":[["alpha",{"_index":1,"t":{"3":{"position":[[0,5]]}}}],["behaviour",{"_index":0,"t":{"1":{"position":[[0,9]]}}}],["configur",{"_index":2,"t":{"3":{"position":[[6,13]]},"70":{"position":[[15,13]]},"142":{"position":[[4,13]]}}}],["endpoint",{"_index":11,"t":{"148":{"position":[[0,9]]}}}],["instal",{"_index":4,"t":{"68":{"position":[[0,12]]}}}],["oauth",{"_index":5,"t":{"70":{"position":[[0,5]]}}}],["overview",{"_index":9,"t":{"114":{"position":[[0,8]]}}}],["provid",{"_index":6,"t":{"70":{"position":[[6,8]]}}}],["secur",{"_index":3,"t":{"62":{"position":[[0,8]]}}}],["session",{"_index":7,"t":{"108":{"position":[[0,7]]}}}],["storag",{"_index":8,"t":{"108":{"position":[[8,7]]}}}],["tl",{"_index":10,"t":{"142":{"position":[[0,3]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":5,"t":"Using Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#using-alpha-configuration","p":3},{"i":7,"t":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":3},{"i":9,"t":"Removed options","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#removed-options","p":3},{"i":11,"t":"Configuration Reference","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#configuration-reference","p":3},{"i":12,"t":"ADFSOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#adfsoptions","p":3},{"i":14,"t":"AlphaOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#alphaoptions","p":3},{"i":16,"t":"AzureOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#azureoptions","p":3},{"i":18,"t":"BitbucketOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#bitbucketoptions","p":3},{"i":20,"t":"ClaimSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#claimsource","p":3},{"i":22,"t":"Duration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#duration","p":3},{"i":24,"t":"GitHubOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#githuboptions","p":3},{"i":26,"t":"GitLabOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#gitlaboptions","p":3},{"i":28,"t":"GoogleOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#googleoptions","p":3},{"i":30,"t":"Header","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#header","p":3},{"i":32,"t":"HeaderValue","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#headervalue","p":3},{"i":34,"t":"KeycloakOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#keycloakoptions","p":3},{"i":36,"t":"LoginGovOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#logingovoptions","p":3},{"i":38,"t":"LoginURLParameter","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#loginurlparameter","p":3},{"i":40,"t":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"","p":3},{"i":42,"t":"OIDCOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#oidcoptions","p":3},{"i":44,"t":"Provider","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#provider","p":3},{"i":46,"t":"ProviderType","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providertype","p":3},{"i":48,"t":"Providers","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providers","p":3},{"i":50,"t":"SecretSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#secretsource","p":3},{"i":52,"t":"Server","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#server","p":3},{"i":54,"t":"TLS","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#tls","p":3},{"i":56,"t":"URLParameterRule","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#urlparameterrule","p":3},{"i":58,"t":"Upstream","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstream","p":3},{"i":60,"t":"UpstreamConfig","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstreamconfig","p":3},{"i":64,"t":"Security Disclosures","u":"/oauth2-proxy/docs/next/community/security","h":"#security-disclosures","p":62},{"i":66,"t":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/next/community/security","h":"#how-will-we-respond-to-disclosures","p":62},{"i":72,"t":"Google Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#google-auth-provider","p":70},{"i":74,"t":"Azure Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#azure-auth-provider","p":70},{"i":76,"t":"ADFS Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adfs-auth-provider","p":70},{"i":78,"t":"Facebook Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#facebook-auth-provider","p":70},{"i":80,"t":"GitHub Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#github-auth-provider","p":70},{"i":82,"t":"Gitea Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitea-auth-provider","p":70},{"i":84,"t":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-auth-provider","p":70},{"i":86,"t":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":70},{"i":88,"t":"GitLab Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitlab-auth-provider","p":70},{"i":90,"t":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#linkedin-auth-provider","p":70},{"i":92,"t":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":70},{"i":94,"t":"OpenID Connect Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#openid-connect-provider","p":70},{"i":96,"t":"login.gov Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#logingov-provider","p":70},{"i":98,"t":"Nextcloud Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#nextcloud-provider","p":70},{"i":100,"t":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":70},{"i":102,"t":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":70},{"i":104,"t":"Email Authentication","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#email-authentication","p":70},{"i":106,"t":"Adding a new Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adding-a-new-provider","p":70},{"i":110,"t":"Cookie Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#cookie-storage","p":108},{"i":112,"t":"Redis Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#redis-storage","p":108},{"i":116,"t":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#generating-a-cookie-secret","p":114},{"i":118,"t":"Config File","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#config-file","p":114},{"i":120,"t":"Command Line Options","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#command-line-options","p":114},{"i":122,"t":"Upstreams Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#upstreams-configuration","p":114},{"i":124,"t":"Environment variables","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#environment-variables","p":114},{"i":126,"t":"Logging Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#logging-configuration","p":114},{"i":128,"t":"Auth Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#auth-log-format","p":114},{"i":130,"t":"Request Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#request-log-format","p":114},{"i":132,"t":"Standard Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#standard-log-format","p":114},{"i":134,"t":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":114},{"i":136,"t":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":114},{"i":138,"t":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":114},{"i":140,"t":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":114},{"i":144,"t":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":142},{"i":146,"t":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":142},{"i":150,"t":"Sign out","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#sign-out","p":148},{"i":152,"t":"Auth","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#auth","p":148}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/5",[0,2.64,1,3.39,2,1.854]],["t/7",[2,1.6,3,2.925,4,2.535,5,2.925]],["t/9",[6,4.031,7,3.493]],["t/11",[2,2.205,8,4.031]],["t/12",[9,4.97]],["t/14",[10,4.97]],["t/16",[11,4.97]],["t/18",[12,4.97]],["t/20",[13,4.97]],["t/22",[14,4.97]],["t/24",[15,4.97]],["t/26",[16,4.97]],["t/28",[17,4.97]],["t/30",[18,4.97]],["t/32",[19,4.97]],["t/34",[20,4.97]],["t/36",[21,4.97]],["t/38",[22,4.97]],["t/40",[23,2.925,24,2.925,25,2.925,26,2.925]],["t/42",[27,4.97]],["t/44",[28,1.64]],["t/46",[29,4.97]],["t/48",[28,1.64]],["t/50",[30,4.97]],["t/52",[31,4.97]],["t/54",[32,3.87]],["t/56",[33,4.97]],["t/58",[34,3.87]],["t/60",[35,4.97]],["t/64",[36,4.031,37,3.493]],["t/66",[37,3.493,38,4.031]],["t/72",[28,1.119,39,3.39,40,1.381]],["t/74",[28,1.119,40,1.381,41,2.938]],["t/76",[28,1.119,40,1.381,42,3.39]],["t/78",[28,1.119,40,1.381,43,3.39]],["t/80",[28,1.119,40,1.381,44,3.39]],["t/82",[28,1.119,40,1.381,45,3.39]],["t/84",[28,1.119,40,1.381,46,2.938]],["t/86",[28,0.966,40,1.192,46,2.535,47,2.925]],["t/88",[28,1.119,40,1.381,48,3.39]],["t/90",[28,1.119,40,1.381,49,3.39]],["t/92",[28,0.966,41,2.535,50,2.925,51,2.535]],["t/94",[28,1.119,52,3.39,53,3.39]],["t/96",[28,1.33,54,4.031]],["t/98",[28,1.33,55,4.031]],["t/100",[28,1.119,40,1.381,56,3.39]],["t/102",[28,1.119,40,1.381,57,3.39]],["t/104",[58,4.031,59,4.031]],["t/106",[4,2.938,28,1.119,51,2.938]],["t/110",[60,3.493,61,3.493]],["t/112",[61,3.493,62,4.031]],["t/116",[60,2.938,63,3.39,64,3.39]],["t/118",[65,4.031,66,4.031]],["t/120",[7,2.938,67,3.39,68,3.39]],["t/122",[2,2.205,34,3.139]],["t/124",[69,4.031,70,4.031]],["t/126",[2,2.205,71,2.874]],["t/128",[40,1.381,71,2.417,72,2.64]],["t/130",[71,2.417,72,2.64,73,3.39]],["t/132",[71,2.417,72,2.64,74,3.39]],["t/134",[0,2.003,2,1.407,75,2.229,76,2.573,77,2.573]],["t/136",[0,1.788,2,1.256,78,2.296,79,2.296,80,1.788,81,1.989]],["t/138",[80,2.278,81,2.535,82,2.925,83,2.925]],["t/140",[2,1.6,34,2.278,80,2.278,84,2.925]],["t/144",[32,2.278,85,2.535,86,2.925,87,2.535]],["t/146",[32,1.788,75,1.989,85,1.989,87,1.989,88,2.296,89,2.296]],["t/150",[90,4.031,91,4.031]],["t/152",[40,2.025]]],"invertedIndex":[["401",{"_index":82,"t":{"138":{"position":[[17,3]]}}}],["ad",{"_index":51,"t":{"92":{"position":[[16,2]]},"106":{"position":[[0,6]]}}}],["adf",{"_index":42,"t":{"76":{"position":[[0,4]]}}}],["adfsopt",{"_index":9,"t":{"12":{"position":[[0,11]]}}}],["alpha",{"_index":1,"t":{"5":{"position":[[6,5]]}}}],["alphaopt",{"_index":10,"t":{"14":{"position":[[0,12]]}}}],["auth",{"_index":40,"t":{"72":{"position":[[7,4]]},"74":{"position":[[6,4]]},"76":{"position":[[5,4]]},"78":{"position":[[9,4]]},"80":{"position":[[7,4]]},"82":{"position":[[6,4]]},"84":{"position":[[9,4]]},"86":{"position":[[14,4]]},"88":{"position":[[7,4]]},"90":{"position":[[9,4]]},"100":{"position":[[13,4]]},"102":{"position":[[10,4]]},"128":{"position":[[0,4]]},"152":{"position":[[0,4]]}}}],["auth_request",{"_index":76,"t":{"134":{"position":[[35,12]]}}}],["authent",{"_index":59,"t":{"104":{"position":[[6,14]]}}}],["azur",{"_index":41,"t":{"74":{"position":[[0,5]]},"92":{"position":[[10,5]]}}}],["azureopt",{"_index":11,"t":{"16":{"position":[[0,12]]}}}],["bitbucket",{"_index":57,"t":{"102":{"position":[[0,9]]}}}],["bitbucketopt",{"_index":12,"t":{"18":{"position":[[0,16]]}}}],["claimsourc",{"_index":13,"t":{"20":{"position":[[0,11]]}}}],["command",{"_index":67,"t":{"120":{"position":[[0,7]]}}}],["config",{"_index":65,"t":{"118":{"position":[[0,6]]}}}],["configur",{"_index":2,"t":{"5":{"position":[[12,13]]},"7":{"position":[[11,13]]},"11":{"position":[[0,13]]},"122":{"position":[[10,13]]},"126":{"position":[[8,13]]},"134":{"position":[[0,11]]},"136":{"position":[[0,11]]},"140":{"position":[[34,13]]}}}],["connect",{"_index":53,"t":{"94":{"position":[[7,7]]}}}],["convert",{"_index":3,"t":{"7":{"position":[[0,10]]}}}],["cooki",{"_index":60,"t":{"110":{"position":[[0,6]]},"116":{"position":[[13,6]]}}}],["digitalocean",{"_index":56,"t":{"100":{"position":[[0,12]]}}}],["direct",{"_index":77,"t":{"134":{"position":[[48,9]]}}}],["disclosur",{"_index":37,"t":{"64":{"position":[[9,11]]},"66":{"position":[[23,12]]}}}],["durat",{"_index":14,"t":{"22":{"position":[[0,8]]}}}],["e.g",{"_index":89,"t":{"146":{"position":[[32,4]]}}}],["email",{"_index":58,"t":{"104":{"position":[[0,5]]}}}],["environ",{"_index":69,"t":{"124":{"position":[[0,11]]}}}],["error",{"_index":83,"t":{"138":{"position":[[21,6]]}}}],["facebook",{"_index":43,"t":{"78":{"position":[[0,8]]}}}],["file",{"_index":66,"t":{"118":{"position":[[7,4]]}}}],["fix",{"_index":26,"t":{"40":{"position":[[27,5]]}}}],["format",{"_index":72,"t":{"128":{"position":[[9,6]]},"130":{"position":[[12,6]]},"132":{"position":[[13,6]]}}}],["forwardauth",{"_index":80,"t":{"136":{"position":[[42,11]]},"138":{"position":[[0,11]]},"140":{"position":[[0,11]]}}}],["gener",{"_index":63,"t":{"116":{"position":[[0,10]]}}}],["gitea",{"_index":45,"t":{"82":{"position":[[0,5]]}}}],["github",{"_index":44,"t":{"80":{"position":[[0,6]]}}}],["githubopt",{"_index":15,"t":{"24":{"position":[[0,13]]}}}],["gitlab",{"_index":48,"t":{"88":{"position":[[0,6]]}}}],["gitlabopt",{"_index":16,"t":{"26":{"position":[[0,13]]}}}],["googl",{"_index":39,"t":{"72":{"position":[[0,6]]}}}],["googleopt",{"_index":17,"t":{"28":{"position":[[0,13]]}}}],["header",{"_index":18,"t":{"30":{"position":[[0,6]]}}}],["headervalu",{"_index":19,"t":{"32":{"position":[[0,11]]}}}],["keycloak",{"_index":46,"t":{"84":{"position":[[0,8]]},"86":{"position":[[0,8]]}}}],["keycloakopt",{"_index":20,"t":{"34":{"position":[[0,15]]}}}],["line",{"_index":68,"t":{"120":{"position":[[8,4]]}}}],["linkedin",{"_index":49,"t":{"90":{"position":[[0,8]]}}}],["log",{"_index":71,"t":{"126":{"position":[[0,7]]},"128":{"position":[[5,3]]},"130":{"position":[[8,3]]},"132":{"position":[[9,3]]}}}],["login.gov",{"_index":54,"t":{"96":{"position":[[0,9]]}}}],["logingovopt",{"_index":21,"t":{"36":{"position":[[0,15]]}}}],["loginurlparamet",{"_index":22,"t":{"38":{"position":[[0,17]]}}}],["microsoft",{"_index":50,"t":{"92":{"position":[[0,9]]}}}],["middlewar",{"_index":81,"t":{"136":{"position":[[54,10]]},"138":{"position":[[28,10]]}}}],["new",{"_index":4,"t":{"7":{"position":[[32,3]]},"106":{"position":[[9,3]]}}}],["nextcloud",{"_index":55,"t":{"98":{"position":[[0,9]]}}}],["nginx",{"_index":75,"t":{"134":{"position":[[29,5]]},"146":{"position":[[37,5]]}}}],["oauth2",{"_index":86,"t":{"144":{"position":[[17,6]]}}}],["oidc",{"_index":47,"t":{"86":{"position":[[9,4]]}}}],["oidcopt",{"_index":27,"t":{"42":{"position":[[0,11]]}}}],["openid",{"_index":52,"t":{"94":{"position":[[0,6]]}}}],["option",{"_index":7,"t":{"9":{"position":[[8,7]]},"120":{"position":[[13,7]]}}}],["out",{"_index":91,"t":{"150":{"position":[[5,3]]}}}],["paramet",{"_index":23,"t":{"40":{"position":[[2,9]]}}}],["provid",{"_index":28,"t":{"44":{"position":[[0,8]]},"48":{"position":[[0,9]]},"72":{"position":[[12,8]]},"74":{"position":[[11,8]]},"76":{"position":[[10,8]]},"78":{"position":[[14,8]]},"80":{"position":[[12,8]]},"82":{"position":[[11,8]]},"84":{"position":[[14,8]]},"86":{"position":[[19,8]]},"88":{"position":[[12,8]]},"90":{"position":[[14,8]]},"92":{"position":[[19,8]]},"94":{"position":[[15,8]]},"96":{"position":[[10,8]]},"98":{"position":[[10,8]]},"100":{"position":[[18,8]]},"102":{"position":[[15,8]]},"106":{"position":[[13,8]]}}}],["providertyp",{"_index":29,"t":{"46":{"position":[[0,12]]}}}],["proxi",{"_index":87,"t":{"144":{"position":[[24,5]]},"146":{"position":[[25,6]]}}}],["redi",{"_index":62,"t":{"112":{"position":[[0,5]]}}}],["refer",{"_index":8,"t":{"11":{"position":[[14,9]]}}}],["remov",{"_index":6,"t":{"9":{"position":[[0,7]]}}}],["request",{"_index":73,"t":{"130":{"position":[[0,7]]}}}],["respond",{"_index":38,"t":{"66":{"position":[[12,7]]}}}],["revers",{"_index":88,"t":{"146":{"position":[[17,7]]}}}],["secret",{"_index":64,"t":{"116":{"position":[[20,6]]}}}],["secretsourc",{"_index":30,"t":{"50":{"position":[[0,12]]}}}],["secur",{"_index":36,"t":{"64":{"position":[[0,8]]}}}],["server",{"_index":31,"t":{"52":{"position":[[0,6]]}}}],["sign",{"_index":90,"t":{"150":{"position":[[0,4]]}}}],["standard",{"_index":74,"t":{"132":{"position":[[0,8]]}}}],["static",{"_index":84,"t":{"140":{"position":[[17,6]]}}}],["storag",{"_index":61,"t":{"110":{"position":[[7,7]]},"112":{"position":[[6,7]]}}}],["structur",{"_index":5,"t":{"7":{"position":[[36,9]]}}}],["termin",{"_index":85,"t":{"144":{"position":[[0,9]]},"146":{"position":[[0,9]]}}}],["tl",{"_index":32,"t":{"54":{"position":[[0,3]]},"144":{"position":[[10,3]]},"146":{"position":[[10,3]]}}}],["traefik",{"_index":78,"t":{"136":{"position":[[29,7]]}}}],["upstream",{"_index":34,"t":{"58":{"position":[[0,8]]},"122":{"position":[[0,9]]},"140":{"position":[[24,9]]}}}],["upstreamconfig",{"_index":35,"t":{"60":{"position":[[0,14]]}}}],["urlparameterrul",{"_index":33,"t":{"56":{"position":[[0,16]]}}}],["us",{"_index":0,"t":{"5":{"position":[[0,5]]},"134":{"position":[[16,3]]},"136":{"position":[[16,3]]}}}],["v2",{"_index":79,"t":{"136":{"position":[[37,4]]}}}],["valu",{"_index":25,"t":{"40":{"position":[[18,5]]}}}],["variabl",{"_index":70,"t":{"124":{"position":[[12,9]]}}}],["whose",{"_index":24,"t":{"40":{"position":[[12,5]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":2,"t":"Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens). If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned) After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) Notice that the proxy also provides a number of useful endpoints.","s":"Behaviour","u":"/oauth2-proxy/docs/next/behaviour","h":"","p":1},{"i":4,"t":"danger This page contains documentation for alpha features. We reserve the right to make breaking changes to the features detailed within this page with no notice. Options described in this page may be changed, removed, renamed or moved without prior warning. Please beware of this before you use alpha configuration options. This page details a set of alpha configuration options in a new format. Going forward we are intending to add structured configuration in YAML format to replace the existing TOML based configuration file and flags. Below is a reference for the structure of the configuration, with AlphaOptions as the root of the configuration. When using alpha configuration, your config file will look something like below: upstreams: - id: ... ...injectRequestHeaders: - name: ... ...injectResponseHeaders: - name: ... ... Please browse the reference below for the structure of the new configuration format.","s":"Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"","p":3},{"i":6,"t":"To use the new alpha configuration, generate a YAML file based on the format described in the reference below. Provide the path to this file using the --alpha-config flag. note When using the --alpha-config flag, some options are no longer available. See removed options below for more information.","s":"Using Alpha Configuration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#using-alpha-configuration","p":3},{"i":8,"t":"Before adding the new --alpha-config option, start OAuth2 Proxy using the convert-config-to-alpha flag to convert existing configuration to the new format. oauth2-proxy --convert-config-to-alpha --config ./path/to/existing/config.cfg This will convert any options supported by the new format to YAML and print the new configuration to STDOUT. Copy this to a new file, remove any options from your existing configuration noted in removed options and then start OAuth2 Proxy using the new config. oauth2-proxy --alpha-config ./path/to/new/config.yaml --config ./path/to/existing/config.cfg","s":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":3},{"i":10,"t":"The following flags/options and their respective environment variables are no longer available when using alpha configuration: flush-interval/flush_interval pass-host-header/pass_host_header proxy-websockets/proxy_websockets ssl-upstream-insecure-skip-verify/ssl_upstream_insecure_skip_verify upstream/upstreams pass-basic-auth/pass_basic_auth pass-access-token/pass_access_token pass-user-headers/pass_user_headers pass-authorization-header/pass_authorization_header set-basic-auth/set_basic_auth set-xauthrequest/set_xauthrequest set-authorization-header/set_authorization_header prefer-email-to-user/prefer_email_to_user basic-auth-password/basic_auth_password skip-auth-strip-headers/skip_auth_strip_headers client-id/client_id client-secret/client_secret, and client-secret-file/client_secret_file provider provider-display-name/provider_display_name provider-ca-file/provider_ca_files login-url/login_url redeem-url/redeem_url profile-url/profile_url resource validate-url/validate_url scope prompt approval-prompt/approval_prompt acr-values/acr_values user-id-claim/user_id_claim allowed-group/allowed_groups allowed-role/allowed_roles jwt-key/jwt_key jwt-key-file/jwt_key_file pubjwk-url/pubjwk_url and all provider-specific options, i.e. any option whose name includes oidc, azure, bitbucket, github, gitlab, google or keycloak. Attempting to use any of these options via flags or via config when --alpha-config is set will result in an error. info You must remove these options before starting OAuth2 Proxy with --alpha-config","s":"Removed options","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#removed-options","p":3},{"i":13,"t":"(Appears on: Provider) Field Type Description skipScope bool Skip adding the scope parameter in login requestDefault value is 'false'","s":"ADFSOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#adfsoptions","p":3},{"i":15,"t":"AlphaOptions contains alpha structured configuration options. Usage of these options allows users to access alpha features that are not available as part of the primary configuration structure for OAuth2 Proxy. danger The options within this structure are considered alpha. They may change between releases without notice. Field Type Description upstreamConfig UpstreamConfig UpstreamConfig is used to configure upstream servers.Once a user is authenticated, requests to the server will be proxied tothese upstream servers based on the path mappings defined in this list. injectRequestHeaders []Header InjectRequestHeaders is used to configure headers that should be addedto requests to upstream servers.Headers may source values from either the authenticated user's sessionor from a static secret value. injectResponseHeaders []Header InjectResponseHeaders is used to configure headers that should be addedto responses from the proxy.This is typically used when using the proxy as an external authenticationprovider in conjunction with another proxy such as NGINX and itsauth_request module.Headers may source values from either the authenticated user's sessionor from a static secret value. server Server Server is used to configure the HTTP(S) server for the proxy application.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. metricsServer Server MetricsServer is used to configure the HTTP(S) server for metrics.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. providers Providers Providers is used to configure multiple providers.","s":"AlphaOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#alphaoptions","p":3},{"i":17,"t":"(Appears on: Provider) Field Type Description tenant string Tenant directs to a tenant-specific or common (tenant-independent) endpointDefault value is 'common' graphGroupField string GraphGroupField configures the group field to be used when building the groups list from Microsoft GraphDefault value is 'id'","s":"AzureOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#azureoptions","p":3},{"i":19,"t":"(Appears on: Provider) Field Type Description team string Team sets restrict logins to members of this team repository string Repository sets restrict logins to user with access to this repository","s":"BitbucketOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#bitbucketoptions","p":3},{"i":21,"t":"(Appears on: HeaderValue) ClaimSource allows loading a header value from a claim within the session Field Type Description claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"ClaimSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#claimsource","p":3},{"i":23,"t":"(string alias)​ (Appears on: Upstream) Duration is as string representation of a period of time. A duration string is a is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".","s":"Duration","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#duration","p":3},{"i":25,"t":"(Appears on: Provider) Field Type Description org string Org sets restrict logins to members of this organisation team string Team sets restrict logins to members of this team repo string Repo sets restrict logins to collaborators of this repository token string Token is the token to use when verifying repository collaboratorsit must have push access to the repository users []string Users allows users with these usernames to logineven if they do not belong to the specified org and team or collaborators","s":"GitHubOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#githuboptions","p":3},{"i":27,"t":"(Appears on: Provider) Field Type Description group []string Group sets restrict logins to members of this group projects []string Projects restricts logins to members of any of these projects","s":"GitLabOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#gitlaboptions","p":3},{"i":29,"t":"(Appears on: Provider) Field Type Description group []string Groups sets restrict logins to members of this google group adminEmail string AdminEmail is the google admin to impersonate for api calls serviceAccountJson string ServiceAccountJSON is the path to the service account json credentials useApplicationDefaultCredentials bool UseApplicationDefaultCredentials is a boolean whether to use Application Default Credentials instead of a ServiceAccountJSON","s":"GoogleOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#googleoptions","p":3},{"i":31,"t":"(Appears on: AlphaOptions) Header represents an individual header that will be added to a request or response header. Field Type Description name string Name is the header name to be used for this set of values.Names should be unique within a list of Headers. preserveRequestValue bool PreserveRequestValue determines whether any values for this headershould be preserved for the request to the upstream server.This option only applies to injected request headers.Defaults to false (headers that match this header will be stripped). values []HeaderValue Values contains the desired values for this header","s":"Header","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#header","p":3},{"i":33,"t":"(Appears on: Header) HeaderValue represents a single header value and the sources that can make up the header value Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value. claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"HeaderValue","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#headervalue","p":3},{"i":35,"t":"(Appears on: Provider) Field Type Description groups []string Group enables to restrict login to members of indicated group roles []string Role enables to restrict login to users with role (only available when using the keycloak-oidc provider)","s":"KeycloakOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#keycloakoptions","p":3},{"i":37,"t":"(Appears on: Provider) Field Type Description jwtKey string JWTKey is a private key in PEM format used to sign JWT, jwtKeyFile string JWTKeyFile is a path to the private key file in PEM format used to sign the JWT pubjwkURL string PubJWKURL is the JWK pubkey access endpoint","s":"LoginGovOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#logingovoptions","p":3},{"i":39,"t":"(Appears on: Provider) LoginURLParameter is the configuration for a single query parameter that can be passed through from the /oauth2/start endpoint to the IdP login URL. The \"default\" option specifies the default value or values (if any) that will be passed to the IdP for this parameter, and \"allow\" is a list of options for ways in which this parameter can be set or overridden via the query string to /oauth2/start. If only a default is specified and no \"allow\" then the parameter is effectively fixed - the default value will always be used and anything passed to the start URL will be ignored. If only \"allow\" is specified but no default then the parameter will only be passed on to the IdP if the caller provides it, and no value will be sent otherwise. Examples:","s":"LoginURLParameter","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#loginurlparameter","p":3},{"i":41,"t":"name: organizationdefault:- myorg A parameter that is not passed by default, but may be set to one of a fixed set of values name: promptallow:- value: login- value: consent- value: select_account A parameter that is passed by default but may be overridden by one of a fixed set of values name: promptdefault: [\"login\"]allow:- value: consent- value: select_account A parameter that may be overridden, but only by values that match a regular expression. For example to restrict login_hint to email addresses in your organization's domain: name: login_hintallow:- pattern: '^[^@]*@example\\.com$'# this allows at most one \"@\" sign, and requires \"example.com\" domain. Note that the YAML rules around exactly which characters are allowed and/or require escaping in different types of string literals are convoluted. For regular expressions the single quoted form is simplest as backslash is not considered to be an escape character. Alternatively use the \"chomped block\" format |-: - pattern: |- ^[^@]*@example\\.com$ The hyphen is important, a | block would have a trailing newline character. Field Type Description name string Name specifies the name of the query parameter. default []string (Optional) Default specifies a default value or values that will bepassed to the IdP if not overridden. allow []URLParameterRule (Optional) Allow specifies rules about how the default (if any) may beoverridden via the query string to /oauth2/start. Onlyvalues that match one or more of the allow rules will beforwarded to the IdP.","s":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"","p":3},{"i":43,"t":"(Appears on: Provider) Field Type Description issuerURL string IssuerURL is the OpenID Connect issuer URLeg: https://accounts.google.com insecureAllowUnverifiedEmail bool InsecureAllowUnverifiedEmail prevents failures if an email address in an id_token is not verifieddefault set to 'false' insecureSkipIssuerVerification bool InsecureSkipIssuerVerification skips verification of ID token issuers. When false, ID Token Issuers must match the OIDC discovery URLdefault set to 'false' insecureSkipNonce bool InsecureSkipNonce skips verifying the ID Token's nonce claim that must matchthe random nonce sent in the initial OAuth flow. Otherwise, the nonce is checkedafter the initial OAuth redeem & subsequent token refreshes.default set to 'true'Warning: In a future release, this will change to 'false' by default for enhanced security. skipDiscovery bool SkipDiscovery allows to skip OIDC discovery and use manually supplied Endpointsdefault set to 'false' jwksURL string JwksURL is the OpenID Connect JWKS URLeg: https://www.googleapis.com/oauth2/v3/certs emailClaim string EmailClaim indicates which claim contains the user email,default set to 'email' groupsClaim string GroupsClaim indicates which claim contains the user groupsdefault set to 'groups' userIDClaim string UserIDClaim indicates which claim contains the user IDdefault set to 'email' audienceClaims []string AudienceClaim allows to define any claim that is verified against the client idBy default aud claim is used for verification. extraAudiences []string ExtraAudiences is a list of additional audiences that are allowedto pass verification in addition to the client id.","s":"OIDCOptions","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#oidcoptions","p":3},{"i":45,"t":"(Appears on: Providers) Provider holds all configuration for a single provider Field Type Description clientID string ClientID is the OAuth Client ID that is defined in the providerThis value is required for all providers. clientSecret string ClientSecret is the OAuth Client Secret that is defined in the providerThis value is required for all providers. clientSecretFile string ClientSecretFile is the name of the filecontaining the OAuth Client Secret, it will be used if ClientSecret is not set. keycloakConfig KeycloakOptions KeycloakConfig holds all configurations for Keycloak provider. azureConfig AzureOptions AzureConfig holds all configurations for Azure provider. ADFSConfig ADFSOptions ADFSConfig holds all configurations for ADFS provider. bitbucketConfig BitbucketOptions BitbucketConfig holds all configurations for Bitbucket provider. githubConfig GitHubOptions GitHubConfig holds all configurations for GitHubC provider. gitlabConfig GitLabOptions GitLabConfig holds all configurations for GitLab provider. googleConfig GoogleOptions GoogleConfig holds all configurations for Google provider. oidcConfig OIDCOptions OIDCConfig holds all configurations for OIDC provideror providers utilize OIDC configurations. loginGovConfig LoginGovOptions LoginGovConfig holds all configurations for LoginGov provider. id string ID should be a unique identifier for the provider.This value is required for all providers. provider ProviderType Type is the OAuth providermust be set from the supported providers group,otherwise 'Google' is set as default name string Name is the providers display nameif set, it will be shown to the users in the login page. caFiles []string CAFiles is a list of paths to CA certificates that should be used when connecting to the provider.If not specified, the default Go trust sources are used instead loginURL string LoginURL is the authentication endpoint loginURLParameters []LoginURLParameter LoginURLParameters defines the parameters that can be passed from the start URL to the IdP login URL redeemURL string RedeemURL is the token redemption endpoint profileURL string ProfileURL is the profile access endpoint resource string ProtectedResource is the resource that is protected (Azure AD and ADFS only) validateURL string ValidateURL is the access token validation endpoint scope string Scope is the OAuth scope specification allowedGroups []string AllowedGroups is a list of restrict logins to members of this group code_challenge_method string The code challenge method","s":"Provider","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#provider","p":3},{"i":47,"t":"(string alias)​ (Appears on: Provider) ProviderType is used to enumerate the different provider type options Valid options are: adfs, azure, bitbucket, digitalocean facebook, github, gitlab, google, keycloak, keycloak-oidc, linkedin, login.gov, nextcloud and oidc.","s":"ProviderType","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providertype","p":3},{"i":49,"t":"([]Provider alias)​ (Appears on: AlphaOptions) Providers is a collection of definitions for providers.","s":"Providers","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#providers","p":3},{"i":51,"t":"(Appears on: ClaimSource, HeaderValue, TLS) SecretSource references an individual secret value. Only one source within the struct should be defined at any time. Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value.","s":"SecretSource","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#secretsource","p":3},{"i":53,"t":"(Appears on: AlphaOptions) Server represents the configuration for an HTTP(S) server Field Type Description BindAddress string BindAddress is the address on which to serve traffic.Leave blank or set to \"-\" to disable. SecureBindAddress string SecureBindAddress is the address on which to serve secure traffic.Leave blank or set to \"-\" to disable. TLS TLS TLS contains the information for loading the certificate and key for thesecure traffic and further configuration for the TLS server.","s":"Server","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#server","p":3},{"i":55,"t":"(Appears on: Server) TLS contains the information for loading a TLS certificate and key as well as an optional minimal TLS version that is acceptable. Field Type Description Key SecretSource Key is the TLS key data to use.Typically this will come from a file. Cert SecretSource Cert is the TLS certificate data to use.Typically this will come from a file. MinVersion string MinVersion is the minimal TLS version that is acceptable.E.g. Set to \"TLS1.3\" to select TLS version 1.3 CipherSuites []string CipherSuites is a list of TLS cipher suites that are allowed.E.g.:- TLS_RSA_WITH_RC4_128_SHA- TLS_RSA_WITH_AES_256_GCM_SHA384If not specified, the default Go safe cipher list is used.List of valid cipher suites can be found in the crypto/tls documentation.","s":"TLS","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#tls","p":3},{"i":57,"t":"(Appears on: LoginURLParameter) URLParameterRule represents a rule by which query parameters passed to the /oauth2/start endpoint are checked to determine whether they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both. Field Type Description value string A Value rule matches just this specific value pattern string A Pattern rule gives a regular expression that must be matched bysome substring of the value. The expression is not automaticallyanchored to the start and end of the value, if you want to restrictthe whole parameter value you must anchor it yourself with ^ and $.","s":"URLParameterRule","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#urlparameterrule","p":3},{"i":59,"t":"(Appears on: UpstreamConfig) Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path. Field Type Description id string ID should be a unique identifier for the upstream.This value is required for all upstreams. path string Path is used to map requests to the upstream server.The closest match will take precedence and all Paths must be unique.Path can also take a pattern when used with RewriteTarget.Path segments can be captured and matched using regular experessions.Eg:- ^/foo$: Match only the explicit path /foo- ^/bar/$: Match any path prefixed with /bar/- ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget rewriteTarget string RewriteTarget allows users to rewrite the request path before it is sent tothe upstream server.Use the Path to capture segments for reuse within the rewrite target.Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewritethe request /baz/abc/123 to /foo/abc/123 before proxying to theupstream server. uri string The URI of the upstream server. This may be an HTTP(S) server of a Filebased URL. It may include a path, in which case all requests will be servedunder that path.Eg:- http://localhost:8080- https://service.localhost- https://service.localhost/path- file://host/pathIf the URI's path is \"/base\" and the incoming request was for \"/dir\",the upstream request will be for \"/base/dir\". insecureSkipTLSVerify bool InsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.This option is insecure and will allow potential Man-In-The-Middle attacksbetweem OAuth2 Proxy and the usptream server.Defaults to false. static bool Static will make all requests to this upstream have a static response.The response will have a body of \"Authenticated\" and a response codematching StaticCode.If StaticCode is not set, the response will return a 200 response. staticCode int StaticCode determines the response code for the Static response.This option can only be used with Static enabled. flushInterval Duration FlushInterval is the period between flushing the response buffer whenstreaming response from the upstream.Defaults to 1 second. passHostHeader bool PassHostHeader determines whether the request host header should be proxiedto the upstream server.Defaults to true. proxyWebSockets bool ProxyWebSockets enables proxying of websockets to upstream serversDefaults to true. timeout Duration Timeout is the maximum duration the server will wait for a response from the upstream server.Defaults to 30 seconds.","s":"Upstream","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstream","p":3},{"i":61,"t":"(Appears on: AlphaOptions) UpstreamConfig is a collection of definitions for upstream servers. Field Type Description proxyRawPath bool ProxyRawPath will pass the raw url path to upstream allowing for url'slike: \"/%2F/\" which would otherwise be redirected to \"/\" upstreams []Upstream Upstreams represents the configuration for the upstream servers.Requests will be proxied to this upstream if the path matches the request path.","s":"UpstreamConfig","u":"/oauth2-proxy/docs/next/configuration/alpha-config","h":"#upstreamconfig","p":3},{"i":63,"t":"note OAuth2 Proxy is a community project. Maintainers do not work on this project full time, and as such, while we endeavour to respond to disclosures as quickly as possible, this may take longer than in projects with corporate sponsorship.","s":"Security","u":"/oauth2-proxy/docs/next/community/security","h":"","p":62},{"i":65,"t":"info If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly. Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintenance team for OAuth2 Proxy, please compose an email and send it to the list of maintainers in our MAINTAINERS file. Please include as much detail as possible. Ideally, your disclosure should include: A reproducible case that can be used to demonstrate the exploit How you discovered this vulnerability A potential fix for the issue (if you have thought of one) Versions affected (if not present in master) Your GitHub ID","s":"Security Disclosures","u":"/oauth2-proxy/docs/next/community/security","h":"#security-disclosures","p":62},{"i":67,"t":"We use GitHub Security Advisories to privately discuss fixes for disclosed vulnerabilities. If you include a GitHub ID with your disclosure we will add you as a collaborator for the advisory so that you can join the discussion and validate any fixes we may propose. For minor issues and previously disclosed vulnerabilities (typically for dependencies), we may use regular PRs for fixes and forego the security advisory. Once a fix has been agreed upon, we will merge the fix and create a new release. If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.","s":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/next/community/security","h":"#how-will-we-respond-to-disclosures","p":62},{"i":69,"t":"Choose how to deploy: a. Download Prebuilt Binary (current release is v7.5.0) b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available) d. Using a Kubernetes manifest (Helm) Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. $ sha256sum -c sha256sum.txtoauth2-proxy-x.y.z.linux-amd64: OK Select a Provider and Register an OAuth Application with a Provider Configure OAuth2 Proxy using config file, command line options, or environment variables Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)","s":"Installation","u":"/oauth2-proxy/docs/next/","h":"","p":68},{"i":71,"t":"You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on. Valid providers are : Google default Azure ADFS Facebook GitHub Gitea Keycloak GitLab LinkedIn Microsoft Azure AD OpenID Connect login.gov Nextcloud DigitalOcean Bitbucket The provider can be selected using the provider configuration value. Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.","s":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"","p":70},{"i":73,"t":"For Google, the registration steps are: Create a new project: https://console.developers.google.com/project Choose the new project from the top right project dropdown (only if another project is selected) In the project Dashboard center pane, choose \"APIs & Services\" In the left Nav pane, choose \"Credentials\" In the center pane, choose \"OAuth consent screen\" tab. Fill in \"Product name shown to users\" and hit save. In the center pane, choose \"Credentials\" tab. Open the \"New credentials\" drop down Choose \"OAuth client ID\" Choose \"Web application\" Application name is freeform, choose something appropriate Authorized JavaScript origins is your domain ex: https://internal.yourcompany.com Authorized redirect URIs is the location of oauth2/callback ex: https://internal.yourcompany.com/oauth2/callback Choose \"Create\" Take note of the Client ID and Client Secret It's recommended to refresh sessions on a short interval (1h) with cookie-refresh setting which validates that the account is still authorized. Restrict auth to specific Google groups on your domain. (optional)​ Create a service account and download the json file if you're not using Application Default Credentials / Workload Identity / Workload Identity Federation (recommended). Make note of the Client ID for a future step. Under \"APIs & Auth\", choose APIs. Click on Admin SDK and then Enable API. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: Using Application Default Credentials (ADC) / Workload Identity / Workload Identity Federation (recommended)​ oauth2-proxy can make use of Application Default Credentials. When deployed within GCP, this means that it can automatically use the service account attached to the resource. When deployed to GKE, ADC can be leveraged through a feature called Workload Identity. Follow Google's guide to set up Workload Identity. When deployed outside of GCP, Workload Identity Federation might be an option. https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. Create or choose an existing administrative email address on the Gmail domain to assign to the google-admin-email flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. Create or choose an existing email group and set that email to the google-group flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the google-service-account-json flag. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).","s":"Google Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#google-auth-provider","p":70},{"i":75,"t":"Add an application: go to https://portal.azure.com, choose Azure Active Directory, select App registrations and then click on New registration. Pick a name, check the supported account type(single-tenant, multi-tenant, etc). In the Redirect URI section create a new Web platform entry for each app that you want to protect by the oauth2 proxy(e.g. https://internal.yourcompanycom/oauth2/callback). Click Register. Next we need to add group read permissions for the app registration, on the API Permissions page of the app, click on Add a permission, select Microsoft Graph, then select Application permissions, then click on Group and select Group.Read.All. Hit Add permissions and then on Grant admin consent (you might need an admin to do this).**IMPORTANT**: Even if this permission is listed with **\"Admin consent required=No\"** the consent might actually be required, due to AAD policies you won't be able to see. If you get a **\"Need admin approval\"** during login, most likely this is what you're missing! Next, if you are planning to use v2.0 Azure Auth endpoint, go to the Manifest page and set \"accessTokenAcceptedVersion\": 2 in the App registration manifest file. On the Certificates & secrets page of the app, add a new client secret and note down the value after hitting Add. Configure the proxy with: for V1 Azure Auth endpoint (Azure Active Directory Endpoints - https://login.microsoftonline.com/common/oauth2/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://sts.windows.net/{tenant-id}/ for V2 Azure Auth endpoint (Microsoft Identity Platform Endpoints - https://login.microsoftonline.com/common/oauth2/v2.0/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://login.microsoftonline.com/{tenant-id}/v2.0 Notes: When using v2.0 Azure Auth endpoint (https://login.microsoftonline.com/{tenant-id}/v2.0) as --oidc_issuer_url, in conjunction with --resource flag, be sure to append /.default at the end of the resource name. See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope for more details. When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"Azure Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#azure-auth-provider","p":70},{"i":77,"t":"Open the ADFS administration console on your Windows Server and add a new Application Group Provide a name for the integration, select Server Application from the Standalone applications section and click Next Follow the wizard to get the client-id, client-secret and configure the application credentials Configure the proxy with --provider=adfs --client-id= --client-secret= Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"ADFS Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adfs-auth-provider","p":70},{"i":79,"t":"Create a new FB App from https://developers.facebook.com/ Under FB Login, set your Valid OAuth redirect URIs to https://internal.yourcompany.com/oauth2/callback","s":"Facebook Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#facebook-auth-provider","p":70},{"i":81,"t":"Create a new project: https://github.com/settings/developers Under Authorization callback URL enter the correct url ie https://internal.yourcompany.com/oauth2/callback The GitHub auth provider supports two additional ways to restrict authentication to either organization and optional team level access, or to collaborators of a repository. Restricting by these options is normally accompanied with --email-domain=* NOTE: When --github-user is set, the specified users are allowed to login even if they do not belong to the specified org and team or collaborators. To restrict by organization only, include the following flag: -github-org=\"\": restrict logins to members of this organisation To restrict within an organization to specific teams, include the following flag in addition to -github-org: -github-team=\"\": restrict logins to members of any of these teams (slug), separated by a comma If you would rather restrict access to collaborators of a repository, those users must either have push access to a public repository or any access to a private repository: -github-repo=\"\": restrict logins to collaborators of this repository formatted as orgname/repo If you'd like to allow access to users with read only access to a public repository you will need to provide a token for a user that has write access to the repository. The token must be created with at least the public_repo scope: -github-token=\"\": the token to use when verifying repository collaborators To allow a user to login with their username even if they do not belong to the specified org and team or collaborators, separated by a comma -github-user=\"\": allow logins by username, separated by a comma If you are using GitHub enterprise, make sure you set the following to the appropriate url: -login-url=\"http(s):///login/oauth/authorize\"-redeem-url=\"http(s):///login/oauth/access_token\"-validate-url=\"http(s):///api/v3\"","s":"GitHub Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#github-auth-provider","p":70},{"i":83,"t":"Create a new application: https://< your gitea host >/user/settings/applications Under Redirect URI enter the correct URL i.e. https:///oauth2/callback Note the Client ID and Client Secret. Pass the following options to the proxy: --provider=\"github\" --redirect-url=\"https:///oauth2/callback\" --provider-display-name=\"Gitea\" --client-id=\"< client_id as generated by Gitea >\" --client-secret=\"< client_secret as generated by Gitea >\" --login-url=\"https://< your gitea host >/login/oauth/authorize\" --redeem-url=\"https://< your gitea host >/login/oauth/access_token\" --validate-url=\"https://< your gitea host >/api/v1/user/emails\"","s":"Gitea Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitea-auth-provider","p":70},{"i":85,"t":"note This is the legacy provider for Keycloak, use Keycloak OIDC Auth Provider if possible. Create new client in your Keycloak realm with Access Type 'confidental' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Make sure you set the following to the appropriate url: --provider=keycloak --client-id= --client-secret= --login-url=\"http(s):///auth/realms//protocol/openid-connect/auth\" --redeem-url=\"http(s):///auth/realms//protocol/openid-connect/token\" --profile-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --validate-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --keycloak-group= --keycloak-group= For group based authorization, the optional --keycloak-group (legacy) or --allowed-group (global standard) flags can be used to specify which groups to limit access to. If these are unset but a groups mapper is set up above in step (3), the provider will still populate the X-Forwarded-Groups header to your upstream server with the groups data in the Keycloak userinfo endpoint response. The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.","s":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-auth-provider","p":70},{"i":87,"t":"--provider=keycloak-oidc --client-id= --client-secret= --redirect-url=https://internal.yourcompany.com/oauth2/callback --oidc-issuer-url=https:///auth/realms/ --email-domain= // Validate email domain for users, see option documentation --allowed-role= // Optional, required realm role --allowed-role=: // Optional, required client role --allowed-group= // Optional, requires group client scope --code-challenge-method=S256 // PKCE note Keycloak has updated its admin console and as of version 19.0.0, the new admin console is enabled by default. The legacy admin console has been announced for removal with the release of version 21.0.0. Keycloak legacy admin console Create new client in your Keycloak realm with Access Type 'confidential', Client protocol 'openid-connect' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Create a mapper with Mapper Type 'Audience' and Included Client Audience and Included Custom Audience set to your client name. Keycloak new admin console (default as of v19.0.0) The following example shows how to create a simple OIDC client using the new Keycloak admin2 console. However, for best practices, it is recommended to consult the Keycloak documentation. The OIDC client must be configured with an audience mapper to include the client's name in the aud claim of the JWT token. The aud claim specifies the intended recipient of the token, and OAuth2 Proxy expects a match against the values of either --client-id or --oidc-extra-audience. In Keycloak, claims are added to JWT tokens through the use of mappers at either the realm level using \"client scopes\" or through \"dedicated\" client mappers. Creating the client Create a new OIDC client in your Keycloak realm by navigating to:Clients -> Create client Client Type 'OpenID Connect' Client ID , please complete the remaining fields as appropriate and click Next. Client authentication 'On' Authentication flow Standard flow 'selected' Direct access grants 'deselect' Save the configuration. Settings / Access settings: Valid redirect URIs https://internal.yourcompany.com/oauth2/callback Save the configuration. Under the Credentials tab you will now be able to locate . Configure a dedicated audience mapper for your client by navigating to Clients -> -> Client scopes. Access the dedicated mappers pane by clicking -dedicated, located under Assigned client scope.(It should have a description of \"Dedicated scope and mappers for this client\") Click Configure a new mapper and select Audience Name 'aud-mapper-' Included Client Audience select from the dropdown. OAuth2 proxy can be set up to pass both the access and ID JWT tokens to your upstream services. If you require additional audience entries, you can use the Included Custom Audience field in addition to the \"Included Client Audience\" dropdown. Note that the \"aud\" claim of a JWT token should be limited and only specify its intended recipients. Add to ID token 'On' Add to access token 'On' - #1916 Save the configuration. Any subsequent dedicated client mappers can be defined by clicking Dedicated scopes -> Add mapper -> By configuration -> Select mapper You should now be able to create a test user in Keycloak and get access to the OAuth2 Proxy instance, make sure to set an email address matching and select Email verified. Authorization OAuth2 Proxy will perform authorization by requiring a valid user, this authorization can be extended to take into account a user's membership in Keycloak groups, realm roles, and client roles using the keycloak-oidc provider options--allowed-role or --allowed-group Roles A standard Keycloak installation comes with the required mappers for realm roles and client roles through the pre-defined client scope \"roles\". This ensures that any roles assigned to a user are included in the JWT tokens when using an OIDC client that has the \"Full scope allowed\" feature activated, the feature is enabled by default. Creating a realm role Navigate to Realm roles -> Create role Role name, -> save Creating a client role Navigate to Clients -> -> Roles -> Create role Role name, -> save Assign a role to a user Users -> Username -> Role mapping -> Assign role -> filter by roles or clients and select -> Assign. Keycloak \"realm roles\" can be authorized using the --allowed-role= option, while \"client roles\" can be evaluated using --allowed-role=:. You may limit the realm roles included in the JWT tokens for any given client by navigating to: Clients -> -> Client scopes -> -dedicated -> Scope Disabling Full scope allowed activates the Assign role option, allowing you to select which roles, if assigned to a user, will be included in the user's JWT tokens. This can be useful when a user has many associated roles, and you want to reduce the size and impact of the JWT token. Groups You may also do authorization on group memberships by using the OAuth2 Proxy option --allowed-group. We will only do a brief description of creating the required client scope groups and refer you to read the Keycloak documentation. To summarize, the steps required to authorize Keycloak group membership with OAuth2 Proxy are as follows: Create a new Client Scope with the name groups in Keycloak. Include a mapper of type Group Membership. Set the \"Token Claim Name\" to groups or customize by matching it to the --oidc-groups-claim option of OAuth2 Proxy. If the \"Full group path\" option is selected, you need to include a \"/\" separator in the group names defined in the --allowed-group option of OAuth2 Proxy. Example: \"/groupname\" or \"/groupname/childgroup\". After creating the Client Scope named groups you will need to attach it to your client. Clients -> -> Client scopes -> Add client scope -> Select groups and choose Optional and you should now have a client that maps group memberships into the JWT tokens so that Oauth2 Proxy may evaluate them. Create a group by navigating to Groups -> Create group and add your test user as a member. The OAuth2 Proxy option --allowed-group=/groupname will now allow you to filter on group membership Keycloak also has the option of attaching roles to groups, please refer to the Keycloak documentation for more information. Tip To check if roles or groups are added to JWT tokens, you can preview a users token in the Keycloak console by following these steps: Clients -> -> Client scopes -> Evaluate. Select a realm user and optional scope parameters such as groups, and generate the JSON representation of an access or id token to examine its contents.","s":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":70},{"i":89,"t":"This auth provider has been tested against Gitlab version 12.X. Due to Gitlab API changes, it may not work for version prior to 12.X (see 994). Whether you are using GitLab.com or self-hosting GitLab, follow these steps to add an application. Make sure to enable at least the openid, profile and email scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. If you need projects filtering, add the extra read_api scope to your application. The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow these steps --provider=\"gitlab\" --redirect-url=\"https://myapp.com/oauth2/callback\" // Should be the same as the redirect url for the application in gitlab --client-id=GITLAB_CLIENT_ID --client-secret=GITLAB_CLIENT_SECRET --cookie-secret=COOKIE_SECRET Restricting by group membership is possible with the following option: --gitlab-group=\"mygroup,myothergroup\": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: --oidc-issuer-url=\"\" If your self-hosted GitLab is on a sub-directory (e.g. domain.tld/gitlab), as opposed to its own sub-domain (e.g. gitlab.domain.tld), you may need to add a redirect from domain.tld/oauth pointing at e.g. domain.tld/gitlab/oauth.","s":"GitLab Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#gitlab-auth-provider","p":70},{"i":91,"t":"For LinkedIn, the registration steps are: Create a new project: https://www.linkedin.com/secure/developer In the OAuth User Agreement section: In default scope, select r_basicprofile and r_emailaddress. In \"OAuth 2.0 Redirect URLs\", enter https://internal.yourcompany.com/oauth2/callback Fill in the remaining required fields and Save. Take note of the Consumer Key / API Key and Consumer Secret / Secret Key","s":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#linkedin-auth-provider","p":70},{"i":93,"t":"For adding an application to the Microsoft Azure AD follow these steps to add an application. Take note of your TenantId if applicable for your situation. The TenantId can be used to override the default common authorization server with a tenant specific server.","s":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":70},{"i":95,"t":"OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. The OpenID Connect Provider (OIDC) can also be used to connect to other Identity Providers such as Okta, an example can be found below. Dex​ To configure the OIDC provider for Dex, perform the following steps: Download Dex: go get github.com/dexidp/dex See the getting started guide for more details. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. Add a configuration block to the staticClients section of examples/config-dev.yaml: - id: oauth2-proxyredirectURIs:- 'http://127.0.0.1:4180/oauth2/callback'name: 'oauth2-proxy'secret: proxy Launch Dex: from $GOPATH/github.com/dexidp/dex, run: bin/dex serve examples/config-dev.yaml In a second terminal, run the oauth2-proxy with the following args: -provider oidc-provider-display-name \"My OIDC Provider\"-client-id oauth2-proxy-client-secret proxy-redirect-url http://127.0.0.1:4180/oauth2/callback-oidc-issuer-url http://127.0.0.1:5556/dex-cookie-secure=false-cookie-secret=secret-email-domain kilgore.trout To serve the current working directory as a web site under the /static endpoint, add: -upstream file://$PWD/#/static/ Test the setup by visiting http://127.0.0.1:4180 or http://127.0.0.1:4180/static . See also our local testing environment for a self-contained example using Docker and etcd as storage for Dex. Okta​ To configure the OIDC provider for Okta, perform the following steps: Log in to Okta using an administrative account. It is suggested you try this in preview first, example.oktapreview.com (OPTIONAL) If you want to configure authorization scopes and claims to be passed on to multiple applications, you may wish to configure an authorization server for each application. Otherwise, the provided default will work. Navigate to Security then select API Click Add Authorization Server, if this option is not available you may require an additional license for a custom authorization server. Fill out the Name with something to describe the application you are protecting. e.g. 'Example App'. For Audience, pick the URL of the application you wish to protect: https://example.corp.com Fill out a Description Add any Access Policies you wish to configure to limit application access. The default settings will work for other options. See Okta documentation for more information on Authorization Servers Navigate to Applications then select Add Application. Select Web for the Platform setting. Select OpenID Connect and click Create Pick an Application Name such as Example App. Set the Login redirect URI to https://example.corp.com. Under General set the Allowed grant types to Authorization Code and Refresh Token. Leave the rest as default, taking note of the Client ID and Client Secret. Under Assignments select the users or groups you wish to access your application. Create a configuration file like the following: provider = \"oidc\"redirect_url = \"https://example.corp.com/oauth2/callback\"oidc_issuer_url = \"https://corp.okta.com/oauth2/abCd1234\"upstreams = [ \"https://example.corp.com\"]email_domains = [ \"corp.com\"]client_id = \"XXXXX\"client_secret = \"YYYYY\"pass_access_token = truecookie_secret = \"ZZZZZ\"skip_provider_button = true The oidc_issuer_url is based on URL from your Authorization Server's Issuer field in step 2, or simply https://corp.okta.com . The client_id and client_secret are configured in the application settings. Generate a unique cookie_secret to encrypt the cookie. Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/example.cfg Okta - localhost​ Signup for developer account: https://developer.okta.com/signup/ Create New Web Application: https://${your-okta-domain}/dev/console/apps/new Example Application Settings for localhost: Name: My Web App Base URIs: http://localhost:4180/ Login redirect URIs: http://localhost:4180/oauth2/callback Logout redirect URIs: http://localhost:4180/ Group assignments: Everyone Grant type allowed: Authorization Code and Refresh Token Make note of the Client ID and Client secret, they are needed in a future step Make note of the default Authorization Server Issuer URI from: https://${your-okta-domain}/admin/oauth2/as Example config file /etc/localhost.cfg provider = \"oidc\"redirect_url = \"http://localhost:4180/oauth2/callback\"oidc_issuer_url = \"https://${your-okta-domain}/oauth2/default\"upstreams = [ \"http://0.0.0.0:8080\"]email_domains = [ \"*\"]client_id = \"XXX\"client_secret = \"YYY\"pass_access_token = truecookie_secret = \"ZZZ\"cookie_secure = falseskip_provider_button = true# Note: use the following for testing within a container# http_address = \"0.0.0.0:4180\" Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/localhost.cfg","s":"OpenID Connect Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#openid-connect-provider","p":70},{"i":97,"t":"login.gov is an OIDC provider for the US Government. If you are a US Government agency, you can contact the login.gov team through the contact information that you can find on https://login.gov/developers/ and work with them to understand how to get login.gov accounts for integration/test and production access. A developer guide is available here: https://developers.login.gov/, though this proxy handles everything but the data you need to create to register your application in the login.gov dashboard. As a demo, we will assume that you are running your application that you want to secure locally on http://localhost:3000/, that you will be starting your proxy up on http://localhost:4180/, and that you have an agency integration account for testing. First, register your application in the dashboard. The important bits are: Identity protocol: make this Openid connect Issuer: do what they say for OpenID Connect. We will refer to this string as ${LOGINGOV_ISSUER}. Public key: This is a self-signed certificate in .pem format generated from a 2048 bit RSA private key. A quick way to do this is openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/C=US/ST=Washington/L=DC/O=GSA/OU=18F/CN=localhost', The contents of the key.pem shall be referred to as ${OAUTH2_PROXY_JWT_KEY}. Return to App URL: Make this be http://localhost:4180/ Redirect URIs: Make this be http://localhost:4180/oauth2/callback. Attribute Bundle: Make sure that email is selected. Now start the proxy up with the following options: ./oauth2-proxy -provider login.gov \\ -client-id=${LOGINGOV_ISSUER} \\ -redirect-url=http://localhost:4180/oauth2/callback \\ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \\ -cookie-secure=false \\ -email-domain=gsa.gov \\ -upstream=http://localhost:3000/ \\ -cookie-secret=somerandomstring12341234567890AB \\ -cookie-domain=localhost \\ -skip-provider-button=true \\ -pubjwk-url=https://idp.int.identitysandbox.gov/api/openid_connect/certs \\ -profile-url=https://idp.int.identitysandbox.gov/api/openid_connect/userinfo \\ -jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\" You can also set all these options with environment variables, for use in cloud/docker environments. One tricky thing that you may encounter is that some cloud environments will pass in environment variables in a docker env-file, which does not allow multiline variables like a PEM file. If you encounter this, then you can create a jwt_signing_key.pem file in the top level directory of the repo which contains the key in PEM format and then do your docker build. The docker build process will copy that file into your image which you can then access by setting the OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem environment variable, or by setting --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem on the commandline. Once it is running, you should be able to go to http://localhost:4180/ in your browser, get authenticated by the login.gov integration server, and then get proxied on to your application running on http://localhost:3000/. In a real deployment, you would secure your application with a firewall or something so that it was only accessible from the proxy, and you would use real hostnames everywhere. Skip OIDC discovery​ Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the --skip-oidc-discovery option, and supply those required endpoints manually: -provider oidc -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -skip-oidc-discovery -login-url http://127.0.0.1:5556/authorize -redeem-url http://127.0.0.1:5556/token -oidc-jwks-url http://127.0.0.1:5556/keys -cookie-secure=false -email-domain example.com","s":"login.gov Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#logingov-provider","p":70},{"i":99,"t":"The Nextcloud provider allows you to authenticate against users in your Nextcloud instance. When you are using the Nextcloud provider, you must specify the urls via configuration, environment variable, or command line argument. Depending on whether your Nextcloud instance is using pretty urls your urls may be of the form /index.php/apps/oauth2/* or /apps/oauth2/*. Refer to the OAuth2 documentation to setup the client id and client secret. Your \"Redirection URI\" will be https://internalapp.yourcompany.com/oauth2/callback. -provider nextcloud -client-id -client-secret -login-url=\"/index.php/apps/oauth2/authorize\" -redeem-url=\"/index.php/apps/oauth2/api/v1/token\" -validate-url=\"/ocs/v2.php/cloud/user?format=json\" Note: in all cases the validate-url will not have the index.php.","s":"Nextcloud Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#nextcloud-provider","p":70},{"i":101,"t":"Create a new OAuth application You can fill in the name, homepage, and description however you wish. In the \"Application callback URL\" field, enter: https://oauth-proxy/oauth2/callback, substituting oauth2-proxy with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=digitalocean --client-id= --client-secret= Alternatively, set the equivalent options in the config file. The redirect URL defaults to https:///oauth2/callback. If you need to change it, you can use the --redirect-url command-line option.","s":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":70},{"i":103,"t":"Add a new OAuth consumer In \"Callback URL\" use https:///oauth2/callback, substituting with the actual hostname that oauth2-proxy is running on. In Permissions section select: Account -> Email Team membership -> Read Repositories -> Read Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=bitbucket --client-id= --client-secret= The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: --bitbucket-team=. To restrict the access to only these users who has access to one selected repository use --bitbucket-repository=.","s":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":70},{"i":105,"t":"To authorize by email domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.","s":"Email Authentication","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#email-authentication","p":70},{"i":107,"t":"Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.","s":"Adding a new Provider","u":"/oauth2-proxy/docs/next/configuration/oauth_provider","h":"#adding-a-new-provider","p":70},{"i":109,"t":"Sessions allow a user's authentication to be tracked between multiple HTTP requests to a service. The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type): cookie (default) redis","s":"Session Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"","p":108},{"i":111,"t":"The Cookie storage backend is the default backend implementation and has been used in the OAuth2 Proxy historically. With the Cookie storage backend, all session information is stored in client side cookies and transferred with each and every request. The following should be known when using this implementation: Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless Cookies are signed server side to prevent modification client-side It is mandatory to set a cookie-secret which will ensure data is encrypted within the cookie data. Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate","s":"Cookie Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#cookie-storage","p":108},{"i":113,"t":"The Redis Storage backend stores sessions, encrypted, in redis. Instead sending all the information back the client for storage, as in the Cookie storage, a ticket is sent back to the user as the cookie value instead. A ticket is composed as the following: {CookieName}-{ticketID}.{secret} Where: The CookieName is the OAuth2 cookie name (_oauth2_proxy by default) The ticketID is a 128 bit random number, hex-encoded The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session. The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from disclosure. Additionally the browser only has to send a short Cookie with every request and not the whole JWT, which can get quite big. Two settings are used to configure the OAuth2 Proxy cookie lifetime: --cookie-refresh duration refresh the cookie after this duration; 0 to disable--cookie-expire duration expire timeframe for cookie 168h0m0s The \"cookie-expire\" value should be equal to the lifetime of the Refresh-Token that is issued by the OAuth2 authorization server. If it expires earlier and is deleted by the browser, OAuth2 Proxy cannot find the stored Refresh-Tokens in Redis and thus cannot start the refresh flow to get new Access-Tokens. If it is longer, it might be that the old Refresh-Token will be found in Redis but has already expired. The \"cookie-refresh\" value controls when OAuth2 Proxy tries to refresh an Access-Token. If it is set to \"0\", the Access-Token will never be refreshed, even it is already expired and there would be a valid Refresh-Token in the available. If set, OAuth2 Proxy will refresh the Access-Token after this many seconds even if it is still valid. Of course, it will also be refreshed after it has expired, as long as a Refresh Token is available. Caveat: It can happen that the Access-Token is valid for e.g. \"1m\" and a request happens after exactly \"59s\". It would pass OAuth2 Proxy and be forwarded to the backend but is just expired when the backend tries to validate it. This is especially relevant if the backend uses the JWT to make requests to other backends. For this reason, it's advised to set the cookie-refresh a couple of seconds less than the Access-Token lifespan. Recommended settings: cookie_refresh := Access-Token lifespan - 1m cookie_expire := Refresh-Token lifespan (i.e. Keycloak's client_session_idle) Usage​ When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number]. You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately. Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately. Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive. Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14","s":"Redis Storage","u":"/oauth2-proxy/docs/next/configuration/session_storage","h":"#redis-storage","p":108},{"i":115,"t":"oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).","s":"Overview","u":"/oauth2-proxy/docs/next/configuration/overview","h":"","p":114},{"i":117,"t":"To generate a strong cookie secret use one of the below commands: Python Bash OpenSSL PowerShell Terraform python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\\n' | tr -- '+/' '-_'; echo openssl rand -base64 32 | tr -- '+/' '-_' # Add System.Web assembly to session, just in caseAdd-Type -AssemblyName System.Web[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace(\"+\",\"-\").Replace(\"/\",\"_\") # Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secretresource \"random_password\" \"cookie_secret\" { length = 32 override_special = \"-_\"}","s":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#generating-a-cookie-secret","p":114},{"i":119,"t":"Every command line argument can be specified in a config file by replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the config option should be plural (trailing s). An example oauth2-proxy.cfg config file is in the contrib directory. It can be used by specifying --config=/etc/oauth2-proxy.cfg","s":"Config File","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#config-file","p":114},{"i":121,"t":"Option Type Description Default --acr-values string optional, see docs \"\" --api-route string | list return HTTP 401 instead of redirecting to authentication server if token is not valid. Format: path_regex --approval-prompt string OAuth approval_prompt \"force\" --auth-logging bool Log authentication attempts true --auth-logging-format string Template for authentication log lines see Logging Configuration --authenticated-emails-file string authenticate against emails via file (one per line) --azure-tenant string go to a tenant-specific or common (tenant-independent) endpoint. \"common\" --basic-auth-password string the password to set when passing the HTTP Basic Auth header --client-id string the OAuth Client ID, e.g. \"123456.apps.googleusercontent.com\" --client-secret string the OAuth Client Secret --client-secret-file string the file with OAuth Client Secret --code-challenge-method string use PKCE code challenges with the specified method. Either 'plain' or 'S256' (recommended) --config string path to config file --cookie-domain string | list Optional cookie domains to force cookies to (e.g. .yourcompany.com). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). --cookie-expire duration expire timeframe for cookie. If set to 0, cookie becomes a session-cookie which will expire when the browser is closed. 168h0m0s --cookie-httponly bool set HttpOnly cookie flag true --cookie-name string the name of the cookie that the oauth_proxy creates. Should be changed to use a cookie prefix (__Host- or __Secure-) if --cookie-secure is set. \"_oauth2_proxy\" --cookie-path string an optional cookie path to force cookies to (e.g. /poc/) \"/\" --cookie-refresh duration refresh the cookie after this duration; 0 to disable; not supported by all providers [1] --cookie-secret string the seed string for secure cookies (optionally base64 encoded) --cookie-secure bool set secure (HTTPS only) cookie flag true --cookie-samesite string set SameSite cookie attribute (\"lax\", \"strict\", \"none\", or \"\"). \"\" --cookie-csrf-per-request bool Enable having different CSRF cookies per request, making it possible to have parallel requests. false --cookie-csrf-expire duration expire timeframe for CSRF cookie 15m --custom-templates-dir string path to custom html templates --custom-sign-in-logo string path or a URL to an custom image for the sign_in page logo. Use \"-\" to disable default logo. --display-htpasswd-form bool display username / password login form if an htpasswd file is provided true --email-domain string | list authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email --errors-to-info-log bool redirects error-level logging to default log channel instead of stderr false --extra-jwt-issuers string if --skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience (see a token's iss, aud fields) pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json) --exclude-logging-path string comma separated list of paths to exclude from logging, e.g. \"/ping,/path2\" \"\" (no paths excluded) --flush-interval duration period between flushing response buffers when streaming responses \"1s\" --force-https bool enforce https redirect false --force-json-errors bool force JSON errors instead of HTTP error pages or redirects false --banner string custom (html) banner string. Use \"-\" to disable default banner. --footer string custom (html) footer string. Use \"-\" to disable default footer. --github-org string restrict logins to members of this organisation --github-team string restrict logins to members of any of these teams (slug), separated by a comma --github-repo string restrict logins to collaborators of this repository formatted as orgname/repo --github-token string the token to use when verifying repository collaborators (must have push access to the repository) --github-user string | list To allow users to login by username even if they do not belong to the specified org and team or collaborators --gitlab-group string | list restrict logins to members of any of these groups (slug), separated by a comma --gitlab-projects string | list restrict logins to members of any of these projects (may be given multiple times) formatted as orgname/repo=accesslevel. Access level should be a value matching Gitlab access levels, defaulted to 20 if absent --google-admin-email string the google admin to impersonate for api calls --google-group string restrict logins to members of this google group (may be given multiple times). --google-service-account-json string the path to the service account json credentials --google-use-application-default-credentials bool use application default credentials instead of service account json (i.e. GKE Workload Identity) --htpasswd-file string additionally authenticate against a htpasswd file. Entries must be created with htpasswd -B for bcrypt encryption --htpasswd-user-group string | list the groups to be set on sessions for htpasswd users --http-address string [http://]: or unix:// to listen on for HTTP clients. Square brackets are required for ipv6 address, e.g. http://[::1]:4180 \"127.0.0.1:4180\" --https-address string [https://]: to listen on for HTTPS clients. Square brackets are required for ipv6 address, e.g. https://[::1]:443 \":443\" --logging-compress bool Should rotated log files be compressed using gzip false --logging-filename string File to log requests to, empty for stdout \"\" (stdout) --logging-local-time bool Use local time in log files and backup filenames instead of UTC true (local time) --logging-max-age int Maximum number of days to retain old log files 7 --logging-max-backups int Maximum number of old log files to retain; 0 to disable 0 --logging-max-size int Maximum size in megabytes of the log file before rotation 100 --jwt-key string private key in PEM format used to sign JWT, so that you can say something like --jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\": required by login.gov --jwt-key-file string path to the private key file in PEM format used to sign the JWT so that you can say something like --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov --login-url string Authentication endpoint --insecure-oidc-allow-unverified-email bool don't fail if an email address in an id_token is not verified false --insecure-oidc-skip-issuer-verification bool allow the OIDC issuer URL to differ from the expected (currently required for Azure multi-tenant compatibility) false --insecure-oidc-skip-nonce bool skip verifying the OIDC ID Token's nonce claim true --oidc-issuer-url string the OpenID Connect issuer URL, e.g. \"https://accounts.google.com\" --oidc-jwks-url string OIDC JWKS URI for token verification; required if OIDC discovery is disabled --oidc-email-claim string which OIDC claim contains the user's email \"email\" --oidc-groups-claim string which OIDC claim contains the user groups \"groups\" --oidc-audience-claim string which OIDC claim contains the audience \"aud\" --oidc-extra-audience string | list additional audiences which are allowed to pass verification \"[]\" --pass-access-token bool pass OAuth access_token to upstream via X-Forwarded-Access-Token header. When used with --set-xauthrequest this adds the X-Auth-Request-Access-Token header to the response false --pass-authorization-header bool pass OIDC IDToken to upstream via Authorization Bearer header false --pass-basic-auth bool pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --prefer-email-to-user bool Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, e.g. htaccess authentication. Used in conjunction with --pass-basic-auth and --pass-user-headers false --pass-host-header bool pass the request Host Header to upstream true --pass-user-headers bool pass X-Forwarded-User, X-Forwarded-Groups, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --profile-url string Profile access endpoint --prompt string OIDC prompt; if present, approval-prompt is ignored \"\" --provider string OAuth provider google --provider-ca-file string | list Paths to CA certificates that should be used when connecting to the provider. If not specified, the default Go trust sources are used instead. --provider-display-name string Override the provider's name with the given string; used for the sign-in page (depends on provider) --ping-path string the ping endpoint that can be used for basic health checks \"/ping\" --ping-user-agent string a User-Agent that can be used for basic health checks \"\" (don't check user agent) --ready-path string the ready endpoint that can be used for deep health checks \"/ready\" --metrics-address string the address prometheus metrics will be scraped from \"\" --proxy-prefix string the url root path that this proxy should be nested under (e.g. //sign_in) \"/oauth2\" --proxy-websockets bool enables WebSocket proxying true --pubjwk-url string JWK pubkey access endpoint: required by login.gov --real-client-ip-header string Header used to determine the real IP of the client, requires --reverse-proxy to be set (one of: X-Forwarded-For, X-Real-IP, or X-ProxyUser-IP) X-Real-IP --redeem-url string Token redemption endpoint --redirect-url string the OAuth Redirect URL, e.g. \"https://internalapp.yourcompany.com/oauth2/callback\" --redis-cluster-connection-urls string | list List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster --redis-connection-url string URL of redis server for redis session storage (e.g. redis://HOST[:PORT]) --redis-insecure-skip-tls-verify bool skip TLS verification when connecting to Redis false --redis-password string Redis password. Applicable for all Redis configurations. Will override any password set in --redis-connection-url --redis-sentinel-password string Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use --redis-password --redis-sentinel-master-name string Redis sentinel master name. Used in conjunction with --redis-use-sentinel --redis-sentinel-connection-urls string | list List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel --redis-use-cluster bool Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature false --redis-use-sentinel bool Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature false --redis-connection-idle-timeout int Redis connection idle timeout seconds. If Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. Exmpale: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14 0 --request-id-header string Request header to use as the request ID in logging X-Request-Id --request-logging bool Log requests true --request-logging-format string Template for request log lines see Logging Configuration --resource string The resource that is protected (Azure AD only) --reverse-proxy bool are we running behind a reverse proxy, controls whether headers like X-Real-IP are accepted and allows X-Forwarded-{Proto,Host,Uri} headers to be used on redirect selection false --scope string OAuth scope specification --session-cookie-minimal bool strip OAuth tokens from cookie session stores if they aren't needed (cookie session store only) false --session-store-type string Session data storage backend; redis or cookie cookie --set-xauthrequest bool set X-Auth-Request-User, X-Auth-Request-Groups, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode). When used with --pass-access-token, X-Auth-Request-Access-Token is added to response headers. false --set-authorization-header bool set Authorization Bearer response header (useful in Nginx auth_request mode) false --set-basic-auth bool set HTTP Basic Auth information in response (useful in Nginx auth_request mode) false --show-debug-on-error bool show detailed error information on error pages (WARNING: this may contain sensitive information - do not use in production) false --signature-key string GAP-Signature request signature key (algorithm:secretkey) --silence-ping-logging bool disable logging of requests to ping & ready endpoints false --skip-auth-preflight bool will skip authentication for OPTIONS requests false --skip-auth-regex string | list (DEPRECATED for --skip-auth-route) bypass authentication for requests paths that match (may be given multiple times) --skip-auth-route string | list bypass authentication for requests that match the method & path. Format: method=path_regex OR method!=path_regex. For all methods: path_regex OR !=path_regex --skip-auth-strip-headers bool strips X-Forwarded-* style authentication headers & Authorization header if they would be set by oauth2-proxy true --skip-jwt-bearer-tokens bool will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers) false --skip-oidc-discovery bool bypass OIDC endpoint discovery. --login-url, --redeem-url and --oidc-jwks-url must be configured in this case false --skip-provider-button bool will skip sign-in-page to directly reach the next step: oauth/start false --ssl-insecure-skip-verify bool skip validation of certificates presented when using HTTPS providers false --ssl-upstream-insecure-skip-verify bool skip validation of certificates presented when using HTTPS upstreams false --standard-logging bool Log standard runtime information true --standard-logging-format string Template for standard log lines see Logging Configuration --tls-cert-file string path to certificate file --tls-cipher-suite string | list Restricts TLS cipher suites used by server to those listed (e.g. TLS_RSA_WITH_RC4_128_SHA) (may be given multiple times). If not specified, the default Go safe cipher list is used. List of valid cipher suites can be found in the crypto/tls documentation. --tls-key-file string path to private key file --tls-min-version string minimum TLS version that is acceptable, either \"TLS1.2\" or \"TLS1.3\" \"TLS1.2\" --upstream string | list the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path --upstream-timeout duration maximum amount of time the server will wait for a response from the upstream 30s --allowed-group string | list restrict logins to members of this group (may be given multiple times) --allowed-role string | list restrict logins to users with this role (may be given multiple times). Only works with the keycloak-oidc provider. --validate-url string Access token validation endpoint --version n/a print version string --whitelist-domain string | list allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains (e.g. .example.com, *.example.com) [2] --trusted-ip string | list list of IPs or CIDR ranges to allow to bypass authentication (may be given multiple times). When combined with --reverse-proxy and optionally --real-client-ip-header this will evaluate the trust of the IP stored in an HTTP header by a reverse proxy rather than the layer-3/4 remote address. WARNING: trusting IPs has inherent security flaws, especially when obtaining the IP address from an HTTP header (reverse-proxy mode). Use this option only if you understand the risks and how to manage them. [1]: Only these providers support --cookie-refresh: GitLab, Google and OIDC [2]: When using the whitelist-domain option, any domain prefixed with a . or a *. will allow any subdomain of the specified domain as a valid redirect URL. By default, only empty ports are allowed. This translates to allowing the default port of the URL's protocol (80 for HTTP, 443 for HTTPS, etc.) since browsers omit them. To allow only a specific port, add it to the whitelisted domain: example.com:8080. To allow any port, use *: example.com:*. See below for provider specific options","s":"Command Line Options","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#command-line-options","p":114},{"i":123,"t":"oauth2-proxy supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as http://127.0.0.1:8080/ for the upstream parameter. This will forward all authenticated requests to the upstream server. If you instead provide http://127.0.0.1:8080/some/path/ then it will only be requests that start with /some/path/ which are forwarded to the upstream. Static file paths are configured as a file:// URL. file:///var/www/static/ will serve the files from that directory at http://[oauth2-proxy url]/var/www/static/, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at, e.g. file:///var/www/static/#/static/ will make /var/www/static/ available at http://[oauth2-proxy url]/static/. Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file. When multiple upstreams are used routing to them will be based on the path they are set up with.","s":"Upstreams Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#upstreams-configuration","p":114},{"i":125,"t":"Every command line argument can be specified as an environment variable by prefixing it with OAUTH2_PROXY_, capitalising it, and replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the environment variable should be plural (trailing S). This is particularly useful for storing secrets outside of a configuration file or the command line. For example, the --cookie-secret flag becomes OAUTH2_PROXY_COOKIE_SECRET, and the --email-domain flag becomes OAUTH2_PROXY_EMAIL_DOMAINS.","s":"Environment variables","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#environment-variables","p":114},{"i":127,"t":"By default, OAuth2 Proxy logs all output to stdout. Logging can be configured to output to a rotating log file using the --logging-filename command. If logging to a file you can also configure the maximum file size (--logging-max-size), age (--logging-max-age), max backup logs (--logging-max-backups), and if backup logs should be compressed (--logging-compress). There are three different types of logging: standard, authentication, and HTTP requests. These can each be enabled or disabled with --standard-logging, --auth-logging, and --request-logging. Each type of logging has its own configurable format and variables. By default these formats are similar to the Apache Combined Log. Logging of requests to the /ping endpoint (or using --ping-user-agent) and the /ready endpoint can be disabled with --silence-ping-logging reducing log volume.","s":"Logging Configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#logging-configuration","p":114},{"i":129,"t":"Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] [] The status block will contain one of the below strings: AuthSuccess If a user has authenticated successfully by any method AuthFailure If the user failed to authenticate explicitly AuthError If there was an unexpected error during authentication If you require a different format than that, you can configure it with the --auth-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}} Available variables for auth logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Message Authenticated via OAuth2 The details of the auth attempt. Protocol HTTP/1.0 The request protocol. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request. Status AuthSuccess The status of the auth request. See above for details.","s":"Auth Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#auth-log-format","p":114},{"i":131,"t":"HTTP request logs will output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] GET \"/path/\" HTTP/1.1 \"\" If you require a different format than that, you can configure it with the --request-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}} Available variables for request logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestDuration 0.001 The time in seconds that a request took to process. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. RequestURI \"/oauth2/auth\" The URI path of the request. ResponseSize 12 The size in bytes of the response. StatusCode 200 The HTTP status code of the response. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. Upstream - The upstream data of the HTTP request. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request.","s":"Request Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#request-log-format","p":114},{"i":133,"t":"All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below: [19/Mar/2015:17:20:19 -0400] [main.go:40] If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows: [{{.Timestamp}}] [{{.File}}] {{.Message}} Available variables for standard logging: Variable Example Description Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. File main.go:40 The file and line number of the logging statement. Message HTTP: listening on 127.0.0.1:4180 The details of the log statement.","s":"Standard Log Format","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#standard-log-format","p":114},{"i":135,"t":"The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: server { listen 443 ssl; server_name ...; include ssl/ssl.conf; location /oauth2/ { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; # or, if you are handling multiple domains: # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # nginx auth_request includes headers but not body proxy_set_header Content-Length \"\"; proxy_pass_request_body off; } location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; # pass information via X-User and X-Email headers to backend, # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; # if you enabled --pass-access-token, this will pass the token to the backend auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb # limit and so the OAuth2 Proxy splits these into multiple parts. # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; # Extract the Cookie attributes from the first Set-Cookie header and append them # to the second part ($upstream_cookie_* variables only contain the raw cookie content) if ($auth_cookie ~* \"(; .*)\") { set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_1 \"auth_cookie_name_1=$auth_cookie_name_upstream_1$1\"; } # Send both Set-Cookie headers now if there was a second part if ($auth_cookie_name_upstream_1) { add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_1; } proxy_pass http://backend/; # or \"root /path/to/site;\" or \"fastcgi_pass ...\" etc }} When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module. nginx.ingress.kubernetes.io/auth-response-headers: Authorizationnginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uringinx.ingress.kubernetes.io/auth-url: https://$host/oauth2/authnginx.ingress.kubernetes.io/configuration-snippet: | auth_request_set $name_upstream_1 $upstream_cookie_name_1; access_by_lua_block { if ngx.var.name_upstream_1 ~= \"\" then ngx.header[\"Set-Cookie\"] = \"name_1=\" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match(\"(; .*)\") end } It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure). You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be \"$upstream_cookie__oauth2_proxy_1\" instead of \"$upstream_cookie_name_1\" and the new cookie-name should be \"_oauth2_proxy_1=\" instead of \"name_1=\".","s":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":114},{"i":137,"t":"This option requires --reverse-proxy option to be set.","s":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":114},{"i":139,"t":"The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration: http: routers: a-service: rule: \"Host(`a-service.example.com`)\" service: a-service-backend middlewares: - oauth-errors - oauth-auth tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth: rule: \"Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true oauth-errors: errors: status: - \"401-403\" service: oauth-backend query: \"/oauth2/sign_in\"","s":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":114},{"i":141,"t":"Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint Following options need to be set on oauth2-proxy: --upstream=static://202: Configures a static response for authenticated sessions --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly http: routers: a-service-route-1: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)\" service: a-service-backend middlewares: - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" a-service-route-2: rule: \"Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)\" service: a-service-backend middlewares: - oauth-auth-wo-redirect # unauthenticated session will return a 401 tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services-oauth2-route: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth2-proxy-route: rule: \"Host(`oauth.example.com`) && PathPrefix(`/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 b-service-backend: loadBalancer: servers: - url: http://172.16.0.3:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth-redirect: forwardAuth: address: https://oauth.example.com/ trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization oauth-auth-wo-redirect: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization note If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.","s":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/next/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":114},{"i":143,"t":"There are two recommended configurations: At OAuth2 Proxy At Reverse Proxy","s":"TLS Configuration","u":"/oauth2-proxy/docs/next/configuration/tls","h":"","p":142},{"i":145,"t":"Configure SSL Termination with OAuth2 Proxy by providing a --tls-cert-file=/path/to/cert.pem and --tls-key-file=/path/to/cert.key. The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --tls-cert-file=/path/to/cert.pem \\ --tls-key-file=/path/to/cert.key \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --client-id=... \\ --client-secret=... With this configuration approach the customization of the TLS settings is limited. The minimal acceptable TLS version can be set with --tls-min-version=TLS1.3. The defaults set TLS1.2 as the minimal version. Regardless of the minimum version configured, TLS1.3 is currently always used as the maximal version. TLS server side cipher suites can be specified with --tls-cipher-suite=TLS_RSA_WITH_RC4_128_SHA. If not specified, the defaults from crypto/tls of the currently used go version for building oauth2-proxy will be used. A complete list of valid TLS cipher suite names can be found in crypto/tls.","s":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":142},{"i":147,"t":"Configure SSL Termination with Nginx (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or ... Because oauth2-proxy listens on 127.0.0.1:4180 by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use --http-address=\"0.0.0.0:4180\" or --http-address=\"http://:4180\". Nginx will listen on port 443 and handle SSL connections while proxying to oauth2-proxy on port 4180. oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/. An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS: server { listen 443 default ssl; server_name internal.yourcompany.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/cert.key; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_connect_timeout 1; proxy_send_timeout 30; proxy_read_timeout 30; }} The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --reverse-proxy=true \\ --client-id=... \\ --client-secret=...","s":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/next/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":142},{"i":149,"t":"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable. /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info /ping - returns a 200 OK response, which is intended for use with health checks /ready - returns a 200 OK response if all the underlying connections (e.g., Redis store) are connected /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) /oauth2/sign_out - this URL is used to clear the session cookie /oauth2/start - a URL that will redirect to start the OAuth cycle /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. /oauth2/userinfo - the URL is used to return user's email from the session in JSON format. /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive /oauth2/static/* - stylesheets and other dependencies used in the sign_in and error pages","s":"Endpoints","u":"/oauth2-proxy/docs/next/features/endpoints","h":"","p":148},{"i":151,"t":"To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!): /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page Alternatively, include the redirect URL in the X-Auth-Request-Redirect header: GET /oauth2/sign_out HTTP/1.1X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page... (The \"sign_out_page\" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g \"localhost:8081\" instead of \"http://localhost:8081\").","s":"Sign out","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#sign-out","p":148},{"i":153,"t":"This endpoint returns 202 Accepted response or a 401 Unauthorized response. It can be configured using the following query parameters query parameters: allowed_groups: comma separated list of allowed groups allowed_email_domains: comma separated list of allowed email domains allowed_emails: comma separated list of allowed emails","s":"Auth","u":"/oauth2-proxy/docs/next/features/endpoints","h":"#auth","p":148}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/2",[0,2.463,1,1.486,2,2.528,3,1.122,4,2.407,5,3.632,6,1.723,7,4.141,8,2.814,9,3.188,10,2.403,11,2.603,12,1.345,13,1.541,14,1.434,15,3.632,16,2.884,17,2.407,18,4.141,19,2.166,20,1.937,21,4.141,22,1.664,23,4.758,24,2.662,25,1.599,26,1.153,27,4.758,28,4.758,29,2.814,30,2.297,31,2.662,32,4.758,33,2.662,34,2.814,35,3.188,36,3.264,37,1.861,38,3.108,39,1.041,40,2.814,41,0.837,42,2.814,43,1.861,44,1.599,45,2.297,46,3.188,47,1.937,48,2.986,49,3.431,50,3.188,51,0.353,52,1.659]],["t/4",[12,1.541,13,1.918,39,1.316,41,0.791,42,2.659,43,1.759,49,3.243,51,0.439,53,3.914,54,4.415,55,1.988,56,2.823,57,4.714,58,3.968,59,4.497,60,3.914,61,1.907,62,4.497,63,3.501,64,3.501,65,2.171,66,1.399,67,3.53,68,2.823,69,4.497,70,4.497,71,3.013,72,3.914,73,3.914,74,4.269,75,3.914,76,3.013,77,2.065,78,2.926,79,2.389,80,3.243,81,2.076,82,5.761,83,3.013,84,3.53,85,3.013,86,4.497,87,2.516,88,1.784,89,1.83,90,3.517,91,3.716,92,2.823,93,3.53,94,1.759,95,3.53,96,2.823,97,1.355,98,3.914,99,3.914,100,4.497]],["t/6",[17,2.861,26,0.958,39,0.958,51,0.546,57,4.931,66,1.446,67,4.438,68,3.549,77,1.972,78,2.5,83,3.789,87,3.164,88,2.062,89,2.785,90,3.636,91,3.549,94,2.677,101,3.549,102,2.301,103,1.766,104,4.077,105,2.5,106,3.549,107,2.73]],["t/8",[3,1.343,39,1.186,45,2.439,51,0.473,57,4.925,66,1.553,68,4.006,76,3.385,77,2.7,78,2.821,83,3.385,85,4.276,88,1.522,89,2.056,94,3.075,103,1.578,108,3.081,109,1.498,110,5.769,111,6.382,112,2.684,113,4.396,114,3.964,115,3.964,116,5.051]],["t/10",[1,2.172,3,0.98,5,3.173,6,1.943,13,1.259,14,1.617,15,3.173,22,1.453,26,1.123,29,2.298,39,0.659,41,1.166,43,1.52,46,2.604,51,0.398,57,4.118,66,1.401,68,2.439,76,2.604,89,1.582,94,2.404,97,1.171,104,2.802,105,1.718,108,1.876,109,0.792,117,1.13,118,3.886,119,3.886,120,2.065,121,1.648,122,3.05,123,3.886,124,1.966,125,3.886,126,3.886,127,2.439,128,3.05,129,3.886,130,3.886,131,4.431,132,3.886,133,1.407,134,3.886,135,3.886,136,2.372,137,3.886,138,3.886,139,3.886,140,3.886,141,3.382,142,1.259,143,3.886,144,3.886,145,3.05,146,3.886,147,1.852,148,3.886,149,3.886,150,1.053,151,3.886,152,2.604,153,3.886,154,3.05,155,3.886,156,1.171,157,3.886,158,2.175,159,3.886,160,2.439,161,3.886,162,2.604,163,1.306,164,3.886,165,1.876,166,3.382,167,3.05,168,3.886,169,3.382,170,3.886,171,3.886,172,3.886,173,3.886,174,3.886,175,1.966,176,3.886,177,3.05,178,3.886,179,2.175,180,3.886,181,1.876,182,1.718,183,2.175,184,2.604,185,2.298,186,2.439,187,2.175,188,2.175,189,3.05,190,2.477,191,3.886,192,2.298]],["t/13",[5,3.645,26,1.045,45,2.976,156,1.858,165,2.976,193,1.858,194,1.669,195,1.449,196,1.556,197,6.164,198,3.645,199,3.118,200,6.164,201,1.997,202,4.131]],["t/15",[0,1.816,3,1.226,14,1.064,19,1.758,22,1.358,26,1.077,39,1.282,41,0.883,43,2.282,44,2.597,47,2.586,49,2.545,51,0.561,53,3.072,55,1.56,57,3.91,58,2.365,63,2.087,65,1.704,66,1.233,71,2.365,82,5.078,87,1.975,92,2.215,98,4.365,99,4.365,102,1.437,105,1.56,109,0.72,133,1.278,150,1.358,175,2.538,194,0.956,195,0.83,196,0.891,201,2.058,203,3.072,204,3.072,205,3.53,206,3.072,207,2.545,208,2.365,209,4.58,210,3.53,211,3.53,212,2.77,213,2.087,214,1.496,215,5.016,216,3.53,217,3.148,218,3.361,219,5.016,220,3.148,221,1.704,222,3.53,223,3.072,224,3.072,225,3.53,226,2.77,227,2.77,228,2.215,229,1.975,230,3.53,231,3.53,232,3.617,233,3.53,234,3.361,235,2.538,236,3.617,237,2.933,238,5.016,239,4.365,240,4.365,241,4.365,242,5.016,243,2.665,244,2.665,245,2.966,246,5.016,247,3.53,248,1.704]],["t/17",[26,0.967,39,0.967,51,0.423,97,1.72,179,3.193,193,1.72,194,1.864,195,1.342,196,1.44,201,2.229,214,2.419,249,5.531,250,2.001,251,4.115,252,5.401,253,4.966,254,5.707,255,6.881,256,2.801,257,4.115,258,4.115,259,5.707]],["t/19",[22,1.613,26,1.009,41,1.242,133,2.156,156,2.127,193,1.795,194,1.613,195,1.4,196,1.503,250,2.052,260,4.449,261,3.259,262,2.749,263,5.041]],["t/21",[6,2.372,10,2.563,13,1.706,14,1.587,47,2.144,51,0.391,65,2.543,66,1.113,110,4.134,131,4.724,193,1.587,194,1.427,195,1.239,196,1.329,201,2.486,250,1.905,264,3.798,265,4.584,266,3.798,267,4.378,268,4.584,269,4.476,270,4.584,271,4.584,272,3.798,273,3.529,274,5.702,275,3.798,276,4.584,277,3.798,278,2.947,279,4.584,280,4.134]],["t/23",[12,1.227,43,2.191,50,3.754,66,1.184,163,1.883,193,1.688,228,3.517,250,2.131,281,4.397,282,4.907,283,4.876,284,4.397,285,3.286,286,3.517,287,3.135,288,5.603,289,5.603,290,3.517,291,5.603,292,6.805,293,5.603,294,5.603,295,5.603,296,5.603,297,5.603,298,5.341,299,4.876,300,5.603,301,5.603]],["t/25",[14,1.567,16,3.006,22,1.92,26,0.881,41,1.248,51,0.386,133,1.883,156,2.137,193,1.567,194,1.408,195,1.223,196,1.312,250,2.223,260,4.392,261,3.273,262,3,263,4.751,278,2.91,302,5.565,303,4.081,304,4.686,305,4.686,306,3.264,307,5.2,308,4.081,309,5.2,310,4.081,311,2.034]],["t/27",[26,1.019,41,1.058,156,2.139,193,1.812,194,1.629,195,1.414,196,1.518,250,2.064,256,3.075,261,3.277,262,3.277,312,4.227]],["t/29",[26,0.924,41,0.96,51,0.404,102,2.22,156,1.643,187,3.746,193,1.643,194,1.477,195,1.282,196,1.376,198,3.225,250,2.106,256,2.948,261,2.518,262,2.518,313,6.694,314,3.225,315,4.28,316,3.225,317,4.28,318,7.243,319,3.225,320,3.052,321,3.655,322,4.202,323,6.694,324,5.454,325,3.225,326,2.22,327,1.376,328,3.225]],["t/31",[0,2.562,4,2.62,13,2.292,41,0.911,43,2.025,45,2.5,47,3.253,51,0.384,55,2.289,65,2.5,66,1.094,92,3.25,145,4.064,193,1.56,194,1.402,195,1.218,196,1.307,198,3.062,201,2.402,202,3.47,214,2.195,221,2.5,250,1.506,264,3.734,325,3.062,329,3.25,330,4.064,331,5.178,332,3.47,333,6.482,334,3.47,335,5.178,336,5.178,337,5.178,338,5.178,339,5.178,340,5.178,341,5.178]],["t/33",[6,2.219,10,1.854,13,1.985,47,2.764,51,0.351,55,2.095,61,2.009,66,1.002,88,1.428,102,1.929,110,3.72,120,2.518,121,2.009,131,4.418,150,1.284,193,1.428,194,1.284,195,1.114,196,1.196,201,2.592,217,2.975,250,2.161,264,3.417,267,4.159,268,4.125,269,4.262,270,4.125,271,4.125,272,3.417,273,3.176,274,5.333,275,3.417,276,4.125,277,3.417,278,2.652,279,4.125,280,3.72,329,2.975,342,3.417,343,2.803,344,3.417,345,4.55,346,3.417,347,2.975,348,5.333,349,5.333]],["t/35",[22,1.575,26,1.179,51,0.431,105,2.571,156,2.097,182,2.571,188,3.254,193,1.752,194,1.575,195,1.367,196,1.467,250,2.023,256,3.031,261,3.213,262,2.684,350,3.697,351,5.06,352,5.845]],["t/37",[15,4.035,26,0.954,51,0.506,52,1.963,78,3.017,88,1.696,102,2.291,133,2.038,175,3.452,193,1.696,194,1.524,195,1.323,196,1.42,250,2.135,287,3.818,353,6.824,354,4.283,355,5.356,356,6.824,357,6.824,358,4.058,359,4.898]],["t/39",[1,2.289,2,2.662,14,2.1,26,1.076,39,0.849,41,0.882,51,0.371,52,1.747,66,1.342,108,2.419,156,1.51,190,2.313,193,1.51,199,3.825,201,2.374,214,2.124,250,1.457,311,2.726,327,1.908,342,3.612,360,3.932,361,3.985,362,4.578,363,5.47,364,1.846,365,3.932,366,4.36,367,5.01,368,3.612,369,4.36,370,5.01,371,3.932,372,5.01,373,3.612,374,3.357,375,1.959]],["t/41",[1,1.644,4,2.662,12,1.508,13,2.369,14,2.075,20,2.142,30,3.161,41,1.066,51,0.28,66,1.112,78,1.671,83,2.532,103,1.18,106,2.372,142,1.224,156,1.139,190,1.744,194,1.023,195,1.237,196,0.954,199,3.313,201,2.485,206,3.289,250,1.904,261,1.744,287,2.115,311,2.368,327,1.799,342,2.725,361,3.303,362,2.725,363,4.13,366,5.27,368,3.795,375,1.478,376,3.779,377,3.779,378,3.779,379,4.13,380,5.263,381,3.779,382,3.779,383,3.795,384,4.58,385,3.779,386,1.744,387,3.779,388,2.058,389,3.779,390,4.13,391,5.263,392,2.532,393,4.366,394,3.779,395,3.289,396,6.055,397,3.779,398,5.263,399,2.115,400,3.779,401,3.779,402,3.779,403,2.966,404,3.779,405,3.779,406,2.966,407,3.779,408,4.13,409,2.966,410,2.966,411,2.966,412,3.779,413,3.779,414,3.289,415,3.779,416,3.779,417,3.779]],["t/43",[1,1.132,4,1.833,5,3.5,12,0.794,14,1.54,16,2.509,22,1.603,26,0.614,37,1.999,41,1.272,51,0.379,55,2.617,63,2.142,97,1.937,142,1.917,147,1.54,158,2.027,182,2.259,193,1.092,194,0.981,195,0.852,196,0.914,198,3.801,202,4.542,208,2.428,213,2.142,214,1.536,243,1.925,250,2.102,256,1.475,267,3.936,306,3.207,327,1.289,351,5.151,358,2.612,373,2.612,374,2.428,386,1.673,418,5.11,419,3.022,420,2.585,421,3.5,422,5.11,423,3.153,424,5.11,425,3.153,426,3.623,427,3.153,428,3.623,429,5.11,430,4.646,431,3.684,432,3.623,433,5.11,434,3.153,435,5.151,436,3.623,437,2.612,438,4.447,439,2.844,440,3.623,441,3.153,442,3.623,443,3.623,444,2.844,445,3.623,446,5.11,447,2.844,448,2.612,449,3.623,450,5.11,451,3.623,452,5.11,453,3.623,454,5.11,455,3.623,456,5.11,457,3.623,458,5.11,459,2.027,460,3.623,461,2.844,462,5.11,463,3.022,464,2.612,465,3.623]],["t/45",[1,0.948,13,1.734,16,1.905,19,0.914,20,2.179,22,0.822,26,1.331,37,2.471,39,1.256,41,1.042,45,1.465,51,0.397,52,2.064,54,1.904,79,1.612,97,1.613,102,1.235,108,1.465,112,1.612,133,1.627,147,1.613,150,1.217,152,2.033,154,2.381,156,1.613,160,1.904,162,3.011,163,1.019,165,2.584,179,1.697,182,1.987,183,2.515,184,2.033,186,1.904,187,2.515,188,1.697,193,0.914,194,0.822,195,1.057,196,0.766,199,1.535,201,1.734,213,3.165,214,1.905,217,1.904,245,1.794,250,2.224,256,1.235,261,1.4,262,1.4,311,1.187,327,1.134,328,1.794,332,2.033,342,2.187,360,4.201,363,2.381,364,1.307,420,1.535,466,7.308,467,4.494,468,4.494,469,5.353,470,4.494,471,3.034,472,4.494,473,3.034,474,4.494,475,3.034,476,4.494,477,3.034,478,3.24,479,4.494,480,3.034,481,4.494,482,3.034,483,3.034,484,4.494,485,3.034,486,4.494,487,3.034,488,4.494,489,3.034,490,3.034,491,3.034,492,4.494,493,3.034,494,3.034,495,2.64,496,3.034,497,2.64,498,3.034,499,3.034,500,3.034,501,2.64,502,4.494,503,3.034,504,2.64,505,4.494,506,4.494,507,2.64,508,4.494,509,3.034,510,2.033,511,4.494,512,4.494,513,3.034,514,1.904,515,2.381,516,2.187]],["t/47",[26,1.176,51,0.429,66,1.466,163,1.945,182,3.068,183,3.238,184,3.878,185,3.422,186,3.632,187,3.238,188,3.883,193,1.744,195,1.361,250,1.683,281,4.542,399,3.238,478,4.173,497,5.037,517,5.787,518,5.037,519,5.037,520,4.542,521,4.173,522,4.542]],["t/49",[26,1.313,92,4.01,193,1.925,281,5.014,523,5.56,524,5.56]],["t/51",[13,1.759,30,2.621,55,2.4,65,2.621,88,1.636,91,3.408,102,2.21,120,2.885,121,2.302,150,1.808,193,1.636,194,1.471,195,1.277,196,1.37,201,2.508,213,3.211,217,3.408,244,2.885,250,2.102,264,3.915,265,4.725,275,3.915,285,2.621,330,4.262,344,3.915,345,4.844,346,3.915,347,3.408,348,5.81,349,5.81,525,5.43]],["t/53",[12,1.639,39,1.116,41,1.159,44,2.406,55,2.349,92,3.335,107,2.565,175,2.688,193,1.601,194,1.439,195,1.249,196,1.341,232,3.831,240,5.732,241,5.732,243,2.823,244,3.976,245,3.141,250,1.915,266,3.831,329,3.335,386,3.041,526,4.749,527,6.586,528,6.586,529,4.134,530,5.312,531,5.312,532,5.312]],["t/55",[31,2.683,41,0.844,44,1.611,55,2.12,56,3.01,66,1.013,79,2.548,88,1.86,107,2.315,163,1.611,175,3.647,193,1.445,194,1.299,195,1.128,196,1.21,214,2.617,244,4.182,245,3.651,250,1.795,266,3.457,275,4.451,311,1.875,327,1.21,533,3.763,534,4.845,535,4.038,536,3.651,537,6.173,538,5.373,539,4.845,540,6.173,541,4.795,542,3.763,543,2.214,544,4.795,545,6.173,546,5.359,547,4.845,548,4.795,549,4.173,550,4.795,551,4.173,552,4.795,553,3.01,554,3.763]],["t/57",[1,1.988,4,3.22,8,2.975,12,1.394,52,1.754,108,2.429,156,1.516,163,1.69,179,2.815,193,1.516,194,1.362,195,1.183,196,1.269,199,3.533,201,2.544,236,3.627,250,1.851,325,2.975,329,3.157,334,3.371,360,3.948,361,3.157,362,3.627,364,1.463,383,3.627,384,5.539,390,5.48,393,5.035,414,4.378,448,3.627,555,3.948,556,3.948,557,5.03,558,4.378,559,5.03,560,5.03,561,5.03,562,3.627,563,2.815,564,5.03,565,3.948,566,5.03,567,5.03]],["t/59",[0,2.634,3,1.071,4,3.324,5,1.759,14,1.335,19,0.896,20,1.211,22,0.806,33,1.665,36,1.581,39,0.504,41,0.524,43,2.954,44,2.106,47,1.211,51,0.465,61,1.261,65,1.436,66,0.936,76,2.968,87,1.665,97,1.335,102,3.103,109,0.606,122,2.335,124,1.505,128,2.335,181,1.436,193,0.896,194,0.806,195,0.7,196,0.751,198,3.466,201,0.964,202,1.993,207,2.145,209,2.335,212,2.335,220,3.934,221,3.376,232,2.145,237,1.373,244,1.581,250,1.704,269,2.78,282,3.815,284,2.335,325,1.759,329,1.867,332,1.993,334,2.968,350,2.353,364,0.865,373,2.145,383,2.145,390,2.335,430,2.335,495,2.589,514,1.867,568,2.975,569,2.975,570,2.975,571,2.478,572,2.589,573,2.975,574,2.975,575,4.429,576,5.291,577,2.975,578,4.429,579,2.975,580,4.429,581,5.291,582,2.335,583,5.862,584,4.429,585,2.975,586,2.975,587,2.975,588,2.975,589,2.975,590,2.975,591,2.975,592,2.975,593,2.975,594,2.045,595,2.975,596,2.975,597,2.975,598,2.975,599,2.975,600,2.975,601,2.975,602,2.975,603,2.975,604,2.975,605,2.975,606,4.429,607,2.975,608,2.589,609,2.975,610,2.975,611,2.975,612,2.975,613,5.291,614,2.975,615,2.589,616,2.975,617,2.975,618,5.291,619,2.335,620,2.589,621,2.975,622,4.429,623,2.589,624,2.975,625,2.975,626,1.993,627,2.78,628,4.429,629,2.975,630,2.619,631,4.429,632,2.589,633,2.975,634,3.476,635,2.335,636,2.589,637,2.335]],["t/61",[0,2.01,1,1.734,3,1.014,4,2.809,12,1.216,14,1.673,25,1.866,39,0.941,43,3.138,44,1.866,92,3.485,102,2.971,193,1.673,194,1.504,195,1.306,196,1.401,198,3.283,209,4.358,329,3.485,364,1.614,374,3.72,523,4.832,524,4.832,638,6.768,639,4.832,640,5.552,641,5.552,642,5.552]],["t/63",[3,1.093,103,1.869,104,4.315,109,1.22,228,3.756,285,2.889,286,3.756,312,4.218,571,3.349,643,5.984,644,4.697,645,3.756,646,4.315,647,5.984,648,5.208,649,4.315,650,5.984,651,5.984,652,5.984]],["t/65",[3,1.154,30,2.399,33,2.781,46,3.33,48,3.119,51,0.368,64,3.735,65,2.399,74,5.268,88,1.497,97,1.497,109,1.288,142,1.61,181,3.049,185,3.735,214,2.107,239,4.325,243,2.64,260,2.938,286,3.119,354,3.119,368,3.583,535,2.938,553,3.964,608,4.325,644,4.957,649,4.554,653,4.969,654,5.497,655,3.583,656,5.45,657,4.325,658,4.969,659,4.969,660,4.969,661,4.969,662,4.969,663,4.325,664,3.9,665,4.969,666,4.969,667,4.969,668,4.969,669,4.969,670,4.969,671,4.969,672,4.969,673,3.9,674,3.9]],["t/67",[48,3.144,51,0.471,77,1.747,81,2.313,97,1.51,163,1.683,181,2.419,185,3.754,208,4.254,223,4.36,243,3.703,248,2.419,305,3.612,354,3.144,368,5.658,383,3.612,644,3.932,649,3.612,654,5.525,656,4.983,657,4.36,675,6.97,676,6.349,677,6.349,678,5.01,679,5.01,680,5.01,681,5.01,682,5.01,683,3.932,684,5.01,685,5.01,686,6.349,687,2.215,688,5.01,689,5.01,690,5.01,691,5.01,692,5.01,693,3.612,694,5.01,695,5.01,696,5.01]],["t/69",[3,1.209,12,1.297,26,1.192,37,1.759,39,1.004,51,0.491,52,1.568,66,0.95,79,2.389,88,1.995,94,1.759,105,1.988,108,2.171,109,0.917,120,2.389,121,1.907,127,3.716,163,1.511,208,3.968,229,2.516,234,3.013,257,3.243,290,2.823,306,2.823,326,1.83,375,1.759,459,2.516,535,2.659,543,2.076,697,4.647,698,3.53,699,6.62,700,6.62,701,3.013,702,4.497,703,3.53,704,3.914,705,4.497,706,5.921,707,4.497,708,4.497,709,4.497,710,5.153,711,3.53,712,3.53,713,4.497,714,5.921,715,4.497,716,4.497,717,4.497,718,4.497,719,4.497,720,3.914,721,3.914,722,3.914,723,4.497,724,3.914,725,4.497,726,4.497,727,4.497,728,4.497,729,4.497,730,4.497,731,3.914,732,3.243,733,2.171,734,2.171,735,3.914]],["t/71",[3,0.93,12,1.115,25,1.711,26,1.335,37,1.992,39,1.087,45,2.459,51,0.378,74,3.672,80,3.672,103,1.591,109,1.038,112,3.408,163,1.711,183,3.589,184,3.413,185,3.793,186,3.197,187,3.589,188,2.85,201,1.65,227,3.997,235,2.576,258,3.672,267,3.589,326,2.073,327,1.285,388,1.992,419,3.793,420,3.245,478,3.672,518,4.432,519,4.432,520,3.997,521,3.672,522,3.997,543,2.351,701,3.413,732,3.672,736,2.159,737,5.093,738,4.432,739,5.093]],["t/73",[1,0.785,2,1.335,3,0.872,6,1.411,8,2.304,10,0.983,11,0.91,12,1.453,13,1.262,16,1.065,17,1.271,19,0.757,22,1.292,25,0.844,26,0.426,37,1.866,41,0.946,51,0.399,58,1.684,60,2.187,61,2.023,65,1.213,66,0.823,77,1.664,85,2.611,88,1.62,89,2.188,96,1.577,97,1.62,102,1.023,103,1.679,109,0.973,117,1.563,133,0.91,136,2.109,142,1.884,147,1.854,150,0.681,162,1.684,163,0.844,165,1.213,179,1.406,187,3.255,214,1.065,227,1.972,234,4.822,248,1.213,256,2.505,261,1.16,262,1.16,285,1.213,312,3.255,314,3.179,315,1.972,316,3.44,317,3.058,319,3.179,320,3.008,321,3.197,322,3.863,326,2.368,327,1.204,343,1.486,350,2.07,379,1.972,386,1.16,388,1.866,399,1.406,438,2.187,444,1.972,459,2.18,501,2.187,543,1.16,558,2.187,571,1.406,594,1.16,626,1.684,655,1.812,683,1.972,687,2.572,697,3.745,698,3.058,740,1.972,741,3.248,742,2.513,743,2.187,744,2.187,745,2.187,746,4.771,747,4.678,748,2.513,749,2.513,750,2.513,751,3.058,752,1.812,753,1.972,754,2.187,755,1.972,756,2.513,757,3.391,758,1.972,759,2.513,760,1.577,761,2.513,762,2.187,763,3.896,764,2.187,765,1.812,766,2.187,767,1.577,768,2.187,769,2.995,770,2.995,771,2.187,772,2.187,773,2.513,774,1.812,775,2.187,776,5.587,777,4.302,778,4.771,779,1.486,780,1.684,781,3.896,782,2.513,783,2.513,784,2.513,785,1.684,786,3.896,787,3.896,788,2.187,789,2.187,790,2.187,791,2.187,792,2.187,793,2.513,794,1.972,795,1.972,796,2.513,797,2.513,798,1.972,799,2.513,800,1.972,801,2.513,802,2.187,803,2.187,804,1.812,805,2.187,806,1.972,807,1.684,808,2.513,809,2.513]],["t/75",[1,0.923,2,1.569,3,0.54,6,2.262,8,1.747,10,1.723,11,1.595,12,0.647,13,1.427,17,2.229,20,1.202,21,2.57,25,0.992,26,0.501,38,1.494,39,0.501,40,1.747,41,0.52,51,0.391,52,2.285,54,3.307,64,1.747,77,1.837,79,2.341,81,3.025,88,0.89,89,1.202,97,1.883,103,1.376,106,1.854,109,0.602,112,1.569,147,1.883,150,1.193,156,0.89,162,2.952,165,1.426,167,2.318,182,1.948,183,3.991,201,0.957,214,1.252,226,2.318,229,2.465,234,1.979,245,1.747,249,3.176,256,1.793,258,3.176,290,1.854,314,3.454,316,1.747,320,1.653,326,1.793,327,1.112,379,4.135,421,2.605,510,1.979,543,2.696,562,2.13,563,1.653,594,1.363,687,1.306,722,3.834,732,2.13,736,2.234,740,4.584,741,2.955,754,3.834,757,2.57,758,2.318,775,2.57,777,1.979,780,3.914,785,1.979,802,3.834,806,5.328,807,1.979,810,2.953,811,3.834,812,2.765,813,4.391,814,2.57,815,2.953,816,2.57,817,2.318,818,1.979,819,3.458,820,2.318,821,2.953,822,2.953,823,3.176,824,2.953,825,2.953,826,2.318,827,2.953,828,2.13,829,2.953,830,1.979,831,2.57,832,2.953,833,2.57,834,2.953,835,2.57,836,2.953,837,4.405,838,2.953,839,2.953,840,2.953,841,4.405,842,3.834,843,3.458,844,3.834,845,4.405,846,2.953,847,2.318,848,2.953,849,2.953,850,4.405,851,2.953,852,2.57,853,1.747,854,2.57,855,2.953,856,2.953,857,2.953,858,2.953,859,2.13,860,2.318,861,2.57,862,2.318,863,2.57,864,2.57,865,2.13,866,1.747,867,2.57]],["t/77",[1,1.534,2,2.609,3,0.897,6,1.778,10,2.452,11,2.269,13,1.59,26,1.062,38,2.484,39,1.062,40,2.903,44,2.106,51,0.364,77,1.712,81,2.267,97,1.889,103,1.534,117,1.428,147,2.192,150,1.33,229,3.507,256,1.998,322,3.082,326,2.961,478,4.519,543,2.267,655,3.54,741,3.171,780,3.29,798,3.853,818,3.29,823,3.54,842,4.273,843,4.919,844,4.273,859,3.54,860,3.853,861,4.273,862,3.853,863,4.273,864,4.273,865,3.54,866,2.903,867,4.273,868,4.273,869,4.91,870,4.273,871,4.91,872,4.91,873,4.91]],["t/79",[25,2.082,37,2.423,41,1.09,77,2.16,156,1.867,163,2.082,594,2.86,687,2.739,767,3.889,779,3.663,813,4.151,874,7.225,875,6.195]],["t/81",[6,1.267,14,1.907,16,2.683,19,1.055,22,1.938,26,0.845,41,0.877,51,0.37,61,1.484,65,1.69,66,1.054,77,1.22,78,1.547,89,2.029,103,1.093,112,1.859,117,1.689,133,2.591,136,1.547,142,1.134,156,2.156,158,1.958,163,1.176,165,1.69,179,1.958,181,2.407,185,4.562,260,4.112,261,3.377,262,2.301,263,4.902,278,2.79,302,4.967,303,2.747,304,2.523,305,5.014,306,2.197,308,2.747,310,3.913,311,2.271,312,1.958,354,2.197,364,1.689,365,2.747,388,1.369,463,2.948,687,2.204,736,1.484,760,2.197,767,2.197,779,2.069,807,2.345,828,3.595,853,2.069,876,3.499,877,2.345,878,2.523,879,2.747,880,3.499,881,2.523,882,5.807,883,2.523,884,3.046,885,3.499,886,2.747,887,3.645,888,3.891,889,2.747,890,4.339,891,3.046,892,3.499,893,3.499,894,3.499,895,3.499,896,5.807,897,3.499,898,3.499,899,3.499]],["t/83",[1,1.578,3,0.923,12,1.398,25,2.144,26,0.856,29,2.987,66,1.067,77,1.761,97,1.923,101,4.006,103,1.578,117,1.469,124,3.718,147,2.215,150,1.728,152,3.385,156,1.522,158,2.826,163,1.697,237,2.332,326,2.056,364,1.469,594,2.332,687,2.233,738,6.737,779,2.987,878,3.642,879,3.964,900,5.051,901,5.051,902,6.382,903,5.051,904,5.051,905,5.051,906,4.396,907,4.396,908,6.996,909,5.051,910,5.051,911,5.051]],["t/85",[6,1.412,13,1.742,14,1.175,16,1.653,25,1.31,26,1.043,41,0.946,42,2.305,43,1.525,44,1.31,47,1.587,51,0.456,52,1.36,61,1.653,66,0.824,77,1.36,87,2.182,89,1.587,103,1.68,117,1.134,133,1.947,136,1.724,147,2,150,1.456,156,1.175,158,2.182,160,2.447,163,1.807,182,1.724,188,4.32,195,1.264,201,1.263,213,2.305,221,1.882,256,3.2,267,2.182,286,2.447,311,1.525,314,3.18,322,2.447,343,2.305,364,1.134,536,2.305,571,2.182,594,1.8,687,2.934,741,1.972,751,3.06,760,2.447,767,2.447,774,2.811,843,3.06,853,2.305,912,4.68,913,3.393,914,3.899,915,5.357,916,2.811,917,3.393,918,3.06,919,3.393,920,3.393,921,6.636,922,5.776,923,6.636,924,3.899,925,3.899,926,5.378,927,3.899,928,3.899,929,3.899,930,2.612,931,2.612,932,3.899,933,3.06,934,3.899,935,2.182,936,3.899,937,3.06,938,3.899]],["t/87",[1,0.409,2,1.602,3,1.013,4,1.525,8,0.774,12,1.641,13,2.109,14,1.863,15,3.279,16,2.76,17,0.662,19,0.685,20,2.071,22,1.553,25,1.013,26,0.222,39,0.814,41,0.787,43,0.512,45,1.097,51,0.411,56,2.261,58,1.523,61,0.555,66,1.332,68,0.821,74,1.639,77,1.675,80,1.639,81,1.883,91,1.427,97,1.932,101,0.821,102,0.532,103,0.942,106,0.821,107,0.632,109,1.131,117,0.876,133,1.842,136,1.977,142,1.167,147,2.347,150,0.816,163,1.21,165,3.143,181,2.768,182,2.357,188,3.741,194,0.616,195,0.959,196,0.574,199,0.662,201,0.424,208,0.877,212,1.784,213,1.782,218,1.523,228,0.821,234,0.877,236,0.943,251,0.943,256,2.919,262,0.604,267,2.688,278,0.732,283,1.138,306,0.821,311,0.889,314,2.411,319,0.774,320,0.732,321,0.877,322,1.427,327,0.761,343,0.774,345,0.877,350,1.208,352,5.882,375,0.889,386,0.604,388,0.512,419,1.344,420,1.15,421,0.774,439,1.784,441,1.138,459,0.732,461,2.827,463,1.344,464,4.134,514,0.821,515,1.027,529,0.821,535,1.344,538,1.138,543,2.56,556,1.027,563,0.732,571,1.272,582,1.027,594,1.049,646,2.173,687,2.878,704,1.138,736,0.964,741,1.15,744,1.978,747,1.138,751,1.784,755,3.201,760,0.821,765,1.639,767,1.427,769,0.821,779,1.344,780,2.413,790,1.978,800,3.771,804,0.943,807,0.877,811,1.978,820,1.027,823,0.943,826,1.027,853,0.774,868,4.181,883,0.943,887,0.821,912,1.978,913,5.264,915,5.666,916,3.464,917,1.138,919,1.138,920,5.484,922,1.138,930,1.523,931,1.523,939,1.308,940,1.308,941,1.308,942,1.308,943,2.273,944,1.308,945,2.273,946,1.308,947,1.308,948,1.138,949,1.027,950,1.308,951,1.308,952,1.308,953,1.308,954,0.877,955,2.02,956,1.308,957,1.138,958,1.308,959,1.308,960,1.308,961,1.308,962,1.308,963,2.273,964,1.027,965,5.088,966,3.892,967,1.308,968,1.027,969,1.308,970,2.827,971,1.308,972,1.308,973,1.639,974,1.138,975,1.138,976,1.308,977,1.308,978,1.027,979,1.978,980,2.623,981,1.308,982,1.027,983,1.308,984,1.138,985,0.943,986,1.308,987,1.308,988,1.308,989,1.308,990,1.308,991,1.308,992,1.308,993,1.138,994,1.308,995,1.027]],["t/89",[6,1.444,11,1.977,12,0.873,17,2.017,25,2.251,26,0.676,37,1.559,41,1.096,51,0.405,61,2.315,63,2.358,66,0.843,72,3.47,81,2.875,94,1.559,117,2.041,124,3.151,142,1.292,147,1.646,150,1.08,156,1.201,160,2.503,165,2.637,182,1.763,186,4.743,256,2.223,261,2.521,262,1.841,286,2.503,312,2.231,316,2.358,325,2.358,326,2.727,350,2.118,364,2.041,388,1.559,419,2.358,421,2.358,459,2.231,535,3.229,645,3.428,736,2.315,741,2.763,760,2.503,812,2.503,831,3.47,853,3.229,886,3.129,887,2.503,888,2.672,916,2.875,964,3.129,973,2.875,978,3.129,979,3.47,996,5.461,997,3.987,998,3.987,999,4.889,1000,3.749,1001,3.987,1002,3.987,1003,3.987,1004,3.987,1005,3.987,1006,3.987,1007,3.987,1008,3.987,1009,3.987,1010,3.987,1011,3.47,1012,5.461,1013,3.987,1014,3.987,1015,3.987,1016,3.987,1017,3.47,1018,3.987]],["t/91",[12,1.474,20,2.24,22,1.49,25,1.849,37,2.633,77,1.919,103,1.719,150,1.823,165,2.657,175,3.679,194,1.49,312,3.079,316,3.254,327,1.389,364,1.6,520,4.319,543,2.54,571,3.079,582,4.319,687,2.433,740,4.319,741,2.784,752,3.968,755,4.319,767,3.454,818,3.687,878,3.968,1019,5.503,1020,5.503,1021,5.503,1022,5.503,1023,4.789,1024,5.858]],["t/93",[44,2.358,45,3.389,51,0.437,81,2.723,103,1.843,117,1.715,136,2.608,179,3.3,183,3.3,249,4.253,252,4.629,258,4.253,326,3.05,327,1.488,555,4.629,571,3.3,741,2.984,1025,7.019,1026,5.898]],["t/95",[1,0.599,3,1.138,11,1.444,12,1.692,13,1.493,14,0.946,16,1.331,17,2.018,20,0.781,22,0.519,24,1.073,25,1.549,26,1.156,37,0.75,39,1.02,41,0.961,43,0.75,44,1.709,51,0.405,52,0.669,55,1.388,56,1.204,61,1.331,64,1.134,65,0.926,66,0.843,67,1.505,77,0.669,79,1.019,81,2.348,87,1.757,88,0.946,90,1.019,94,1.56,96,1.204,97,1.389,101,1.971,103,1.44,105,0.848,106,1.971,107,0.926,108,1.925,109,1.27,117,1.479,120,1.019,133,1.444,136,2.754,142,0.621,147,1.646,150,1.08,152,1.285,156,0.946,165,0.926,182,2.415,194,0.519,195,0.738,196,0.484,217,1.204,220,1.204,228,1.971,235,1.589,243,1.019,248,0.926,256,1.278,267,1.073,290,1.204,312,1.073,316,1.134,320,1.757,326,2.727,327,1.284,332,1.285,364,1.34,374,1.285,375,2.255,388,0.75,408,1.505,419,2.358,420,2.332,421,2.358,444,1.505,459,1.073,463,1.134,464,1.383,510,2.104,514,1.971,526,2.264,543,2.348,553,1.204,563,1.073,571,1.073,594,2.348,627,1.204,630,1.857,645,2.503,655,1.383,687,1.763,698,1.505,701,1.285,711,1.505,736,0.813,741,2.332,752,2.264,758,3.618,762,1.669,770,1.971,777,2.104,779,2.358,780,2.104,785,1.285,794,1.505,798,1.505,800,2.465,812,1.204,813,2.672,814,2.733,818,1.285,819,1.505,826,2.465,833,1.669,852,1.669,865,1.383,866,1.134,877,1.285,879,1.505,906,2.733,907,1.669,931,1.285,955,1.285,966,2.733,973,2.875,975,2.733,982,1.505,993,1.669,999,1.505,1000,1.073,1023,1.669,1027,1.918,1028,1.918,1029,1.918,1030,1.918,1031,1.918,1032,5.462,1033,6.229,1034,1.918,1035,1.918,1036,2.733,1037,1.383,1038,1.918,1039,3.14,1040,3.14,1041,1.918,1042,1.918,1043,1.918,1044,1.918,1045,1.918,1046,1.918,1047,1.505,1048,1.918,1049,1.669,1050,1.918,1051,1.669,1052,1.918,1053,1.918,1054,1.918,1055,1.918,1056,1.918,1057,1.505,1058,1.918,1059,1.505,1060,1.918,1061,1.918,1062,1.669,1063,1.505,1064,1.918,1065,4.012,1066,1.918,1067,2.264,1068,3.14,1069,1.918,1070,1.918,1071,3.14,1072,1.918,1073,1.918,1074,1.918,1075,1.918,1076,1.918,1077,1.918,1078,3.14,1079,1.918,1080,1.918,1081,1.669,1082,1.918,1083,1.669,1084,1.383,1085,1.918,1086,3.14,1087,1.918,1088,1.669,1089,1.918,1090,3.988,1091,1.918,1092,2.733,1093,1.669,1094,1.918,1095,1.669,1096,1.918,1097,3.14,1098,1.918,1099,1.918,1100,1.918,1101,1.918,1102,1.918,1103,1.918,1104,1.918,1105,1.918,1106,1.918]],["t/97",[1,0.776,2,1.319,3,1.24,5,3.158,11,1.934,12,1.572,14,0.748,15,2.282,16,1.053,19,0.748,20,1.011,25,1.591,26,0.98,30,1.199,33,1.389,36,1.319,41,0.94,44,0.834,51,0.286,52,1.346,55,1.098,61,2.264,66,1.001,78,1.706,79,1.319,88,1.609,91,2.423,96,1.558,97,0.748,101,1.558,105,1.098,107,1.199,108,1.863,109,0.965,112,1.319,115,1.949,117,0.722,120,3.073,121,2.264,133,1.714,136,1.098,142,1.534,147,1.427,150,0.672,156,0.748,158,1.389,160,1.558,175,2.702,177,1.949,182,3,190,1.146,235,2.395,243,2.051,245,1.468,250,0.722,257,2.783,260,1.468,287,1.389,304,1.79,320,2.16,326,2.354,343,2.282,354,1.558,355,3.716,358,2.783,364,1.858,365,1.949,388,0.971,392,1.664,410,1.949,419,2.282,420,1.953,421,3.158,431,3.851,447,1.949,448,1.79,521,4.415,536,1.468,543,1.146,563,1.389,594,1.782,645,1.558,683,1.949,687,1.706,697,1.949,711,3.716,712,1.949,732,2.783,736,1.053,743,2.161,745,3.359,753,1.949,777,1.664,794,1.949,812,1.558,813,1.664,853,1.468,859,1.79,870,3.359,883,1.79,889,1.949,890,2.161,954,1.664,970,1.949,973,1.79,995,1.949,999,1.949,1049,2.161,1051,3.359,1059,1.949,1063,1.949,1067,1.79,1081,2.161,1088,2.161,1092,4.121,1093,2.161,1107,3.86,1108,3.86,1109,3.86,1110,2.483,1111,2.161,1112,2.483,1113,2.483,1114,2.483,1115,2.483,1116,1.79,1117,2.483,1118,2.483,1119,2.483,1120,3.86,1121,3.359,1122,2.483,1123,2.483,1124,2.483,1125,2.483,1126,2.161,1127,2.483,1128,2.483,1129,2.483,1130,2.483,1131,2.483,1132,3.86,1133,2.483,1134,2.161,1135,2.483,1136,2.161,1137,2.483,1138,2.483,1139,2.483,1140,2.483,1141,1.949,1142,2.483,1143,2.483,1144,2.483,1145,2.483,1146,2.483,1147,2.483,1148,2.483,1149,2.483,1150,2.483,1151,2.483,1152,2.483,1153,2.161,1154,2.483,1155,2.483,1156,2.483,1157,3.86,1158,2.161,1159,2.483,1160,2.483,1161,2.483,1162,1.949,1163,2.483,1164,2.161,1165,2.483,1166,1.949,1167,2.423,1168,2.483,1169,1.949,1170,2.483,1171,2.483,1172,1.79,1173,2.161,1174,2.483,1175,2.483,1176,2.483,1177,2.483]],["t/99",[14,1.462,19,1.462,22,1.314,25,1.63,26,1.164,33,2.715,39,0.822,48,3.045,51,0.461,56,3.045,91,3.045,97,1.874,103,1.516,109,0.989,120,2.578,121,2.057,147,2.182,150,1.685,156,1.462,158,2.715,163,2.09,190,2.24,311,1.898,314,3.678,325,2.869,364,2.106,403,3.808,459,2.715,522,6.305,594,2.24,733,2.342,734,2.342,804,4.485,1011,5.975,1036,4.222,1178,3.808,1179,4.852,1180,4.852,1181,4.852,1182,4.222,1183,4.852,1184,4.852,1185,4.852,1186,4.852]],["t/101",[1,1.522,3,1.139,4,2.464,9,3.264,13,1.578,25,2.311,26,0.826,37,1.905,39,0.826,41,0.857,51,0.462,63,2.88,66,1.454,77,1.699,88,1.468,94,1.905,97,1.879,103,1.522,109,1.402,117,1.416,124,2.464,147,2.185,150,1.689,194,1.319,196,1.229,235,2.464,326,2.538,327,1.229,364,2.18,406,3.823,687,2.153,733,2.352,734,2.352,736,2.065,752,3.512,830,3.264,877,3.264,878,3.512,918,3.823,1065,4.239,1169,3.823,1187,4.871,1188,4.871,1189,4.871,1190,3.823,1191,4.871,1192,4.239,1193,4.871,1194,4.871,1195,4.871]],["t/103",[1,1.475,3,1.117,12,1.484,13,1.98,14,1.423,19,1.423,22,1.279,26,0.8,30,2.279,37,1.847,39,1.036,51,0.531,66,1.292,77,1.646,81,2.18,97,1.842,103,1.475,109,1.246,117,1.373,133,2.454,142,1.529,147,2.16,150,1.655,184,4.542,235,2.389,260,3.614,261,2.822,262,2.18,263,4.096,320,3.42,327,1.192,364,1.373,463,2.792,543,2.822,806,3.706,807,4.096,818,3.164,830,3.164,877,3.164,916,3.404,918,3.706,1024,4.109,1095,4.109,1169,3.706,1190,3.706,1192,4.109,1196,4.721,1197,4.721,1198,4.721,1199,4.721,1200,4.721]],["t/105",[19,1.777,30,2.848,51,0.556,136,3.313,142,2.63,330,4.629,386,3.24,388,2.745,734,2.848,1201,5.898,1202,5.898,1203,5.133]],["t/107",[3,1.109,14,1.83,26,1.286,33,3.398,51,0.45,77,2.645,81,2.803,109,1.238,117,1.766,213,3.591,375,2.375,804,4.379,1204,6.073,1205,6.073]],["t/109",[0,2.029,1,1.75,3,1.024,10,3.055,11,2.464,14,1.688,19,1.688,22,1.517,30,2.705,38,3.443,40,3.313,51,0.415,105,3.008,109,1.142,195,1.317,207,4.04,218,3.754,237,2.586,248,2.705,319,3.313,327,1.414,536,3.313,673,4.397,866,3.313,1206,6.805,1207,4.024]],["t/111",[0,2.23,3,1.245,10,2.816,11,2.762,19,1.439,22,1.294,38,3.115,41,0.841,44,1.605,51,0.457,65,2.306,107,2.306,109,1.389,117,1.389,147,2.054,150,1.294,248,2.306,287,2.673,290,2.998,327,1.205,425,4.157,536,3.641,770,2.998,788,4.157,805,4.157,865,4.914,866,4.03,949,3.749,968,3.749,978,3.749,1084,3.444,1207,4.257,1208,4.776,1209,6.265,1210,4.776,1211,4.776,1212,4.776,1213,4.776,1214,4.776,1215,4.776,1216,4.776,1217,4.776,1218,4.776,1219,4.157,1220,4.157]],["t/113",[0,1.633,1,0.719,3,1.019,10,2.43,11,2.55,12,0.797,13,1.178,15,2.151,16,3.068,22,0.623,29,1.361,33,1.288,38,3.353,39,0.868,40,4.574,41,1.133,42,1.361,44,0.773,50,3.022,51,0.491,61,0.976,66,0.769,77,0.803,89,2.271,94,0.9,103,1.136,104,1.66,105,1.993,107,1.111,108,1.111,109,1.266,117,0.669,133,2.249,136,1.018,147,0.694,150,1.221,163,1.722,175,1.164,181,1.111,190,1.679,201,1.461,203,2.003,272,1.66,282,3.251,311,0.9,327,0.581,328,2.151,332,2.437,347,2.83,364,1.311,373,1.66,375,0.9,395,2.003,420,3.142,437,2.622,439,1.806,510,1.542,529,1.445,533,3.539,553,1.445,563,1.288,565,1.806,627,2.283,634,4.655,649,1.66,656,1.806,663,2.003,664,2.855,674,1.806,733,1.111,736,0.976,760,2.283,768,2.003,769,1.445,770,4.592,771,2.003,774,1.66,792,2.003,803,2.003,828,2.622,859,1.66,866,2.666,881,1.66,982,1.806,1000,1.288,1062,3.165,1084,3.251,1116,1.66,1121,3.165,1166,2.855,1207,3.508,1221,3.637,1222,4.509,1223,4.509,1224,2.302,1225,2.003,1226,3.637,1227,3.637,1228,2.302,1229,2.302,1230,2.302,1231,2.003,1232,2.302,1233,3.637,1234,2.302,1235,2.302,1236,2.003,1237,2.302,1238,2.302,1239,3.637,1240,3.165,1241,5.604,1242,2.003,1243,2.003,1244,2.302,1245,2.302,1246,2.302,1247,2.003,1248,3.637,1249,2.003,1250,2.302,1251,2.302,1252,2.302,1253,2.302,1254,3.637,1255,3.637,1256,2.302,1257,2.003,1258,2.302,1259,2.302,1260,2.302,1261,3.165,1262,4.509,1263,2.302,1264,2.302,1265,2.302,1266,2.302,1267,2.003,1268,2.302,1269,3.924,1270,3.637,1271,3.165,1272,3.637,1273,2.302,1274,2.302,1275,2.003,1276,3.924,1277,2.003,1278,3.165,1279,2.003]],["t/115",[3,1.062,29,3.438,39,1.179,41,1.023,66,1.471,88,2.097,94,2.274,109,1.185,120,3.957,121,3.157,190,2.684,572,5.06,733,3.36,734,3.36,1280,5.815,1281,5.815,1282,6.959]],["t/117",[10,1.833,11,1.697,12,1.789,30,2.262,41,0.825,51,0.347,81,2.163,90,2.489,101,2.941,150,1.269,163,1.574,195,1.102,344,4.385,346,4.869,347,2.941,364,1.362,410,3.677,710,4.078,720,4.078,733,2.262,1083,4.078,1126,5.293,1283,4.685,1284,6.082,1285,4.685,1286,4.685,1287,4.685,1288,4.685,1289,4.685,1290,4.685,1291,4.685,1292,4.685,1293,4.685,1294,4.685,1295,6.753,1296,4.685,1297,5.3,1298,4.685,1299,4.685,1300,6.753,1301,4.685,1302,4.685,1303,4.685,1304,4.685,1305,4.685,1306,4.685,1307,4.685,1308,4.685,1309,4.685,1310,4.685,1311,4.685,1312,4.685,1313,4.078,1314,4.685]],["t/119",[12,1.503,51,0.421,66,1.2,84,4.458,88,2.068,94,2.884,109,1.158,248,2.743,285,2.743,298,4.458,311,2.884,375,2.222,409,4.458,411,4.458,733,2.743,734,2.743,812,3.565,1178,5.386,1297,4.458,1315,4.944,1316,4.944,1317,6.862,1318,5.68,1319,5.68]],["t/121",[0,2.014,1,1.446,3,0.698,4,1.319,5,3.08,6,1.849,7,0.505,8,1.142,10,1.236,11,2.244,12,1.464,13,0.938,14,1.353,15,2.37,16,1.963,17,1.319,18,1.991,19,1.395,20,1.286,22,1.216,24,3.467,25,1.142,26,0.709,29,0.343,30,0.741,31,0.608,33,0.325,34,0.343,36,0.308,37,1.33,38,0.977,39,0.442,40,3.722,41,0.933,42,2.26,43,1.568,44,0.649,45,0.525,46,0.389,47,2.264,48,0.364,50,0.729,51,0.507,52,1.333,54,1.436,55,0.854,56,0.364,58,0.729,61,0.246,63,0.343,64,0.343,66,0.847,73,0.946,76,0.389,78,1.503,79,0.815,81,0.502,87,0.325,88,1.626,89,0.442,90,0.308,93,0.455,94,0.6,96,0.682,97,0.873,102,2.078,107,1.398,109,0.222,112,0.578,113,0.505,114,0.853,122,0.853,124,0.776,127,0.682,128,2.046,131,2.451,133,1.384,136,1.011,141,1.991,142,1.542,145,1.204,147,1.208,150,0.62,152,1.028,154,0.853,156,1.208,158,0.608,160,0.682,162,0.729,163,0.973,165,0.525,166,1.681,167,0.853,169,0.505,175,1.72,177,0.455,179,1.081,181,0.28,182,2.385,183,0.859,185,1.353,186,1.213,187,1.768,188,0.325,189,0.455,190,0.892,192,1.868,194,0.157,195,0.256,196,0.146,198,3.8,201,0.352,202,3.78,207,0.418,214,2.423,217,0.364,218,0.389,220,0.682,221,1.641,226,1.516,229,0.859,235,0.293,237,2.307,243,1.215,244,1.679,245,1.142,248,1.525,249,1.393,250,2.188,252,0.853,253,0.505,256,1.702,260,0.907,261,1.569,262,1.204,263,1.028,267,1.621,269,1.213,272,0.418,273,0.729,277,0.418,278,1.621,280,2.841,282,1.88,284,0.455,285,1.935,286,0.364,287,1.28,302,0.853,303,0.455,304,0.418,305,1.106,306,1.818,308,0.455,310,0.455,311,1.02,312,0.608,314,0.643,315,0.455,316,0.643,317,0.455,319,0.907,320,0.859,321,1.533,322,0.963,325,0.343,326,0.625,327,1.012,328,1.542,334,0.389,345,0.389,346,0.418,347,0.364,350,0.578,352,0.853,354,0.963,355,0.853,358,1.393,359,0.505,364,1.662,371,0.455,386,1.671,388,1.635,392,1.028,399,0.608,403,0.853,419,0.343,420,2.528,421,1.713,423,0.505,427,0.505,430,1.516,431,1.106,434,0.946,435,0.946,459,0.608,461,1.204,463,0.343,464,1.393,504,1.681,507,0.505,510,0.389,514,0.682,515,0.853,516,1.393,521,1.106,529,1.818,533,0.853,534,0.455,535,1.142,536,0.343,539,0.455,542,0.455,543,0.268,546,1.516,547,1.204,549,0.505,551,0.505,553,0.364,554,0.455,555,0.853,556,2.668,594,0.268,620,1.681,623,0.505,626,0.729,627,0.364,630,2.472,632,0.946,634,2.668,635,1.516,636,0.505,637,0.455,645,0.364,673,1.204,674,1.204,687,0.481,693,1.393,701,0.389,703,0.455,712,0.455,734,0.933,735,0.505,736,0.461,741,0.293,753,0.455,769,0.364,770,0.963,772,0.505,776,0.505,777,0.389,779,0.343,785,0.729,791,0.505,816,0.505,817,0.455,820,0.455,823,0.418,828,0.418,866,0.643,883,1.106,886,0.853,887,0.963,888,1.028,889,0.455,891,0.505,930,1.295,935,2.968,937,0.455,948,0.505,954,0.389,955,1.747,957,0.946,964,1.795,974,0.505,980,0.505,985,0.784,1000,2.513,1037,1.393,1059,1.204,1084,0.418,1111,0.505,1134,0.505,1136,0.505,1141,0.455,1153,0.505,1164,0.505,1166,0.853,1167,1.637,1172,0.418,1182,0.505,1203,1.335,1207,0.343,1219,2.269,1225,0.505,1231,0.505,1236,0.505,1240,1.991,1241,1.991,1242,0.946,1243,0.505,1247,0.946,1249,0.505,1257,0.505,1261,0.505,1269,3.639,1271,2.269,1275,0.505,1276,1.991,1277,0.505,1278,0.946,1279,0.505,1320,0.58,1321,1.516,1322,1.534,1323,0.58,1324,2.287,1325,0.58,1326,0.505,1327,0.58,1328,0.58,1329,0.58,1330,0.58,1331,0.58,1332,1.087,1333,0.58,1334,0.58,1335,0.58,1336,0.58,1337,0.58,1338,1.087,1339,0.58,1340,0.505,1341,0.58,1342,1.932,1343,0.505,1344,0.58,1345,0.58,1346,0.58,1347,1.534,1348,1.534,1349,0.455,1350,2.897,1351,0.58,1352,0.58,1353,0.58,1354,0.58,1355,0.58,1356,0.58,1357,1.534,1358,0.58,1359,0.58,1360,0.58,1361,0.58,1362,1.534,1363,1.534,1364,0.58,1365,0.58,1366,0.58,1367,0.58,1368,0.58,1369,0.58,1370,0.784,1371,1.087,1372,1.087,1373,1.087,1374,0.58,1375,0.455,1376,0.58,1377,0.58,1378,0.853,1379,0.946,1380,0.853,1381,0.58,1382,0.946,1383,0.946,1384,0.58,1385,1.204,1386,0.505,1387,1.087,1388,0.58,1389,0.58,1390,0.58,1391,0.58,1392,0.946,1393,0.505,1394,0.58,1395,0.58,1396,0.946,1397,0.58,1398,0.58,1399,0.58,1400,2.046,1401,1.335,1402,1.028,1403,0.58,1404,0.946,1405,0.505,1406,0.505,1407,0.58,1408,0.58,1409,2.686,1410,1.542,1411,0.58,1412,1.534,1413,0.58,1414,0.58,1415,0.58,1416,1.204,1417,1.932,1418,0.58,1419,0.58,1420,1.534,1421,0.58,1422,0.58,1423,0.505,1424,0.58,1425,0.58,1426,1.932,1427,0.58,1428,0.58,1429,0.58,1430,0.58,1431,0.505,1432,0.58,1433,0.58,1434,0.58,1435,0.505,1436,0.505,1437,0.946,1438,0.58,1439,0.58,1440,0.58,1441,0.58,1442,1.335,1443,1.087,1444,0.58,1445,0.58,1446,0.505,1447,0.58,1448,0.58,1449,0.58,1450,0.58,1451,0.58,1452,0.58,1453,0.58,1454,0.58,1455,0.58,1456,0.58,1457,0.58,1458,0.58]],["t/123",[0,2.346,1,1.346,3,1.184,19,1.298,26,1.172,39,1.172,41,0.758,42,3.403,43,3.009,44,1.934,45,2.08,51,0.427,61,1.826,66,0.91,87,2.411,88,2.318,94,1.685,102,2.815,105,2.865,108,2.08,109,0.878,112,2.289,199,3.278,201,1.396,214,2.44,220,3.612,228,2.704,232,3.106,237,2.657,248,3.339,285,2.08,311,1.685,328,2.548,343,2.548,364,1.884,448,4.149,526,4.149,563,2.411,812,2.704,887,2.704,888,2.887,1000,2.411,1321,3.381,1343,3.749,1459,4.308,1460,4.308,1461,4.308,1462,4.308,1463,4.308,1464,5.755,1465,4.308,1466,5.755,1467,4.308,1468,4.308,1469,4.308]],["t/125",[11,1.949,12,1.454,38,2.723,39,0.912,51,0.399,84,4.224,88,1.622,89,2.703,120,3.528,121,2.815,142,1.743,150,1.798,248,2.599,269,3.378,277,4.788,285,2.599,298,4.224,311,2.597,375,2.105,388,2.105,409,4.224,411,4.224,733,3.206,734,3.206,795,4.224,1178,5.211,1297,4.224,1315,4.684,1316,4.684,1470,5.382,1471,5.382,1472,5.382,1473,5.382,1474,5.382]],["t/127",[0,2.393,3,0.819,6,1.622,12,1.539,19,1.35,22,1.214,24,4.632,39,1.12,51,0.438,52,2.06,78,2.611,88,1.991,109,0.913,114,3.517,121,1.9,195,1.389,237,2.068,290,3.708,327,1.491,350,2.381,399,2.507,529,3.708,635,3.517,693,3.231,733,2.163,930,3.958,984,3.899,985,4.259,1379,5.141,1380,3.517,1382,3.899,1383,5.751,1385,5.513,1386,5.141,1400,5.186,1402,3.002,1423,3.899,1446,3.899,1475,4.259,1476,4.481,1477,4.481,1478,4.481,1479,4.481]],["t/129",[0,2.687,3,0.676,6,2.473,12,0.81,17,1.872,19,2.134,20,1.506,22,1.757,24,3.962,30,1.786,39,0.879,41,0.651,47,2.436,51,0.274,55,2.292,64,3.066,78,2.868,85,2.479,89,1.506,90,2.755,97,1.804,105,1.635,109,0.754,117,1.076,121,2.198,124,2.623,142,1.68,147,1.804,189,4.069,190,1.708,192,2.188,196,0.934,201,1.198,250,1.076,273,2.479,278,3.63,285,1.786,327,1.308,375,1.447,386,2.394,399,2.07,408,2.903,437,2.667,516,3.739,630,2.188,646,2.667,835,3.22,933,2.903,935,2.07,954,3.474,1167,2.322,1393,3.22,1402,2.479,1409,3.474,1410,2.188,1475,2.667,1480,3.699,1481,3.22,1482,3.22,1483,4.069,1484,4.069,1485,5.361,1486,5.21,1487,5.185,1488,3.699,1489,3.699,1490,3.699,1491,3.699,1492,3.699,1493,4.512,1494,4.069,1495,3.22,1496,3.22,1497,3.22,1498,3.22,1499,3.22,1500,3.22,1501,3.22,1502,3.22,1503,3.22,1504,3.22,1505,3.22,1506,3.22,1507,2.903,1508,2.903,1509,3.22,1510,3.22,1511,3.22]],["t/131",[0,2.849,3,0.684,6,1.356,12,0.82,20,1.524,22,1.014,24,3.649,39,0.886,41,0.659,43,2.357,47,2.452,51,0.278,78,2.883,85,2.509,89,1.524,90,1.989,97,1.816,102,2.128,105,1.655,117,1.089,121,2.217,124,3.048,142,1.213,147,1.816,196,0.945,201,1.213,221,2.525,237,2.782,273,2.509,278,3.372,285,2.525,327,1.32,344,2.7,375,1.465,386,1.729,399,2.095,437,2.7,514,2.35,516,2.7,536,2.214,594,1.729,619,2.939,627,2.35,630,2.214,646,2.7,935,2.095,954,4.038,985,2.7,1162,2.939,1167,2.35,1402,2.509,1409,3.504,1410,2.214,1475,2.7,1481,3.259,1482,3.259,1483,4.104,1484,4.104,1485,2.939,1493,4.551,1494,4.104,1495,3.259,1496,3.259,1497,3.259,1498,3.259,1499,3.259,1500,3.259,1501,3.259,1502,3.259,1503,3.259,1504,3.259,1505,3.259,1506,4.551,1507,2.939,1508,2.939,1509,4.551,1510,3.259,1511,3.259,1512,3.744,1513,3.744,1514,3.744,1515,3.744,1516,3.744,1517,3.744,1518,3.744,1519,5.229,1520,5.229,1521,5.229,1522,5.229,1523,3.744,1524,3.744,1525,2.7,1526,3.744]],["t/133",[10,1.905,20,1.983,24,4.418,39,1.166,50,3.264,64,2.88,78,3.314,88,2.073,89,1.983,90,2.588,105,2.153,107,2.352,117,1.416,121,2.644,181,2.352,192,2.88,195,1.145,196,1.229,237,2.249,285,2.352,327,1.574,375,1.905,399,2.726,734,2.352,795,3.823,881,3.512,930,4.609,933,3.823,1370,3.512,1375,3.823,1475,3.512,1483,4.894,1484,4.894,1486,5.986,1494,4.894,1507,3.823,1508,3.823,1527,4.871,1528,4.871,1529,4.871,1530,6.236,1531,6.236]],["t/135",[0,1.828,1,1.385,2,1.192,3,0.651,6,1.605,9,1.503,10,0.877,11,2.685,12,1.782,13,1.785,14,0.676,16,2.487,19,0.676,20,0.913,22,1.368,25,1.197,31,1.255,34,2.107,35,1.503,36,1.192,38,1.135,39,0.604,41,1.25,44,0.754,47,2.503,51,0.374,52,0.782,55,0.992,71,1.503,77,0.782,89,1.45,93,1.76,94,0.877,103,0.701,107,1.083,109,0.904,115,1.76,117,0.652,121,1.88,124,2.555,127,1.408,133,1.29,136,0.992,142,1.636,181,2.438,183,1.255,190,2.331,199,1.135,204,3.858,221,2.438,229,3.441,235,1.135,236,1.617,248,1.72,251,1.617,299,1.952,328,2.107,345,1.503,350,1.893,364,0.652,375,0.877,388,0.877,447,1.76,463,1.326,562,1.617,615,1.952,627,2.237,639,1.952,645,1.408,664,1.76,721,1.952,724,3.101,736,1.511,765,3.641,769,1.408,770,1.408,817,1.76,830,1.503,854,1.952,860,1.76,884,1.952,931,1.503,935,3.847,955,1.503,970,1.76,995,2.797,1000,1.255,1057,2.797,1063,2.797,1116,1.617,1141,1.76,1162,2.797,1167,2.237,1172,1.617,1190,1.76,1207,2.107,1267,1.952,1313,1.952,1326,1.952,1370,1.617,1378,1.76,1392,1.952,1396,1.952,1409,2.388,1416,4.324,1525,2.569,1532,1.617,1533,1.952,1534,2.243,1535,4.395,1536,6.088,1537,3.101,1538,4.395,1539,2.243,1540,2.243,1541,2.243,1542,2.243,1543,1.76,1544,6.149,1545,2.243,1546,2.243,1547,2.243,1548,5.05,1549,2.243,1550,3.858,1551,2.243,1552,3.563,1553,2.243,1554,2.243,1555,3.563,1556,2.243,1557,2.243,1558,3.563,1559,3.563,1560,2.243,1561,2.243,1562,2.243,1563,2.243,1564,4.433,1565,2.243,1566,4.433,1567,3.563,1568,3.563,1569,2.243,1570,2.243,1571,2.243,1572,1.952,1573,2.243,1574,2.243,1575,2.243,1576,3.563,1577,2.243,1578,3.563,1579,2.243,1580,3.563,1581,2.243,1582,2.243,1583,2.243,1584,2.243]],["t/137",[3,1.179,20,2.627,41,1.136,66,1.563,1410,3.817]],["t/139",[0,2.244,2,2.098,3,0.721,6,2.416,9,2.646,12,0.865,14,1.19,19,1.19,31,2.21,34,3.208,35,2.646,36,2.098,37,2.949,39,0.669,44,1.823,47,2.522,52,1.377,71,2.646,83,2.646,88,1.19,109,0.805,190,1.823,192,3.665,221,2.619,237,1.823,244,2.882,319,4.377,327,1.369,361,2.478,364,1.577,375,1.544,386,1.823,388,2.122,392,4.687,393,3.912,565,3.099,630,4.458,847,3.099,1207,4.136,1485,3.099,1525,2.847,1532,2.847,1543,3.099,1585,4.721,1586,4.721,1587,5.807,1588,3.949,1589,3.436,1590,4.721,1591,4.721,1592,4.721,1593,4.721,1594,4.721,1595,3.949,1596,3.436,1597,4.721,1598,3.436,1599,3.436,1600,3.436,1601,3.436,1602,3.436,1603,3.436,1604,3.436,1605,3.436,1606,3.436,1607,3.436,1608,3.436,1609,3.436,1610,3.436,1611,3.436,1612,3.949]],["t/141",[0,1.578,3,0.954,6,2.573,10,1.705,12,1.522,16,1.848,19,0.877,25,2.335,26,0.739,34,1.722,36,1.547,37,2.643,39,0.493,41,0.767,42,1.722,44,1.755,47,2.528,51,0.387,52,1.015,66,0.921,71,1.951,88,0.877,103,0.91,109,1.329,117,0.847,133,1.578,136,1.927,147,1.313,150,1.415,192,1.722,220,1.828,221,1.406,237,1.344,244,3.081,319,4.399,327,1.464,334,1.951,343,1.722,350,1.547,364,1.519,386,2.012,388,2.268,392,4.761,393,4.182,626,1.951,630,4.201,703,4.1,736,1.234,785,1.951,847,2.285,862,2.285,935,2.923,949,2.285,1017,2.534,1207,3.996,1321,4.552,1349,2.285,1380,2.285,1410,1.722,1572,2.534,1585,2.534,1586,4.546,1587,5.881,1589,2.534,1590,4.546,1591,5.405,1592,5.047,1593,5.047,1594,5.047,1596,2.534,1597,4.546,1598,2.534,1599,2.534,1600,2.534,1601,2.534,1602,2.534,1603,2.534,1604,2.534,1605,2.534,1606,2.534,1607,2.534,1608,2.534,1609,2.534,1610,2.534,1611,3.793,1613,2.912,1614,2.912,1615,2.912,1616,2.534,1617,4.358,1618,4.358,1619,2.912,1620,2.912,1621,4.358,1622,2.912,1623,2.912,1624,2.912,1625,4.358,1626,2.912]],["t/143",[3,1.347,39,1.088,109,1.309,769,4.031,881,4.63,1410,3.797]],["t/145",[3,1.255,11,2.06,12,1.7,13,1.372,26,0.964,31,2.369,39,1.164,41,1.131,44,1.423,51,0.476,79,2.25,95,3.323,97,1.276,109,1.4,127,2.658,142,1.372,147,1.714,150,1.541,163,1.423,175,2.878,214,1.795,235,2.142,244,4.167,257,3.053,311,2.225,327,1.436,369,3.685,534,4.464,535,4.237,539,4.464,542,3.323,546,5.042,547,4.464,553,2.658,554,4.464,701,3.812,733,2.044,734,2.044,931,2.837,955,2.837,968,3.323,1047,3.323,1209,3.685,1435,3.685,1436,3.685,1437,3.685,1627,5.688,1628,5.688,1629,3.685,1630,3.685,1631,3.685,1632,4.234,1633,4.234,1634,4.234,1635,4.234,1636,4.234]],["t/147",[0,1.877,3,1.293,11,1.877,12,1.72,19,1.115,26,0.627,39,0.879,43,1.447,44,1.243,47,1.506,51,0.444,52,1.29,90,1.966,94,2.028,95,2.903,97,1.115,103,1.156,109,1.392,117,1.076,124,2.623,127,4.072,142,1.198,147,1.562,150,1.404,187,2.901,190,1.708,224,4.512,229,3.35,235,1.872,237,2.394,243,2.755,266,4.316,326,1.506,327,1.308,375,2.341,420,1.872,626,2.479,637,4.069,733,1.786,734,1.786,736,1.568,764,3.22,765,2.667,819,4.069,935,2.901,1037,3.739,1047,2.903,1057,2.903,1116,2.667,1158,3.22,1167,2.322,1340,4.512,1370,4.678,1375,2.903,1378,4.069,1385,2.903,1409,2.479,1410,2.188,1533,3.22,1535,3.22,1536,5.21,1537,3.22,1538,4.512,1550,3.22,1616,3.22,1629,3.22,1630,3.22,1631,3.22,1637,5.185,1638,5.185,1639,5.986,1640,3.699,1641,3.699,1642,3.699,1643,3.699,1644,5.185,1645,3.699,1646,3.699,1647,3.699,1648,3.699,1649,3.699,1650,3.699,1651,3.699,1652,3.699,1653,3.699,1654,3.699,1655,3.699]],["t/149",[3,1.142,8,2.373,10,2.146,11,1.986,17,2.03,19,1.209,22,1.087,25,1.348,31,2.246,34,2.373,35,2.689,36,3.737,37,2.445,38,2.03,39,0.68,40,2.373,43,1.57,46,2.689,48,2.519,51,0.538,52,2.179,54,3.923,63,2.373,78,1.774,80,2.894,94,1.57,102,1.633,106,2.519,108,1.938,109,1.118,117,1.167,121,1.701,142,1.3,156,1.209,192,2.373,218,2.689,221,3.396,229,2.246,251,2.894,269,3.443,287,2.246,311,1.57,321,2.689,327,1.013,362,2.894,364,2.045,386,2.532,420,2.775,526,2.894,529,2.519,562,2.894,619,4.905,648,3.493,693,2.894,731,5.439,766,3.493,813,2.689,877,2.689,1000,2.246,1067,2.894,1349,3.15,1400,3.15,1401,3.493,1402,2.689,1404,5.439,1405,3.493,1406,3.493,1416,3.15,1431,3.493,1525,2.894,1532,2.894,1543,3.15,1656,4.013,1657,4.013,1658,4.013,1659,4.013,1660,4.013,1661,5.485,1662,3.493,1663,5.485,1664,4.013,1665,4.013,1666,4.013]],["t/151",[0,2.098,6,2.098,9,2.917,10,1.703,11,1.576,19,1.746,22,1.881,24,2.436,25,2.591,26,0.982,29,3.427,39,0.738,45,2.102,47,1.772,49,3.139,51,0.323,52,1.518,54,2.733,61,1.846,66,0.92,68,2.733,75,3.789,96,2.733,109,0.888,112,2.313,133,1.576,156,1.312,181,2.798,182,3.07,199,2.203,287,3.243,326,1.772,328,2.575,347,2.733,361,2.733,364,1.894,371,3.417,374,2.917,375,1.703,388,2.548,406,3.417,431,3.139,563,2.436,736,2.457,774,3.139,789,3.789,830,2.917,853,2.575,935,2.436,937,3.417,1000,2.436,1037,3.139,1067,4.179,1172,3.139,1173,3.789,1220,3.789,1442,3.789,1662,5.044,1667,4.354,1668,4.354,1669,4.354,1670,4.354,1671,4.354,1672,4.354,1673,4.354,1674,4.354,1675,4.354,1676,4.354,1677,4.354,1678,4.354,1679,4.354]],["t/153",[14,2.213,31,3.149,34,3.328,35,3.772,36,2.99,39,0.954,51,0.417,52,1.963,117,1.637,142,2.21,199,3.452,214,3.113,221,3.295,256,2.291,361,4.283,388,2.201,887,4.61,888,4.921,1532,4.058,1680,5.628,1681,5.628,1682,5.628]]],"invertedIndex":[["",{"_index":12,"t":{"2":{"position":[[119,1],[559,4]]},"4":{"position":[[752,3],[789,3],[827,3],[831,3]]},"23":{"position":[[234,1]]},"41":{"position":[[618,3],[972,1],[974,1],[987,1],[1038,1]]},"43":{"position":[[693,1]]},"53":{"position":[[202,1],[204,1],[331,1],[333,1]]},"57":{"position":[[649,1],[655,2]]},"61":{"position":[[259,3]]},"69":{"position":[[92,1],[528,1]]},"71":{"position":[[209,1]]},"73":{"position":[[256,1],[1182,1],[1202,1],[1306,1],[1621,1],[1641,1],[3089,1],[3110,2]]},"75":{"position":[[1195,1]]},"83":{"position":[[400,2],[458,2]]},"87":{"position":[[259,2],[353,2],[432,2],[496,2],[566,2],[2038,1],[2318,1],[2591,1],[2613,1],[3485,1],[3499,1],[3519,1],[4395,1],[4439,1],[4490,1],[4512,1],[4521,1],[4566,1],[4604,1],[4616,1],[4632,1],[4647,1],[4688,1],[4993,1],[5015,1],[5032,1],[5064,1],[5987,3],[6222,1],[6244,1],[6261,1],[6281,1],[6478,1],[6899,1],[6921,1],[6938,1]]},"89":{"position":[[674,2]]},"91":{"position":[[366,1],[396,1]]},"95":{"position":[[39,1],[1414,1],[3059,1],[3080,1],[3140,1],[3191,1],[3193,1],[3236,1],[3238,1],[3261,1],[3284,1],[3311,1],[3331,1],[3361,1],[3493,1],[4386,1],[4407,1],[4464,1],[4520,1],[4522,1],[4560,1],[4562,1],[4578,1],[4599,1],[4624,1],[4644,1],[4665,1],[4693,1],[4770,1]]},"97":{"position":[[1584,1],[1616,1],[1670,1],[1726,1],[1749,1],[1773,1],[1808,1],[1858,1],[1885,1],[1914,1],[1989,1],[2068,1]]},"103":{"position":[[213,1],[238,1],[259,1]]},"113":{"position":[[2505,2],[2549,2]]},"117":{"position":[[239,1],[248,1],[264,1],[272,4],[277,1],[312,1],[320,4],[325,1],[330,1],[570,1],[697,1],[706,1],[728,1],[730,1]]},"119":{"position":[[83,1],[85,1]]},"121":{"position":[[71,2],[93,1],[1050,1],[1583,1],[1706,3],[2057,4],[2062,2],[2418,1],[2420,1],[2493,1],[2574,1],[2662,1],[3124,2],[3431,1],[3433,1],[3511,1],[3513,1],[3950,1],[4089,1],[4200,1],[4990,1],[5533,2],[7096,1],[7163,4],[8215,2],[8284,1],[8730,2],[8923,2],[9540,1],[10287,1],[12600,1],[12728,1],[12877,1],[12941,1],[13092,1],[13123,1],[14073,1],[14502,1],[14790,1],[14890,1],[15128,1],[15210,1],[15217,2],[15299,1],[15952,1],[15959,2],[16312,2]]},"125":{"position":[[147,1],[149,1]]},"127":{"position":[[215,1],[241,1],[278,1],[343,1]]},"129":{"position":[[927,1]]},"131":{"position":[[782,1]]},"135":{"position":[[242,1],[272,4],[317,1],[513,1],[557,1],[629,1],[640,1],[655,1],[796,1],[879,3],[912,1],[923,1],[925,1],[969,1],[988,1],[1050,1],[1282,1],[1468,1],[1644,1],[1737,1],[1803,1],[1901,1],[2080,1],[2161,1],[2266,2],[2269,3],[2273,5],[2279,1],[2396,1],[2398,1],[2494,1],[2582,1],[2612,1],[2656,4],[2665,2],[3338,1],[3419,1],[3448,2],[3451,2],[3484,1],[3496,2],[3523,2],[3556,5],[3566,1]]},"139":{"position":[[589,2]]},"141":{"position":[[154,1],[349,1],[488,2],[570,1],[757,2],[858,1],[1069,2],[1282,2]]},"145":{"position":[[227,1],[262,1],[298,1],[334,1],[369,1],[391,1],[414,1],[431,1],[449,1]]},"147":{"position":[[114,3],[750,1],[951,1],[953,1],[1165,2],[1264,1],[1299,1],[1335,1],[1357,1],[1380,1],[1397,1],[1420,1],[1438,1]]}}}],["0",{"_index":1240,"t":{"113":{"position":[[1110,1],[1700,4]]},"121":{"position":[[1304,2],[1776,1],[5793,1],[5806,1],[11048,1]]}}}],["0.0.0.0:4180",{"_index":1106,"t":{"95":{"position":[[4772,14]]}}}],["0.001",{"_index":1523,"t":{"131":{"position":[[916,5]]}}}],["00010203",{"_index":1499,"t":{"129":{"position":[[1121,8]]},"131":{"position":[[984,8]]}}}],["0400",{"_index":1484,"t":{"129":{"position":[[256,5],[1301,4]]},"131":{"position":[[137,5],[1323,4]]},"133":{"position":[[267,5],[593,4]]}}}],["0405",{"_index":1500,"t":{"129":{"position":[[1130,4]]},"131":{"position":[[993,4]]}}}],["0a0b0c0d0e0f",{"_index":1503,"t":{"129":{"position":[[1145,12]]},"131":{"position":[[1008,12]]}}}],["1",{"_index":626,"t":{"59":{"position":[[2225,1]]},"73":{"position":[[2828,1]]},"121":{"position":[[1821,3],[15804,4]]},"141":{"position":[[423,2]]},"147":{"position":[[1116,2]]}}}],["1.3",{"_index":544,"t":{"55":{"position":[[474,3]]}}}],["1.5h",{"_index":295,"t":{"23":{"position":[[236,5]]}}}],["100",{"_index":1390,"t":{"121":{"position":[[5889,3]]}}}],["12",{"_index":1526,"t":{"131":{"position":[[1200,2]]}}}],["12.x",{"_index":996,"t":{"89":{"position":[[58,5],[128,4]]}}}],["123456.apps.googleusercontent.com",{"_index":1325,"t":{"121":{"position":[[724,35]]}}}],["127.0.0.1:4180",{"_index":1375,"t":{"121":{"position":[[5212,16]]},"133":{"position":[[732,14]]},"147":{"position":[[150,14]]}}}],["128",{"_index":1227,"t":{"113":{"position":[[383,3],[434,3]]}}}],["15",{"_index":1278,"t":{"113":{"position":[[3491,2],[3522,2]]},"121":{"position":[[10926,2],[10957,2]]}}}],["15m",{"_index":1345,"t":{"121":{"position":[[2261,3]]}}}],["168h0m0",{"_index":1243,"t":{"113":{"position":[[1175,8]]},"121":{"position":[[1385,8]]}}}],["19.0.0",{"_index":950,"t":{"87":{"position":[[636,7]]}}}],["19/mar/2015:17:20:19",{"_index":1483,"t":{"129":{"position":[[233,21],[1279,20]]},"131":{"position":[[114,21],[1301,20]]},"133":{"position":[[244,21],[571,20]]}}}],["1916",{"_index":972,"t":{"87":{"position":[[3370,5]]}}}],["192",{"_index":1310,"t":{"117":{"position":[[644,3]]}}}],["1h",{"_index":773,"t":{"73":{"position":[[923,4]]}}}],["1m",{"_index":1255,"t":{"113":{"position":[[2097,4],[2532,2]]}}}],["1s",{"_index":1360,"t":{"121":{"position":[[3239,4]]}}}],["2",{"_index":785,"t":{"73":{"position":[[1547,1]]},"75":{"position":[[1134,1]]},"95":{"position":[[3458,2]]},"121":{"position":[[15275,3],[15880,4]]},"141":{"position":[[717,2]]}}}],["2.0",{"_index":1023,"t":{"91":{"position":[[213,3]]},"95":{"position":[[35,3]]}}}],["20",{"_index":1365,"t":{"121":{"position":[[4403,2]]}}}],["200",{"_index":619,"t":{"59":{"position":[[1941,3]]},"131":{"position":[[1249,3]]},"149":{"position":[[223,3],[336,3],[417,3]]}}}],["202",{"_index":1532,"t":{"135":{"position":[[131,3]]},"139":{"position":[[162,3]]},"149":{"position":[[1098,3]]},"153":{"position":[[22,3]]}}}],["2048",{"_index":1123,"t":{"97":{"position":[[1052,4]]}}}],["21.0.0",{"_index":952,"t":{"87":{"position":[[773,7]]}}}],["24",{"_index":1308,"t":{"117":{"position":[[630,2]]}}}],["2>/dev/nul",{"_index":1294,"t":{"117":{"position":[[227,11]]}}}],["2f",{"_index":641,"t":{"61":{"position":[[212,7]]}}}],["2h45m",{"_index":296,"t":{"23":{"position":[[245,8]]}}}],["3",{"_index":843,"t":{"75":{"position":[[1492,2],[1800,2]]},"77":{"position":[[385,2],[421,2]]},"85":{"position":[[1247,4]]}}}],["3/4",{"_index":1448,"t":{"121":{"position":[[15577,3]]}}}],["30",{"_index":637,"t":{"59":{"position":[[2598,2]]},"121":{"position":[[14763,3]]},"147":{"position":[[1138,3],[1161,3]]}}}],["300m",{"_index":294,"t":{"23":{"position":[[225,8]]}}}],["315360000",{"_index":1602,"t":{"139":{"position":[[965,9]]},"141":{"position":[[1723,9]]}}}],["32",{"_index":1300,"t":{"117":{"position":[[309,2],[578,2],[708,2]]}}}],["3650",{"_index":1135,"t":{"97":{"position":[[1175,4]]}}}],["401",{"_index":34,"t":{"2":{"position":[[403,3]]},"121":{"position":[[112,3]]},"135":{"position":[[158,3],[965,3]]},"139":{"position":[[189,3],[1254,4]]},"141":{"position":[[898,3]]},"149":{"position":[[1125,3]]},"153":{"position":[[49,3]]}}}],["403",{"_index":1612,"t":{"139":{"position":[[1259,4]]}}}],["4180",{"_index":1643,"t":{"147":{"position":[[465,5]]}}}],["443",{"_index":1378,"t":{"121":{"position":[[5378,6],[16159,3]]},"135":{"position":[[251,3]]},"147":{"position":[[395,3],[759,3]]}}}],["4607",{"_index":1501,"t":{"129":{"position":[[1135,4]]},"131":{"position":[[998,4]]}}}],["4kb",{"_index":1552,"t":{"135":{"position":[[1733,3],[1938,4]]}}}],["5",{"_index":802,"t":{"73":{"position":[[2527,1]]},"75":{"position":[[1528,2],[1836,2]]}}}],["59",{"_index":1256,"t":{"113":{"position":[[2138,6]]}}}],["7",{"_index":1388,"t":{"121":{"position":[[5722,1]]}}}],["74.125.224.72",{"_index":1495,"t":{"129":{"position":[[840,13]]},"131":{"position":[[695,13]]}}}],["80",{"_index":1456,"t":{"121":{"position":[[16145,3]]}}}],["8809",{"_index":1502,"t":{"129":{"position":[[1140,4]]},"131":{"position":[[1003,4]]}}}],["994",{"_index":997,"t":{"89":{"position":[[138,5]]}}}],["_",{"_index":1297,"t":{"117":{"position":[[279,3],[327,2],[732,3]]},"119":{"position":[[104,4]]},"125":{"position":[[168,4]]}}}],["__host",{"_index":1334,"t":{"121":{"position":[[1562,7]]}}}],["__secur",{"_index":1335,"t":{"121":{"position":[[1574,8]]}}}],["_oauth2_proxi",{"_index":1225,"t":{"113":{"position":[[338,14]]},"121":{"position":[[1612,15]]}}}],["_oauth2_proxy_1",{"_index":1584,"t":{"135":{"position":[[3951,18]]}}}],["aad",{"_index":832,"t":{"75":{"position":[[880,3]]}}}],["abov",{"_index":933,"t":{"85":{"position":[[1233,5]]},"129":{"position":[[1542,5]]},"133":{"position":[[45,5]]}}}],["absent",{"_index":1366,"t":{"121":{"position":[[4409,6]]}}}],["accept",{"_index":31,"t":{"2":{"position":[[363,7]]},"55":{"position":[[139,11]]},"121":{"position":[[11440,8],[14435,11]]},"135":{"position":[[135,8]]},"139":{"position":[[166,8]]},"145":{"position":[[566,10]]},"149":{"position":[[1102,8]]},"153":{"position":[[26,8]]}}}],["acceptable.e.g",{"_index":541,"t":{"55":{"position":[[420,15]]}}}],["access",{"_index":133,"t":{"10":{"position":[[349,6]]},"15":{"position":[[101,6]]},"19":{"position":[[171,6]]},"25":{"position":[[346,6]]},"37":{"position":[[259,6]]},"45":{"position":[[2139,6],[2286,6]]},"73":{"position":[[2285,7]]},"81":{"position":[[296,7],[924,6],[999,6],[1036,6],[1186,6],[1217,6],[1306,6]]},"85":{"position":[[138,6],[1173,6]]},"87":{"position":[[857,6],[2260,6],[2320,6],[2630,6],[3022,6],[3350,6],[3600,6],[7059,6]]},"95":{"position":[[2344,6],[2403,7],[2977,6]]},"97":{"position":[[305,7],[2650,6],[3170,10]]},"103":{"position":[[528,6],[638,6],[673,6]]},"113":{"position":[[1477,6],[1670,6],[1709,6],[1871,6],[2066,6],[2445,6],[2508,6]]},"121":{"position":[[3903,6],[4328,6],[4375,6],[7175,6],[7245,6],[7329,6],[8131,6],[9127,6],[11997,6],[12026,6],[15034,6]]},"135":{"position":[[1306,6],[1447,6]]},"141":{"position":[[2016,6],[2192,6]]},"151":{"position":[[214,9]]}}}],["access_by_lua_block",{"_index":1577,"t":{"135":{"position":[[3399,19]]}}}],["access_token",{"_index":1395,"t":{"121":{"position":[[7204,12]]}}}],["accesstokenacceptedvers",{"_index":838,"t":{"75":{"position":[[1104,29]]}}}],["accompani",{"_index":885,"t":{"81":{"position":[[382,11]]}}}],["account",{"_index":320,"t":{"29":{"position":[[271,7]]},"73":{"position":[[981,7],[1095,7],[1828,7],[2927,7]]},"75":{"position":[[177,7]]},"87":{"position":[[3854,7]]},"95":{"position":[[1641,8],[3747,8]]},"97":{"position":[[260,8],[737,7]]},"103":{"position":[[204,7],[487,7]]},"121":{"position":[[4608,7],[4652,7],[4782,7]]}}}],["acr",{"_index":169,"t":{"10":{"position":[[1037,3]]},"121":{"position":[[34,3]]}}}],["activ",{"_index":811,"t":{"75":{"position":[[65,6],[1349,6]]},"87":{"position":[[4302,10],[5101,9]]}}}],["actual",{"_index":830,"t":{"75":{"position":[[851,8]]},"101":{"position":[[221,6]]},"103":{"position":[[124,6]]},"135":{"position":[[3721,6]]},"151":{"position":[[1057,6]]}}}],["ad",{"_index":45,"t":{"2":{"position":[[637,5]]},"8":{"position":[[7,6]]},"13":{"position":[[66,6]]},"31":{"position":[[79,5]]},"45":{"position":[[2230,2]]},"71":{"position":[[300,2]]},"87":{"position":[[1810,5],[6789,5]]},"93":{"position":[[4,6],[49,2]]},"121":{"position":[[11327,2],[12042,5]]},"123":{"position":[[750,6]]},"151":{"position":[[939,5]]}}}],["adc",{"_index":786,"t":{"73":{"position":[[1615,5],[1884,3]]}}}],["add",{"_index":81,"t":{"4":{"position":[[432,3]]},"67":{"position":[[148,3]]},"75":{"position":[[0,3],[430,3],[532,3],[662,3],[1222,3],[1284,4]]},"77":{"position":[[64,3]]},"87":{"position":[[3322,3],[3343,3],[3487,3],[6263,3],[6497,3]]},"89":{"position":[[223,3],[431,3],[1312,3]]},"93":{"position":[[74,3]]},"95":{"position":[[605,3],[1296,4],[1989,3],[2336,3],[2567,3]]},"103":{"position":[[0,3]]},"107":{"position":[[80,3]]},"117":{"position":[[332,3]]},"121":{"position":[[7305,4],[16237,3]]}}}],["add_head",{"_index":1550,"t":{"135":{"position":[[1608,10],[2496,10],[2539,10]]},"147":{"position":[[888,10]]}}}],["addedto",{"_index":215,"t":{"15":{"position":[[667,7],[902,7]]}}}],["addit",{"_index":463,"t":{"43":{"position":[[1553,10],[1614,8]]},"81":{"position":[[206,10],[775,8]]},"87":{"position":[[3089,10],[3168,8]]},"95":{"position":[[2066,10]]},"103":{"position":[[559,10]]},"121":{"position":[[7103,10]]},"135":{"position":[[1968,10]]}}}],["addition",{"_index":1236,"t":{"113":{"position":[[851,12]]},"121":{"position":[[4847,12]]}}}],["address",{"_index":386,"t":{"41":{"position":[[496,9]]},"43":{"position":[[230,7]]},"53":{"position":[[146,7],[268,7]]},"73":{"position":[[2343,7]]},"87":{"position":[[3663,7]]},"105":{"position":[[95,9],[199,9]]},"121":{"position":[[5056,7],[5180,8],[5237,7],[5346,8],[6354,7],[7669,7],[8856,7],[8875,7],[15588,8],[15681,7]]},"129":{"position":[[81,7],[875,8]]},"131":{"position":[[730,8]]},"139":{"position":[[1150,8]]},"141":{"position":[[1917,8],[2082,8]]},"149":{"position":[[568,7],[599,8]]}}}],["address=\"0.0.0.0:4180",{"_index":1641,"t":{"147":{"position":[[312,22]]}}}],["address=\"http://:4180",{"_index":1642,"t":{"147":{"position":[[345,23]]}}}],["adf",{"_index":478,"t":{"45":{"position":[[739,4],[2237,4]]},"47":{"position":[[128,5]]},"71":{"position":[[232,4]]},"77":{"position":[[9,4],[445,4]]}}}],["adfsconfig",{"_index":476,"t":{"45":{"position":[[676,10],[699,10]]}}}],["adfsopt",{"_index":477,"t":{"45":{"position":[[687,11]]}}}],["admin",{"_index":314,"t":{"29":{"position":[[164,5]]},"73":{"position":[[1337,5],[2275,5],[2395,5],[2481,5]]},"75":{"position":[[696,5],[729,5],[801,8],[940,5]]},"85":{"position":[[1482,5],[1548,7]]},"87":{"position":[[604,5],[652,5],[700,5],[797,5],[1276,5]]},"99":{"position":[[574,6],[612,6]]},"121":{"position":[[4425,5],[4455,5]]}}}],["admin2",{"_index":959,"t":{"87":{"position":[[1400,6]]}}}],["adminemail",{"_index":313,"t":{"29":{"position":[[121,10],[139,10]]}}}],["administr",{"_index":798,"t":{"73":{"position":[[2322,14]]},"77":{"position":[[14,14]]},"95":{"position":[[1626,14]]}}}],["advis",{"_index":1259,"t":{"113":{"position":[[2377,7]]}}}],["advisori",{"_index":675,"t":{"67":{"position":[[23,10],[182,8],[411,9]]}}}],["ae",{"_index":1309,"t":{"117":{"position":[[640,3]]}}}],["affect",{"_index":672,"t":{"65":{"position":[[688,8]]}}}],["afterward",{"_index":1668,"t":{"151":{"position":[[334,10]]}}}],["ag",{"_index":1386,"t":{"121":{"position":[[5667,3]]},"127":{"position":[[237,3],[256,5]]}}}],["again",{"_index":1667,"t":{"151":{"position":[[240,6]]}}}],["against",{"_index":459,"t":{"43":{"position":[[1433,7]]},"69":{"position":[[432,7]]},"73":{"position":[[2731,7],[2994,7]]},"87":{"position":[[1719,7]]},"89":{"position":[[35,7]]},"95":{"position":[[163,7]]},"99":{"position":[[50,7]]},"121":{"position":[[455,7],[4873,7]]}}}],["age=2592000",{"_index":1652,"t":{"147":{"position":[[929,12]]}}}],["agenc",{"_index":1108,"t":{"97":{"position":[[80,7],[718,6]]}}}],["agent",{"_index":1402,"t":{"121":{"position":[[8663,5],[8683,5],[8751,6]]},"127":{"position":[[753,6]]},"129":{"position":[[1372,5]]},"131":{"position":[[1444,5]]},"149":{"position":[[263,6]]}}}],["agre",{"_index":684,"t":{"67":{"position":[[441,6]]}}}],["agreement",{"_index":1020,"t":{"91":{"position":[[124,9]]}}}],["ajax",{"_index":28,"t":{"2":{"position":[[335,4]]}}}],["algorithm:secretkey",{"_index":1422,"t":{"121":{"position":[[12514,21]]}}}],["alia",{"_index":281,"t":{"23":{"position":[[8,7]]},"47":{"position":[[8,7]]},"49":{"position":[[12,7]]}}}],["allow",{"_index":14,"t":{"2":{"position":[[143,8]]},"10":{"position":[[1087,7],[1116,7]]},"15":{"position":[[85,6]]},"21":{"position":[[38,6]]},"25":{"position":[[392,6]]},"39":{"position":[[295,7],[459,7],[609,7]]},"41":{"position":[[599,6],[724,7],[1291,5],[1327,5],[1477,5]]},"43":{"position":[[868,6],[1389,6]]},"59":{"position":[[788,6],[1613,5]]},"61":{"position":[[188,8]]},"81":{"position":[[473,7],[1180,5],[1473,5],[1628,5]]},"85":{"position":[[1090,7]]},"87":{"position":[[322,7],[388,7],[468,7],[3974,7],[3992,7],[4285,8],[4751,7],[4836,7],[5093,7],[5135,8],[5449,7],[6037,7],[6555,7],[6589,5]]},"95":{"position":[[2784,7],[4106,8]]},"97":{"position":[[2350,5]]},"99":{"position":[[23,6]]},"103":{"position":[[456,6]]},"107":{"position":[[117,5]]},"109":{"position":[[9,5]]},"121":{"position":[[3960,5],[6303,5],[6445,5],[7134,7],[11453,6],[14769,7],[14870,7],[15135,7],[15223,5],[15336,5],[15967,5],[16069,8],[16097,8],[16209,5],[16292,5]]},"135":{"position":[[33,6]]},"139":{"position":[[38,6]]},"153":{"position":[[192,7],[254,7],[316,7]]}}}],["allowed.e.g",{"_index":548,"t":{"55":{"position":[[553,13]]}}}],["allowed_email",{"_index":1682,"t":{"153":{"position":[[276,15]]}}}],["allowed_email_domain",{"_index":1681,"t":{"153":{"position":[[207,22]]}}}],["allowed_group",{"_index":1680,"t":{"153":{"position":[[152,15]]}}}],["allowedgroup",{"_index":512,"t":{"45":{"position":[[2371,13],[2394,13]]}}}],["allowedto",{"_index":465,"t":{"43":{"position":[[1583,9]]}}}],["alpha",{"_index":57,"t":{"4":{"position":[[44,5],[297,5],[353,5],[665,5]]},"6":{"position":[[15,5],[153,5],[194,5]]},"8":{"position":[[24,5],[92,5],[189,5],[510,5]]},"10":{"position":[[106,5],[1408,5],[1524,5]]},"15":{"position":[[22,5],[108,5],[267,6]]}}}],["alphaopt",{"_index":92,"t":{"4":{"position":[[607,12]]},"15":{"position":[[0,12]]},"31":{"position":[[13,13]]},"49":{"position":[[33,13]]},"53":{"position":[[13,13]]},"61":{"position":[[13,13]]}}}],["alreadi",{"_index":1248,"t":{"113":{"position":[[1579,7],[1758,7]]}}}],["altern",{"_index":406,"t":{"41":{"position":[[927,13]]},"101":{"position":[[496,14]]},"151":{"position":[[523,14]]}}}],["alway",{"_index":369,"t":{"39":{"position":[[532,6]]},"145":{"position":[[745,6]]}}}],["amazon",{"_index":1637,"t":{"147":{"position":[[61,6],[255,6]]}}}],["amd64",{"_index":714,"t":{"69":{"position":[[262,7],[581,6]]}}}],["amount",{"_index":1440,"t":{"121":{"position":[[14694,6]]}}}],["anchor",{"_index":566,"t":{"57":{"position":[[625,6]]}}}],["and/or",{"_index":397,"t":{"41":{"position":[[732,6]]}}}],["announc",{"_index":951,"t":{"87":{"position":[[723,9]]}}}],["anoth",{"_index":227,"t":{"15":{"position":[[1037,7]]},"71":{"position":[[82,7]]},"73":{"position":[[176,7]]}}}],["anyth",{"_index":370,"t":{"39":{"position":[[551,8]]}}}],["apach",{"_index":1478,"t":{"127":{"position":[[668,6]]}}}],["api",{"_index":316,"t":{"29":{"position":[[189,3]]},"73":{"position":[[250,5],[1300,5],[1322,5],[1363,4],[2281,3]]},"75":{"position":[[490,3]]},"89":{"position":[[78,3]]},"91":{"position":[[368,3]]},"95":{"position":[[1979,3]]},"121":{"position":[[76,3],[4480,3]]}}}],["api/v1/user/email",{"_index":911,"t":{"83":{"position":[[635,21]]}}}],["app",{"_index":813,"t":{"75":{"position":[[90,3],[294,3],[465,3],[518,4],[1143,3],[1217,4]]},"79":{"position":[[16,3]]},"95":{"position":[[2215,5],[2701,4],[3925,3]]},"97":{"position":[[1334,3]]},"149":{"position":[[923,3]]}}}],["appear",{"_index":193,"t":{"13":{"position":[[0,8]]},"17":{"position":[[0,8]]},"19":{"position":[[0,8]]},"21":{"position":[[0,8]]},"23":{"position":[[16,8]]},"25":{"position":[[0,8]]},"27":{"position":[[0,8]]},"29":{"position":[[0,8]]},"31":{"position":[[0,8]]},"33":{"position":[[0,8]]},"35":{"position":[[0,8]]},"37":{"position":[[0,8]]},"39":{"position":[[0,8]]},"43":{"position":[[0,8]]},"45":{"position":[[0,8]]},"47":{"position":[[16,8]]},"49":{"position":[[20,8]]},"51":{"position":[[0,8]]},"53":{"position":[[0,8]]},"55":{"position":[[0,8]]},"57":{"position":[[0,8]]},"59":{"position":[[0,8]]},"61":{"position":[[0,8]]}}}],["append",{"_index":854,"t":{"75":{"position":[[2101,6]]},"135":{"position":[[2149,6]]}}}],["appli",{"_index":338,"t":{"31":{"position":[[428,7]]}}}],["applic",{"_index":326,"t":{"29":{"position":[[395,11]]},"69":{"position":[[631,11]]},"71":{"position":[[35,11]]},"73":{"position":[[538,12],[551,11],[1150,11],[1583,11],[1716,11]]},"75":{"position":[[7,12],[586,11]]},"77":{"position":[[74,11],[142,11],[174,12],[282,11]]},"83":{"position":[[13,12]]},"89":{"position":[[230,12],[343,11],[468,12],[724,11]]},"93":{"position":[[14,11],[81,12],[124,10]]},"95":{"position":[[1817,13],[1890,12],[2169,11],[2255,11],[2391,11],[2542,12],[2571,12],[2668,11],[2989,12],[3549,11],[3806,12],[3876,11]]},"97":{"position":[[467,11],[559,11],[779,11],[3018,11],[3109,11]]},"101":{"position":[[19,11],[108,12]]},"121":{"position":[[4690,11],[4731,11],[9892,10]]},"147":{"position":[[532,12]]},"151":{"position":[[228,11]]}}}],["application.y",{"_index":233,"t":{"15":{"position":[[1268,15]]}}}],["application/json",{"_index":32,"t":{"2":{"position":[[371,17]]}}}],["approach",{"_index":1632,"t":{"145":{"position":[[495,8]]}}}],["appropri",{"_index":760,"t":{"73":{"position":[[598,11]]},"81":{"position":[[1750,11]]},"85":{"position":[[421,11]]},"87":{"position":[[2153,11]]},"89":{"position":[[1107,11]]},"113":{"position":[[3001,14],[3204,14]]}}}],["approv",{"_index":167,"t":{"10":{"position":[[1005,8]]},"75":{"position":[[946,11]]},"121":{"position":[[208,8],[8188,8]]}}}],["approval_prompt",{"_index":1323,"t":{"121":{"position":[[237,15]]}}}],["apps/oauth2",{"_index":1181,"t":{"99":{"position":[[351,15]]}}}],["aren't",{"_index":1415,"t":{"121":{"position":[[11661,6]]}}}],["arg",{"_index":1048,"t":{"95":{"position":[[949,5]]}}}],["argument",{"_index":1178,"t":{"99":{"position":[[218,9]]},"119":{"position":[[19,8],[116,8]]},"125":{"position":[[19,8],[180,8]]}}}],["arm64",{"_index":718,"t":{"69":{"position":[[297,5]]}}}],["armv6",{"_index":716,"t":{"69":{"position":[[279,6]]}}}],["armv7",{"_index":717,"t":{"69":{"position":[[286,6]]}}}],["around",{"_index":394,"t":{"41":{"position":[[688,6]]}}}],["ask",{"_index":23,"t":{"2":{"position":[[256,5]]}}}],["assembl",{"_index":1302,"t":{"117":{"position":[[347,8]]}}}],["assemblynam",{"_index":1304,"t":{"117":{"position":[[390,12]]}}}],["assign",{"_index":800,"t":{"73":{"position":[[2374,6]]},"87":{"position":[[2720,8],[4184,8],[4573,6],[4634,6],[4690,7],[5115,6],[5174,8]]},"95":{"position":[[2926,11],[4073,12]]}}}],["associ",{"_index":983,"t":{"87":{"position":[[5277,10]]}}}],["assum",{"_index":1119,"t":{"97":{"position":[[526,6]]}}}],["attach",{"_index":790,"t":{"73":{"position":[[1836,8]]},"87":{"position":[[6187,6],[6661,9]]}}}],["attacksbetweem",{"_index":611,"t":{"59":{"position":[[1647,14]]}}}],["attempt",{"_index":189,"t":{"10":{"position":[[1338,10]]},"121":{"position":[[300,8]]},"129":{"position":[[99,10],[1062,8]]}}}],["attent",{"_index":661,"t":{"65":{"position":[[294,9]]}}}],["attribut",{"_index":1141,"t":{"97":{"position":[[1446,9]]},"121":{"position":[[2018,9]]},"135":{"position":[[2101,10]]}}}],["aud",{"_index":461,"t":{"43":{"position":[[1465,3]]},"87":{"position":[[1597,3],[1629,3],[2876,4],[3235,5]]},"121":{"position":[[2912,3],[7061,5],[13295,3]]}}}],["audienc",{"_index":464,"t":{"43":{"position":[[1564,9]]},"87":{"position":[[1169,10],[1200,8],[1229,8],[1545,8],[1776,9],[2533,8],[2862,8],[2924,8],[3100,8],[3150,8],[3201,9]]},"95":{"position":[[2225,9]]},"121":{"position":[[7000,8],[7052,8],[7080,8],[7114,9]]}}}],["audienceclaim",{"_index":458,"t":{"43":{"position":[[1351,14],[1375,13]]}}}],["auth",{"_index":6,"t":{"2":{"position":[[65,4]]},"10":{"position":[[630,4],[669,4]]},"21":{"position":[[412,4],[470,4]]},"33":{"position":[[633,4],[691,4]]},"73":{"position":[[1019,4],[1308,6]]},"75":{"position":[[1057,4],[1328,4],[1626,4],[1964,4],[2303,4]]},"77":{"position":[[450,4]]},"81":{"position":[[179,4]]},"85":{"position":[[65,4]]},"89":{"position":[[5,4]]},"121":{"position":[[263,4],[316,4],[598,4],[667,4],[7316,4],[7485,4],[7511,5],[7847,4],[11820,4],[11841,4],[11864,4],[11889,4],[12013,4],[12202,4],[12227,4],[12631,4],[12710,4],[12758,4],[12859,4],[13049,4]]},"127":{"position":[[519,4]]},"129":{"position":[[606,4],[790,4],[1057,4],[1473,4],[1524,4]]},"131":{"position":[[1545,4]]},"135":{"position":[[94,5],[477,4],[578,4]]},"139":{"position":[[437,4],[631,4],[912,4],[1131,5]]},"141":{"position":[[556,4],[841,4],[1111,4],[1317,4],[1670,4],[1889,4],[2003,4],[2051,4],[2179,4]]},"151":{"position":[[572,4],[633,4]]}}}],["auth/pass_basic_auth",{"_index":132,"t":{"10":{"position":[[323,20]]}}}],["auth/set_basic_auth",{"_index":138,"t":{"10":{"position":[[478,19]]}}}],["auth_cooki",{"_index":1548,"t":{"135":{"position":[[1568,12],[1630,13],[2252,13],[2305,13]]}}}],["auth_cookie_name_0",{"_index":1558,"t":{"135":{"position":[[2285,19],[2518,20]]}}}],["auth_cookie_name_1",{"_index":1559,"t":{"135":{"position":[[2323,19],[2561,20]]}}}],["auth_cookie_name_1=$auth_cookie_name_upstream_1$1",{"_index":1560,"t":{"135":{"position":[[2343,52]]}}}],["auth_cookie_name_upstream_1",{"_index":1555,"t":{"135":{"position":[[2014,28],[2463,30]]}}}],["auth_request",{"_index":1416,"t":{"121":{"position":[[11955,12],[12165,12],[12273,12]]},"135":{"position":[[10,12],[804,12],[927,12],[1538,12],[1871,12]]},"149":{"position":[[1175,12]]}}}],["auth_request_set",{"_index":1544,"t":{"135":{"position":[[1098,16],[1157,16],[1360,16],[1551,16],[1997,16],[2857,16],[3340,16]]}}}],["authent",{"_index":19,"t":{"2":{"position":[[200,14],[294,14],[458,14],[657,14]]},"15":{"position":[[444,14],[746,13],[1134,13]]},"45":{"position":[[1871,14]]},"59":{"position":[[1833,15]]},"73":{"position":[[3036,14]]},"81":{"position":[[234,14]]},"87":{"position":[[2188,14],[2208,14]]},"97":{"position":[[2935,13]]},"99":{"position":[[37,12]]},"103":{"position":[[498,13]]},"105":{"position":[[111,13]]},"109":{"position":[[24,14]]},"111":{"position":[[802,12]]},"121":{"position":[[142,14],[285,14],[356,14],[409,13],[442,12],[2581,12],[2667,12],[4860,12],[6263,14],[7793,15],[12661,14],[12777,14],[12891,14],[13100,14],[15173,15],[15352,14]]},"123":{"position":[[291,13]]},"127":{"position":[[419,15]]},"129":{"position":[[0,14],[113,13],[365,13],[440,12],[514,14],[1013,13]]},"135":{"position":[[49,12]]},"139":{"position":[[56,12]]},"141":{"position":[[273,13]]},"147":{"position":[[494,12]]},"149":{"position":[[109,14]]},"151":{"position":[[154,14],[294,14]]}}}],["authenticationprovid",{"_index":225,"t":{"15":{"position":[[994,22]]}}}],["autherror",{"_index":1491,"t":{"129":{"position":[[464,9]]}}}],["authfailur",{"_index":1489,"t":{"129":{"position":[[406,11]]}}}],["author",{"_index":136,"t":{"10":{"position":[[421,13],[536,13]]},"73":{"position":[[610,10],[692,10],[998,11]]},"81":{"position":[[67,13]]},"85":{"position":[[1031,14]]},"87":{"position":[[3725,13],[3765,13],[3811,13],[4728,10],[5379,13],[5631,9]]},"93":{"position":[[211,13]]},"95":{"position":[[1757,13],[1860,13],[1993,13],[2098,13],[2508,13],[2807,13],[3414,13],[4115,13],[4256,13]]},"97":{"position":[[3369,14]]},"105":{"position":[[3,9],[68,9],[179,9]]},"113":{"position":[[1292,13]]},"121":{"position":[[7378,13],[7438,13],[12081,13],[12111,13],[13125,13]]},"135":{"position":[[1667,13]]},"141":{"position":[[2031,13],[2207,13]]}}}],["authorizationnginx.ingress.kubernetes.io/auth",{"_index":1571,"t":{"135":{"position":[[3120,45]]}}}],["authresponsehead",{"_index":1625,"t":{"141":{"position":[[1978,20],[2154,20]]}}}],["authsuccess",{"_index":1487,"t":{"129":{"position":[[339,11],[1494,11]]}}}],["auto",{"_index":1620,"t":{"141":{"position":[[776,4]]}}}],["automat",{"_index":789,"t":{"73":{"position":[[1798,13]]},"151":{"position":[[186,13]]}}}],["automaticallyanchor",{"_index":561,"t":{"57":{"position":[[510,21]]}}}],["avail",{"_index":105,"t":{"6":{"position":[[240,10]]},"10":{"position":[[85,9]]},"15":{"position":[[136,9]]},"35":{"position":[[195,9]]},"69":{"position":[[308,10]]},"95":{"position":[[2037,9]]},"97":{"position":[[334,9]]},"109":{"position":[[198,9],[249,9]]},"113":{"position":[[1822,10],[2024,10],[3033,9]]},"123":{"position":[[737,9],[871,9],[950,9]]},"129":{"position":[[766,9]]},"131":{"position":[[618,9]]},"133":{"position":[[490,9]]}}}],["azur",{"_index":183,"t":{"10":{"position":[[1284,6]]},"45":{"position":[[660,5],[2223,6]]},"47":{"position":[[134,6]]},"71":{"position":[[226,5],[294,5]]},"75":{"position":[[59,5],[1051,5],[1322,5],[1342,6],[1533,5],[1620,5],[1841,5],[1958,5],[2297,5]]},"93":{"position":[[43,5]]},"121":{"position":[[496,5],[6523,5],[11320,6]]},"135":{"position":[[3676,7]]}}}],["azureconfig",{"_index":474,"t":{"45":{"position":[[594,11],[619,11]]}}}],["azureopt",{"_index":475,"t":{"45":{"position":[[606,12]]}}}],["b",{"_index":703,"t":{"69":{"position":[[78,2]]},"121":{"position":[[4937,1]]},"141":{"position":[[463,2],[1044,2],[1517,1]]}}}],["back",{"_index":1221,"t":{"113":{"position":[[100,4],[172,4]]}}}],["backend",{"_index":1207,"t":{"109":{"position":[[224,9],[259,8]]},"111":{"position":[[19,7],[42,7],[141,8],[366,7]]},"113":{"position":[[18,7],[2196,7],[2233,7],[2298,7],[2345,9],[3053,7]]},"121":{"position":[[11758,8]]},"135":{"position":[[1041,8],[1352,7]]},"139":{"position":[[393,7],[659,7],[769,8],[837,8],[1279,7]]},"141":{"position":[[527,7],[812,7],[1139,7],[1345,7],[1455,8],[1527,8],[1595,8]]}}}],["backport",{"_index":694,"t":{"67":{"position":[[632,8]]}}}],["backslash",{"_index":405,"t":{"41":{"position":[[872,9]]}}}],["backup",{"_index":1383,"t":{"121":{"position":[[5603,6],[5738,7]]},"127":{"position":[[266,6],[293,9],[310,6]]}}}],["balanc",{"_index":1639,"t":{"147":{"position":[[100,10],[241,8],[290,10]]}}}],["banner",{"_index":1362,"t":{"121":{"position":[[3384,6],[3412,6],[3454,7]]}}}],["bar",{"_index":580,"t":{"59":{"position":[[603,8],[641,5]]}}}],["base",{"_index":87,"t":{"4":{"position":[[505,5]]},"6":{"position":[[57,5]]},"15":{"position":[[523,5]]},"59":{"position":[[1386,7]]},"85":{"position":[[1025,5]]},"95":{"position":[[3391,5],[3929,4]]},"121":{"position":[[14640,5]]},"123":{"position":[[1243,5]]}}}],["base/dir",{"_index":605,"t":{"59":{"position":[[1467,12]]}}}],["base64",{"_index":346,"t":{"33":{"position":[[168,6]]},"51":{"position":[[213,6]]},"117":{"position":[[241,6],[302,6],[586,6]]},"121":{"position":[[1895,6]]}}}],["base64url",{"_index":1229,"t":{"113":{"position":[[457,9]]}}}],["bash",{"_index":1285,"t":{"117":{"position":[[73,4]]}}}],["basic",{"_index":131,"t":{"10":{"position":[[317,5],[472,5],[624,5]]},"21":{"position":[[406,5],[464,5]]},"33":{"position":[[627,5],[685,5]]},"121":{"position":[[592,5],[661,5],[7479,5],[7505,5],[7841,5],[8623,5],[8710,5],[12196,5],[12221,5]]}}}],["basicauthpassword",{"_index":274,"t":{"21":{"position":[[330,17],[361,17]]},"33":{"position":[[551,17],[582,17]]}}}],["baz",{"_index":581,"t":{"59":{"position":[[648,12],[690,4],[957,11]]}}}],["baz/abc/123",{"_index":591,"t":{"59":{"position":[[1021,12]]}}}],["bcrypt",{"_index":1367,"t":{"121":{"position":[[4943,6]]}}}],["bearer",{"_index":18,"t":{"2":{"position":[[181,6]]},"121":{"position":[[2834,6],[7452,6],[12125,6],[13199,6],[13260,6]]}}}],["becom",{"_index":277,"t":{"21":{"position":[[453,6]]},"33":{"position":[[674,6]]},"121":{"position":[[1314,7]]},"125":{"position":[[417,7],[481,7]]}}}],["befor",{"_index":76,"t":{"4":{"position":[[282,6]]},"8":{"position":[[0,6]]},"10":{"position":[[1488,6]]},"59":{"position":[[829,6],[1050,6]]},"121":{"position":[[5873,6]]}}}],["beforward",{"_index":417,"t":{"41":{"position":[[1494,11]]}}}],["behind",{"_index":735,"t":{"69":{"position":[[772,6]]},"121":{"position":[[11372,6]]}}}],["believ",{"_index":653,"t":{"65":{"position":[[12,7]]}}}],["beload",{"_index":268,"t":{"21":{"position":[[204,8]]},"33":{"position":[[425,8]]}}}],["belong",{"_index":310,"t":{"25":{"position":[[454,6]]},"81":{"position":[[510,6],[1535,6]]},"121":{"position":[[4013,6]]}}}],["below",{"_index":90,"t":{"4":{"position":[[541,5],[728,6],[863,5]]},"6":{"position":[[104,6],[271,5]]},"95":{"position":[[345,6]]},"117":{"position":[[50,5]]},"121":{"position":[[16334,5]]},"129":{"position":[[167,5],[324,5]]},"131":{"position":[[48,5]]},"133":{"position":[[237,6]]},"147":{"position":[[53,7]]}}}],["beoverridden",{"_index":415,"t":{"41":{"position":[[1384,12]]}}}],["bepass",{"_index":413,"t":{"41":{"position":[[1252,8]]}}}],["best",{"_index":960,"t":{"87":{"position":[[1429,4]]}}}],["between",{"_index":207,"t":{"15":{"position":[[290,7]]},"59":{"position":[[2135,7]]},"109":{"position":[[53,7]]},"121":{"position":[[3180,7]]}}}],["bewar",{"_index":75,"t":{"4":{"position":[[267,6]]},"151":{"position":[[838,6]]}}}],["big",{"_index":1238,"t":{"113":{"position":[[970,4]]}}}],["bin/dex",{"_index":1046,"t":{"95":{"position":[[848,7]]}}}],["binari",{"_index":700,"t":{"69":{"position":[[43,6],[171,6],[366,8]]}}}],["bindaddress",{"_index":240,"t":{"15":{"position":[[1377,11],[1685,11]]},"53":{"position":[[108,11],[127,11]]}}}],["bit",{"_index":1121,"t":{"97":{"position":[[823,4],[1057,3]]},"113":{"position":[[387,3],[438,3]]}}}],["bitbucket",{"_index":184,"t":{"10":{"position":[[1291,10]]},"45":{"position":[[832,9]]},"47":{"position":[[141,10]]},"71":{"position":[[351,9]]},"103":{"position":[[477,9],[594,9],[713,9]]}}}],["bitbucketconfig",{"_index":479,"t":{"45":{"position":[[754,15],[787,15]]}}}],["bitbucketopt",{"_index":480,"t":{"45":{"position":[[770,16]]}}}],["blank",{"_index":528,"t":{"53":{"position":[[186,5],[315,5]]}}}],["block",{"_index":408,"t":{"41":{"position":[[958,6],[1040,5]]},"95":{"position":[[625,5]]},"129":{"position":[[294,5]]}}}],["bodi",{"_index":615,"t":{"59":{"position":[[1825,4]]},"135":{"position":[[842,4]]}}}],["bool",{"_index":198,"t":{"13":{"position":[[56,4]]},"29":{"position":[[329,4]]},"31":{"position":[[281,4]]},"43":{"position":[[166,4],[322,4],[501,4],[849,4]]},"59":{"position":[[1502,4],[1725,4],[2250,4],[2387,4]]},"61":{"position":[[131,4]]},"121":{"position":[[276,4],[1412,4],[1927,4],[2091,4],[2471,4],[2711,4],[3258,4],[3312,4],[4722,4],[5404,4],[5566,4],[6326,4],[6440,4],[6590,4],[7188,4],[7399,4],[7490,4],[7640,4],[7901,4],[7972,4],[9059,4],[9794,4],[10427,4],[10546,4],[11159,4],[11352,4],[11602,4],[11809,4],[12102,4],[12207,4],[12320,4],[12559,4],[12646,4],[13068,4],[13213,4],[13400,4],[13544,4],[13650,4],[13766,4],[13865,4]]}}}],["boolean",{"_index":324,"t":{"29":{"position":[[372,7]]}}}],["both",{"_index":236,"t":{"15":{"position":[[1302,4],[1610,4]]},"57":{"position":[[291,5]]},"87":{"position":[[3013,4]]},"135":{"position":[[2405,4]]}}}],["bracket",{"_index":1372,"t":{"121":{"position":[[5149,8],[5315,8]]}}}],["break",{"_index":62,"t":{"4":{"position":[[89,8]]}}}],["brief",{"_index":987,"t":{"87":{"position":[[5482,5]]}}}],["bring",{"_index":660,"t":{"65":{"position":[[281,5]]}}}],["brows",{"_index":100,"t":{"4":{"position":[[842,6]]}}}],["browser",{"_index":1166,"t":{"97":{"position":[[2922,8]]},"113":{"position":[[868,7],[1358,8]]},"121":{"position":[[1366,7],[16186,8]]}}}],["browserxssfilt",{"_index":1603,"t":{"139":{"position":[[975,17]]},"141":{"position":[[1733,17]]}}}],["bs=32",{"_index":1292,"t":{"117":{"position":[[213,5]]}}}],["buffer",{"_index":623,"t":{"59":{"position":[[2165,6]]},"121":{"position":[[3206,7]]}}}],["build",{"_index":257,"t":{"17":{"position":[[243,8]]},"69":{"position":[[81,5]]},"97":{"position":[[2563,6],[2581,5]]},"145":{"position":[[962,8]]}}}],["built",{"_index":1030,"t":{"95":{"position":[[157,5]]}}}],["bundl",{"_index":1142,"t":{"97":{"position":[[1456,7]]}}}],["button",{"_index":1430,"t":{"121":{"position":[[13537,6]]}}}],["button=tru",{"_index":1150,"t":{"97":{"position":[[1902,11]]}}}],["bypass",{"_index":1426,"t":{"121":{"position":[[12770,6],[12884,6],[13405,6],[15345,6]]}}}],["bysom",{"_index":559,"t":{"57":{"position":[[457,6]]}}}],["byte",{"_index":344,"t":{"33":{"position":[[145,6]]},"51":{"position":[[190,6]]},"117":{"position":[[581,4],[633,6]]},"131":{"position":[[1215,5]]}}}],["c",{"_index":710,"t":{"69":{"position":[[193,2],[541,1]]},"117":{"position":[[115,1]]}}}],["c=us/st=washington/l=dc/o=gsa/ou=18f/cn=localhost",{"_index":1138,"t":{"97":{"position":[[1193,53]]}}}],["ca",{"_index":154,"t":{"10":{"position":[[865,2]]},"45":{"position":[[1707,2]]},"121":{"position":[[8269,2],[8300,2]]}}}],["cafil",{"_index":502,"t":{"45":{"position":[[1660,7],[1677,7]]}}}],["call",{"_index":317,"t":{"29":{"position":[[193,5]]},"73":{"position":[[1923,6],[2468,5]]},"121":{"position":[[4484,5]]}}}],["callback",{"_index":877,"t":{"81":{"position":[[81,8]]},"95":{"position":[[594,10]]},"101":{"position":[[121,8]]},"103":{"position":[[28,9]]},"149":{"position":[[963,8]]}}}],["caller",{"_index":372,"t":{"39":{"position":[[705,6]]}}}],["capitalis",{"_index":1471,"t":{"125":{"position":[[108,12]]}}}],["captur",{"_index":576,"t":{"59":{"position":[[507,8],[699,7],[885,7]]}}}],["case",{"_index":33,"t":{"2":{"position":[[398,4]]},"59":{"position":[[1214,4]]},"65":{"position":[[533,4]]},"97":{"position":[[3451,5]]},"99":{"position":[[839,5]]},"107":{"position":[[90,4]]},"113":{"position":[[2841,5]]},"121":{"position":[[13510,4]]}}}],["caseadd",{"_index":1303,"t":{"117":{"position":[[376,7]]}}}],["caveat",{"_index":1253,"t":{"113":{"position":[[2035,7]]}}}],["center",{"_index":746,"t":{"73":{"position":[[230,6],[318,6],[425,6]]}}}],["cert",{"_index":539,"t":{"55":{"position":[[260,4],[278,4]]},"121":{"position":[[14005,4]]},"145":{"position":[[65,4],[306,4]]}}}],["cert.pem",{"_index":1133,"t":{"97":{"position":[[1160,8]]}}}],["certif",{"_index":245,"t":{"15":{"position":[[1480,11],[1788,11]]},"45":{"position":[[1710,12]]},"53":{"position":[[400,11]]},"55":{"position":[[68,11],[294,11]]},"75":{"position":[[1182,12]]},"97":{"position":[[1008,11]]},"121":{"position":[[8303,12],[13674,12],[13790,12],[14030,11]]}}}],["certresolv",{"_index":1592,"t":{"139":{"position":[[447,13],[672,13]]},"141":{"position":[[624,13],[907,13],[1152,13],[1358,13]]}}}],["challeng",{"_index":515,"t":{"45":{"position":[[2500,9]]},"87":{"position":[[544,9]]},"121":{"position":[[876,9],[914,10]]}}}],["chang",{"_index":63,"t":{"4":{"position":[[98,7],[202,8]]},"15":{"position":[[283,6]]},"43":{"position":[[783,6]]},"89":{"position":[[82,8]]},"101":{"position":[[651,6]]},"121":{"position":[[1531,7]]},"149":{"position":[[150,7]]}}}],["channel",{"_index":1351,"t":{"121":{"position":[[2761,7]]}}}],["charact",{"_index":396,"t":{"41":{"position":[[709,10],[916,10],[1076,10]]}}}],["check",{"_index":8,"t":{"2":{"position":[[80,7]]},"57":{"position":[[134,7]]},"73":{"position":[[2723,7],[2986,7]]},"75":{"position":[[157,5]]},"87":{"position":[[6760,5]]},"121":{"position":[[8636,6],[8723,6],[8740,5],[8830,6]]},"149":{"position":[[391,6]]}}}],["checkedaft",{"_index":440,"t":{"43":{"position":[[655,12]]}}}],["checksum",{"_index":726,"t":{"69":{"position":[[458,8]]}}}],["chomp",{"_index":407,"t":{"41":{"position":[[949,8]]}}}],["choos",{"_index":234,"t":{"15":{"position":[[1288,6],[1596,6]]},"69":{"position":[[0,6]]},"73":{"position":[[108,6],[243,6],[290,6],[331,6],[438,6],[501,6],[526,6],[581,6],[805,6],[1315,6],[2303,6],[2559,6]]},"75":{"position":[[52,6]]},"87":{"position":[[6301,6]]}}}],["cidr",{"_index":1444,"t":{"121":{"position":[[15321,4]]}}}],["cipher",{"_index":546,"t":{"55":{"position":[[530,6],[663,6],[697,6]]},"121":{"position":[[14053,6],[14094,6],[14240,6],[14275,6]]},"145":{"position":[[797,6],[839,6],[1027,6]]}}}],["ciphersuit",{"_index":545,"t":{"55":{"position":[[478,12],[500,12]]}}}],["claim",{"_index":267,"t":{"21":{"position":[[75,5],[123,5],[136,5],[161,5],[393,5],[442,5]]},"33":{"position":[[344,5],[357,5],[382,5],[614,5],[663,5]]},"43":{"position":[[561,5],[1101,5],[1201,5],[1302,5],[1410,5],[1469,5]]},"71":{"position":[[477,7],[508,5]]},"85":{"position":[[361,5]]},"87":{"position":[[1115,5],[1601,5],[1633,5],[1799,6],[3241,5],[5819,5],[5890,5]]},"95":{"position":[[1782,6]]},"121":{"position":[[6636,5],[6851,5],[6875,5],[6929,5],[6953,5],[7009,5],[7033,5]]}}}],["claim/user_id_claim",{"_index":171,"t":{"10":{"position":[[1067,19]]}}}],["claimsourc",{"_index":265,"t":{"21":{"position":[[26,11]]},"51":{"position":[[13,12]]}}}],["clear",{"_index":1661,"t":{"149":{"position":[[704,6],[759,5]]}}}],["click",{"_index":780,"t":{"73":{"position":[[1328,5]]},"75":{"position":[[117,5],[398,5],[523,5],[616,5]]},"77":{"position":[[199,5]]},"87":{"position":[[2169,5],[2667,8],[2822,5],[3458,8]]},"95":{"position":[[1983,5],[2647,5]]}}}],["client",{"_index":147,"t":{"10":{"position":[[712,6],[732,6],[765,6]]},"43":{"position":[[1445,6],[1630,6]]},"45":{"position":[[140,6],[269,6],[441,6]]},"73":{"position":[[515,6],[838,6],[852,6],[1265,6],[1527,6],[2453,6]]},"75":{"position":[[1232,6],[1456,6],[1497,6],[1764,6],[1805,6]]},"77":{"position":[[239,6],[250,6],[349,6],[390,6]]},"83":{"position":[[175,6],[189,6],[355,6],[405,6]]},"85":{"position":[[103,6],[292,6],[460,6],[498,6]]},"87":{"position":[[27,6],[58,6],[454,6],[524,6],[822,6],[885,6],[1046,6],[1193,6],[1250,6],[1370,6],[1511,6],[1750,6],[1889,7],[1928,6],[1957,6],[1982,6],[2047,6],[2054,6],[2083,6],[2181,6],[2558,6],[2582,7],[2615,6],[2729,6],[2813,8],[2917,6],[3194,6],[3425,6],[3919,6],[4097,6],[4134,6],[4253,6],[4457,6],[4481,7],[4546,7],[4668,7],[4796,7],[4959,6],[4984,7],[5017,6],[5525,6],[5714,6],[6144,6],[6205,7],[6213,7],[6246,6],[6267,6],[6343,6],[6890,7],[6923,6]]},"89":{"position":[[748,6],[777,6]]},"95":{"position":[[1011,6],[1034,6],[2891,6],[2905,6],[4169,6],[4183,6]]},"97":{"position":[[1587,6],[3565,6],[3589,6]]},"99":{"position":[[414,6],[428,6],[548,6],[582,6]]},"101":{"position":[[338,6],[352,6],[442,6],[466,6]]},"103":{"position":[[275,6],[289,6],[376,6],[400,6]]},"111":{"position":[[187,6],[340,6],[481,6]]},"113":{"position":[[109,6]]},"121":{"position":[[681,6],[708,6],[762,6],[793,6],[809,6],[855,6],[5133,8],[5299,8],[9173,6],[9241,7],[13317,6],[15455,6]]},"129":{"position":[[677,11],[833,6],[1408,7]]},"131":{"position":[[413,11],[688,6],[1480,7]]},"141":{"position":[[2276,6],[2307,6]]},"145":{"position":[[435,6],[453,6]]},"147":{"position":[[1424,6],[1442,6]]}}}],["client'",{"_index":920,"t":{"85":{"position":[[518,8]]},"87":{"position":[[43,8],[78,8],[1576,8],[2099,8],[2493,8],[2599,8],[2682,8],[2894,8],[2946,8],[4498,8],[4855,8],[5001,8],[5040,8],[6230,8],[6907,8]]}}}],["client/remot",{"_index":1496,"t":{"129":{"position":[[858,13]]},"131":{"position":[[713,13]]}}}],["client_id",{"_index":906,"t":{"83":{"position":[[368,9]]},"95":{"position":[[3499,9],[4564,13]]}}}],["client_secret",{"_index":907,"t":{"83":{"position":[[422,13]]},"95":{"position":[[3513,13]]}}}],["client_session_idl",{"_index":1266,"t":{"113":{"position":[[2592,20]]}}}],["clientid",{"_index":467,"t":{"45":{"position":[[102,8],[118,8]]}}}],["clientsecret",{"_index":469,"t":{"45":{"position":[[223,12],[243,12],[475,12]]}}}],["clientsecretfil",{"_index":470,"t":{"45":{"position":[[356,16],[380,16]]}}}],["close",{"_index":1331,"t":{"121":{"position":[[1377,7]]}}}],["closest",{"_index":570,"t":{"59":{"position":[[364,7]]}}}],["cloud",{"_index":1158,"t":{"97":{"position":[[2259,5]]},"147":{"position":[[80,5]]}}}],["cloud/dock",{"_index":1154,"t":{"97":{"position":[[2179,12]]}}}],["cluster",{"_index":1271,"t":{"113":{"position":[[3022,7],[3180,7]]},"121":{"position":[[9509,7],[9561,7],[9650,7],[10419,7],[10449,8],[10475,7]]}}}],["cluster=tru",{"_index":1272,"t":{"113":{"position":[[3129,12],[3277,12]]}}}],["code",{"_index":514,"t":{"45":{"position":[[2495,4]]},"59":{"position":[[2005,4]]},"87":{"position":[[539,4]]},"95":{"position":[[2821,4],[4129,4]]},"121":{"position":[[871,4],[909,4]]},"131":{"position":[[1269,4]]}}}],["code_challenge_method",{"_index":513,"t":{"45":{"position":[[2462,21]]}}}],["codematch",{"_index":616,"t":{"59":{"position":[[1864,12]]}}}],["collabor",{"_index":305,"t":{"25":{"position":[[217,13],[494,13]]},"67":{"position":[[161,12]]},"81":{"position":[[310,13],[550,14],[934,13],[1104,13],[1456,13],[1575,14]]},"121":{"position":[[3749,13],[3873,13],[4053,13]]}}}],["collaboratorsit",{"_index":307,"t":{"25":{"position":[[315,15]]}}}],["collect",{"_index":523,"t":{"49":{"position":[[62,10]]},"61":{"position":[[47,10]]}}}],["combin",{"_index":1446,"t":{"121":{"position":[[15403,8]]},"127":{"position":[[675,8]]}}}],["come",{"_index":538,"t":{"55":{"position":[[242,4],[338,4]]},"87":{"position":[[4045,5]]}}}],["comma",{"_index":888,"t":{"81":{"position":[[889,5],[1605,5],[1669,5]]},"89":{"position":[[1025,5]]},"121":{"position":[[3049,5],[3703,5],[4169,5]]},"123":{"position":[[1057,5]]},"153":{"position":[[168,5],[230,5],[292,5]]}}}],["command",{"_index":733,"t":{"69":{"position":[[701,7]]},"99":{"position":[[205,7]]},"101":{"position":[[693,7]]},"113":{"position":[[731,8]]},"115":{"position":[[35,7],[135,7]]},"117":{"position":[[56,9]]},"119":{"position":[[6,7]]},"125":{"position":[[6,7],[365,7]]},"127":{"position":[[140,8]]},"145":{"position":[[135,7]]},"147":{"position":[[1172,7]]}}}],["commandlin",{"_index":1165,"t":{"97":{"position":[[2830,12]]}}}],["common",{"_index":252,"t":{"17":{"position":[[99,6],[152,8]]},"93":{"position":[[204,6]]},"121":{"position":[[543,6],[581,8]]}}}],["commun",{"_index":643,"t":{"63":{"position":[[23,9]]}}}],["compat",{"_index":1394,"t":{"121":{"position":[[6542,14]]}}}],["complet",{"_index":968,"t":{"87":{"position":[[2120,8]]},"111":{"position":[[405,10]]},"145":{"position":[[1000,8]]}}}],["compos",{"_index":663,"t":{"65":{"position":[[353,7]]},"113":{"position":[[230,8]]}}}],["compress",{"_index":1379,"t":{"121":{"position":[[5395,8],[5437,10]]},"127":{"position":[[332,10],[354,10]]}}}],["compris",{"_index":1232,"t":{"113":{"position":[[565,9]]}}}],["concurr",{"_index":1217,"t":{"111":{"position":[[628,12]]}}}],["confident",{"_index":914,"t":{"85":{"position":[[150,13]]}}}],["confidenti",{"_index":953,"t":{"87":{"position":[[869,15]]}}}],["config",{"_index":94,"t":{"4":{"position":[[691,6]]},"6":{"position":[[159,6],[200,6]]},"8":{"position":[[30,6],[82,6],[179,6],[197,6],[487,7],[516,6],[551,6]]},"10":{"position":[[1394,6],[1414,6],[1530,6]]},"69":{"position":[[688,6]]},"89":{"position":[[495,6]]},"95":{"position":[[3684,6],[4346,6],[4845,6]]},"101":{"position":[[545,6]]},"113":{"position":[[3503,6]]},"115":{"position":[[82,6]]},"119":{"position":[[50,6],[162,6],[235,6]]},"121":{"position":[[993,6],[1015,6],[10938,6]]},"123":{"position":[[1173,6]]},"135":{"position":[[2906,6]]},"147":{"position":[[46,6],[645,6]]},"149":{"position":[[182,6]]}}}],["config=/etc/oauth2",{"_index":1319,"t":{"119":{"position":[[307,18]]}}}],["configur",{"_index":39,"t":{"2":{"position":[[518,10],[698,14]]},"4":{"position":[[303,13],[359,13],[447,13],[511,13],[587,14],[639,14],[671,14],[898,13]]},"6":{"position":[[21,14]]},"8":{"position":[[123,13],[318,13],[406,13]]},"10":{"position":[[112,14]]},"15":{"position":[[39,13],[169,13],[402,9],[634,9],[869,9],[1225,9],[1464,9],[1547,9],[1772,9],[1850,9]]},"17":{"position":[[200,10]]},"39":{"position":[[48,13]]},"45":{"position":[[43,13],[556,14],[641,14],[720,14],[813,14],[902,14],[989,14],[1075,14],[1155,14],[1213,15],[1285,14]]},"53":{"position":[[49,13],[454,13]]},"59":{"position":[[53,13]]},"61":{"position":[[309,13]]},"69":{"position":[[659,9],[748,9]]},"71":{"position":[[105,9],[409,13]]},"75":{"position":[[1289,9]]},"77":{"position":[[268,9],[306,9]]},"87":{"position":[[1526,10],[2294,14],[2415,14],[2511,9],[2828,9],[3385,14],[3504,13]]},"95":{"position":[[360,9],[611,13],[1535,9],[1747,9],[1847,9],[2372,9],[3011,13],[3531,10]]},"99":{"position":[[165,14]]},"101":{"position":[[304,10]]},"103":{"position":[[442,13],[570,13]]},"113":{"position":[[1000,9],[2793,9],[2915,9],[3152,9]]},"115":{"position":[[20,10],[234,13]]},"121":{"position":[[393,13],[2977,13],[9917,15],[11257,13],[13491,10],[13985,13]]},"123":{"position":[[180,10],[511,10],[775,10],[1031,10]]},"125":{"position":[[339,13]]},"127":{"position":[[67,10],[183,9],[589,12]]},"129":{"position":[[582,9],[654,10]]},"131":{"position":[[315,9],[390,10]]},"133":{"position":[[134,13],[349,9],[425,10]]},"135":{"position":[[2798,13],[3744,10]]},"139":{"position":[[295,14]]},"141":{"position":[[240,10]]},"143":{"position":[[26,15]]},"145":{"position":[[0,9],[176,13],[481,13],[713,11]]},"147":{"position":[[0,9],[1213,13]]},"149":{"position":[[935,10]]},"151":{"position":[[971,13]]},"153":{"position":[[86,10]]}}}],["conflict",{"_index":1218,"t":{"111":{"position":[[768,9]]}}}],["conjunct",{"_index":226,"t":{"15":{"position":[[1020,11]]},"75":{"position":[[2056,11]]},"121":{"position":[[7817,11],[9621,11],[10209,11],[10369,11]]}}}],["connect",{"_index":420,"t":{"43":{"position":[[87,7],[993,7]]},"45":{"position":[[1748,10]]},"71":{"position":[[310,7],[556,7]]},"87":{"position":[[909,8],[2074,8]]},"95":{"position":[[7,7],[227,7],[271,7],[2635,7]]},"97":{"position":[[869,7],[913,8]]},"113":{"position":[[2704,10],[2732,10],[2985,10],[3188,10],[3376,10],[3537,10],[3586,10]]},"121":{"position":[[6683,7],[8341,10],[9517,10],[9569,10],[9666,10],[9826,10],[9975,10],[10071,11],[10264,10],[10317,10],[10432,7],[10483,10],[10551,7],[10642,10],[10692,10],[10726,10],[10815,10],[10972,10],[11021,10]]},"147":{"position":[[414,11]]},"149":{"position":[[455,11],[491,9]]}}}],["connect/auth",{"_index":924,"t":{"85":{"position":[[615,13]]}}}],["connect/token",{"_index":925,"t":{"85":{"position":[[710,14]]}}}],["connect/userinfo",{"_index":926,"t":{"85":{"position":[[807,17],[908,17]]}}}],["consent",{"_index":379,"t":{"41":{"position":[[165,7],[333,7]]},"73":{"position":[[345,7]]},"75":{"position":[[702,7],[810,7],[837,7]]}}}],["consent#th",{"_index":858,"t":{"75":{"position":[[2238,11]]}}}],["consid",{"_index":206,"t":{"15":{"position":[[256,10]]},"41":{"position":[[889,10]]}}}],["consol",{"_index":868,"t":{"77":{"position":[[29,7]]},"87":{"position":[[610,7],[658,7],[706,7],[803,7],[1282,7],[1407,8],[6856,7]]}}}],["consult",{"_index":962,"t":{"87":{"position":[[1466,7]]}}}],["consum",{"_index":1024,"t":{"91":{"position":[[353,8],[380,8]]},"103":{"position":[[16,8]]}}}],["contact",{"_index":1109,"t":{"97":{"position":[[96,7],[135,7]]}}}],["contain",{"_index":55,"t":{"4":{"position":[[17,8]]},"15":{"position":[[13,8]]},"31":{"position":[[561,8]]},"33":{"position":[[315,10]]},"43":{"position":[[1107,8],[1207,8],[1308,8]]},"51":{"position":[[360,10]]},"53":{"position":[[359,8]]},"55":{"position":[[25,8]]},"95":{"position":[[1466,9],[4746,10]]},"97":{"position":[[2508,8]]},"121":{"position":[[6881,8],[6959,8],[7039,8],[12391,7]]},"129":{"position":[[53,7],[305,7]]},"135":{"position":[[2217,7]]}}}],["content",{"_index":995,"t":{"87":{"position":[[7093,9]]},"97":{"position":[[1251,8]]},"135":{"position":[[864,7],[2240,8]]}}}],["contenttypenosniff",{"_index":1604,"t":{"139":{"position":[[998,19]]},"141":{"position":[[1756,19]]}}}],["contrib",{"_index":1318,"t":{"119":{"position":[[257,7]]}}}],["control",{"_index":1249,"t":{"113":{"position":[[1623,8]]},"121":{"position":[[11396,8]]}}}],["convert",{"_index":110,"t":{"8":{"position":[[74,7],[106,7],[171,7],[244,7]]},"21":{"position":[[379,8]]},"33":{"position":[[600,8]]}}}],["convolut",{"_index":401,"t":{"41":{"position":[[798,11]]}}}],["cooki",{"_index":11,"t":{"2":{"position":[[112,6],[122,6],[543,8],[570,6]]},"73":{"position":[[933,6]]},"75":{"position":[[2336,6],[2374,6]]},"77":{"position":[[483,6],[521,6]]},"89":{"position":[[570,6],[814,6]]},"95":{"position":[[1147,6],[1167,6],[3618,7]]},"97":{"position":[[1729,6],[1811,6],[1861,6],[3847,6]]},"109":{"position":[[122,6],[309,6]]},"111":{"position":[[4,6],[126,6],[199,7],[426,7],[518,6],[579,6]]},"113":{"position":[[139,6],[196,6],[326,6],[901,6],[1027,6],[1046,6],[1082,6],[1124,6],[1168,6],[1188,7],[1600,7],[2396,6]]},"117":{"position":[[21,6]]},"121":{"position":[[1029,6],[1066,6],[1090,7],[1203,6],[1242,6],[1286,7],[1307,6],[1332,6],[1396,6],[1430,6],[1449,6],[1484,6],[1548,6],[1590,6],[1630,6],[1661,6],[1682,7],[1712,6],[1748,6],[1827,6],[1875,7],[1913,6],[1956,6],[1975,6],[2011,6],[2067,6],[2125,7],[2200,6],[2254,6],[11587,6],[11631,6],[11675,7],[11776,6],[11783,6],[15840,6]]},"125":{"position":[[398,6]]},"135":{"position":[[1487,6],[1623,6],[1710,7],[1847,7],[1914,7],[1979,7],[2094,6],[2131,6],[2233,6],[2414,6],[2511,6],[2554,6],[3475,8],[3728,6],[3761,6],[3810,6],[3929,6]]},"145":{"position":[[373,6],[395,6]]},"147":{"position":[[1339,6],[1361,6]]},"149":{"position":[[711,8],[777,6]]},"151":{"position":[[103,8]]}}}],["cookie_expir",{"_index":1264,"t":{"113":{"position":[[2535,13]]}}}],["cookie_refresh",{"_index":1263,"t":{"113":{"position":[[2490,14]]}}}],["cookie_secret",{"_index":1083,"t":{"95":{"position":[[3589,13]]},"117":{"position":[[681,15]]}}}],["cookienam",{"_index":1223,"t":{"113":{"position":[[257,12],[301,10],[541,12]]}}}],["copi",{"_index":115,"t":{"8":{"position":[[343,4]]},"97":{"position":[[2600,4]]},"135":{"position":[[1825,6]]}}}],["coreo",{"_index":1031,"t":{"95":{"position":[[171,6]]}}}],["corp.com\"]client_id",{"_index":1075,"t":{"95":{"position":[[3240,20]]}}}],["corpor",{"_index":651,"t":{"63":{"position":[[218,9]]}}}],["correct",{"_index":879,"t":{"81":{"position":[[104,7]]},"83":{"position":[[110,7]]},"95":{"position":[[545,7]]}}}],["correctli",{"_index":862,"t":{"75":{"position":[[2425,10]]},"77":{"position":[[572,10]]},"141":{"position":[[382,9]]}}}],["count=1",{"_index":1293,"t":{"117":{"position":[[219,7]]}}}],["coupl",{"_index":1260,"t":{"113":{"position":[[2413,6]]}}}],["cours",{"_index":1251,"t":{"113":{"position":[[1938,7]]}}}],["cover",{"_index":1527,"t":{"133":{"position":[[30,7]]}}}],["creat",{"_index":687,"t":{"67":{"position":[[480,6]]},"73":{"position":[[40,6],[812,8],[1078,6],[2293,6],[2549,6]]},"75":{"position":[[253,6]]},"79":{"position":[[0,6]]},"81":{"position":[[0,6],[1350,7]]},"83":{"position":[[0,6]]},"85":{"position":[[92,6],[299,6],[487,8],[1461,6]]},"87":{"position":[[811,6],[1053,6],[1136,6],[1349,6],[1944,8],[1964,6],[2040,6],[3561,6],[4348,8],[4397,6],[4446,8],[4523,6],[5503,8],[5701,6],[6131,8],[6438,6],[6480,6]]},"91":{"position":[[42,6]]},"95":{"position":[[2653,6],[3002,6],[3791,6]]},"97":{"position":[[443,6],[2429,6]]},"101":{"position":[[0,6]]},"121":{"position":[[1512,8],[4914,7]]}}}],["credenti",{"_index":322,"t":{"29":{"position":[[284,11],[415,11]]},"73":{"position":[[297,13],[445,13],[478,12],[1170,11],[1603,11],[1736,12]]},"77":{"position":[[294,11]]},"85":{"position":[[270,10]]},"87":{"position":[[1024,10],[2440,11]]},"121":{"position":[[4665,11],[4710,11],[4751,11]]}}}],["crypto/tl",{"_index":554,"t":{"55":{"position":[[731,10]]},"121":{"position":[[14309,10]]},"145":{"position":[[914,10],[1062,11]]}}}],["csrf",{"_index":1342,"t":{"121":{"position":[[2074,4],[2120,4],[2207,4],[2249,4]]}}}],["current",{"_index":701,"t":{"69":{"position":[[50,8]]},"71":{"position":[[517,9]]},"95":{"position":[[1228,7]]},"121":{"position":[[6499,10]]},"145":{"position":[[735,9],[932,9]]}}}],["custom",{"_index":955,"t":{"87":{"position":[[1222,6],[3143,6],[5844,9]]},"95":{"position":[[2091,6]]},"121":{"position":[[2267,6],[2303,6],[2327,6],[2374,6],[3398,6],[3478,6]]},"135":{"position":[[3803,6]]},"145":{"position":[[508,13]]}}}],["cycl",{"_index":1663,"t":{"149":{"position":[[844,5],[906,6]]}}}],["d",{"_index":720,"t":{"69":{"position":[[319,2]]},"117":{"position":[[254,1]]}}}],["danger",{"_index":53,"t":{"4":{"position":[[0,6]]},"15":{"position":[[211,6]]}}}],["dashboard",{"_index":745,"t":{"73":{"position":[[220,9]]},"97":{"position":[[496,10],[798,10]]}}}],["data",{"_index":536,"t":{"55":{"position":[[210,4],[306,4]]},"85":{"position":[[1355,4]]},"97":{"position":[[426,4]]},"109":{"position":[[179,4]]},"111":{"position":[[550,4],[586,5]]},"121":{"position":[[11745,4]]},"131":{"position":[[1392,4]]}}}],["date",{"_index":1507,"t":{"129":{"position":[[1310,4]]},"131":{"position":[[1332,4]]},"133":{"position":[[602,4]]}}}],["day",{"_index":1134,"t":{"97":{"position":[[1170,4]]},"121":{"position":[[5693,4]]}}}],["dd",{"_index":1290,"t":{"117":{"position":[[194,2]]}}}],["debug",{"_index":1418,"t":{"121":{"position":[[12305,5]]}}}],["decim",{"_index":289,"t":{"23":{"position":[[153,7]]}}}],["decod",{"_index":1307,"t":{"117":{"position":[[620,6]]}}}],["decreas",{"_index":1280,"t":{"115":{"position":[[98,10]]}}}],["dedic",{"_index":965,"t":{"87":{"position":[[1916,11],[2523,9],[2641,9],[2695,10],[2775,10],[3415,9],[3467,9],[5053,9]]}}}],["deep",{"_index":1403,"t":{"121":{"position":[[8818,4]]}}}],["default",{"_index":327,"t":{"29":{"position":[[407,7]]},"39":{"position":[[176,9],[207,7],[431,7],[513,7],[637,7]]},"41":{"position":[[68,8],[226,7],[1170,7],[1198,7],[1218,7],[1363,7]]},"43":{"position":[[804,7],[1457,7]]},"45":{"position":[[1549,7],[1797,7]]},"55":{"position":[[647,7]]},"71":{"position":[[218,7]]},"73":{"position":[[1162,7],[1595,7],[1728,7]]},"75":{"position":[[2108,9],[2250,7]]},"87":{"position":[[680,8],[1290,8],[4339,8]]},"91":{"position":[[146,7]]},"93":{"position":[[196,7]]},"95":{"position":[[576,7],[1927,7],[2415,7],[2863,8],[4248,7]]},"101":{"position":[[575,8]]},"103":{"position":[[434,7]]},"109":{"position":[[316,9]]},"111":{"position":[[34,7]]},"113":{"position":[[356,8]]},"121":{"position":[[24,7],[2433,7],[2749,7],[3446,7],[3526,7],[4390,9],[4702,7],[4743,7],[8391,7],[14224,7],[16039,8],[16110,7]]},"127":{"position":[[3,8],[627,7]]},"129":{"position":[[152,7],[636,7]]},"131":{"position":[[33,7],[372,7]]},"133":{"position":[[219,7],[407,7]]},"139":{"position":[[461,7],[686,7]]},"141":{"position":[[638,7],[921,7],[1166,7],[1372,7]]},"145":{"position":[[635,8],[900,8]]},"147":{"position":[[168,8],[763,7]]},"149":{"position":[[620,7]]}}}],["defin",{"_index":213,"t":{"15":{"position":[[550,7]]},"43":{"position":[[1399,6]]},"45":{"position":[[158,7],[291,7],[1953,7]]},"51":{"position":[[140,7]]},"85":{"position":[[1511,6]]},"87":{"position":[[3447,7],[4126,7],[6020,7]]},"107":{"position":[[48,6]]}}}],["definit",{"_index":524,"t":{"49":{"position":[[76,11]]},"61":{"position":[[61,11]]}}}],["delay",{"_index":690,"t":{"67":{"position":[[571,5]]}}}],["delet",{"_index":1246,"t":{"113":{"position":[[1343,7]]}}}],["demo",{"_index":1118,"t":{"97":{"position":[[512,5]]}}}],["demonstr",{"_index":668,"t":{"65":{"position":[[558,11]]}}}],["depend",{"_index":48,"t":{"2":{"position":[[680,10]]},"65":{"position":[[85,13]]},"67":{"position":[[339,14]]},"99":{"position":[[228,9]]},"121":{"position":[[8543,8]]},"149":{"position":[[1239,12]]}}}],["deploy",{"_index":697,"t":{"69":{"position":[[14,7],[765,6]]},"73":{"position":[[1754,8],[1867,8],[2005,8]]},"97":{"position":[[3075,11]]}}}],["deprec",{"_index":1425,"t":{"121":{"position":[[12735,11]]}}}],["describ",{"_index":67,"t":{"4":{"position":[[172,9]]},"6":{"position":[[77,9]]},"95":{"position":[[2156,8]]}}}],["descript",{"_index":196,"t":{"13":{"position":[[34,11]]},"15":{"position":[[334,11]]},"17":{"position":[[34,11]]},"19":{"position":[[34,11]]},"21":{"position":[[111,11]]},"25":{"position":[[34,11]]},"27":{"position":[[34,11]]},"29":{"position":[[34,11]]},"31":{"position":[[129,11]]},"33":{"position":[[127,11]]},"35":{"position":[[34,11]]},"37":{"position":[[34,11]]},"41":{"position":[[1098,11]]},"43":{"position":[[34,11]]},"45":{"position":[[90,11]]},"51":{"position":[[172,11]]},"53":{"position":[[96,11]]},"55":{"position":[[162,11]]},"57":{"position":[[308,11]]},"59":{"position":[[182,11]]},"61":{"position":[[106,11]]},"87":{"position":[[2760,11],[5488,11]]},"95":{"position":[[2324,11]]},"101":{"position":[[71,11]]},"121":{"position":[[12,11]]},"129":{"position":[[821,11]]},"131":{"position":[[676,11]]},"133":{"position":[[549,11]]}}}],["deselect",{"_index":969,"t":{"87":{"position":[[2274,10]]}}}],["desir",{"_index":341,"t":{"31":{"position":[[574,7]]}}}],["detail",{"_index":64,"t":{"4":{"position":[[122,8],[336,7]]},"65":{"position":[[167,7],[457,6]]},"75":{"position":[[2273,8]]},"95":{"position":[[508,8]]},"121":{"position":[[12330,8]]},"129":{"position":[[1042,7],[1552,8]]},"133":{"position":[[751,7]]}}}],["determin",{"_index":334,"t":{"31":{"position":[[307,10]]},"57":{"position":[[145,9]]},"59":{"position":[[1981,10],[2270,10]]},"121":{"position":[[9212,9]]},"141":{"position":[[362,9]]}}}],["dev.yaml",{"_index":1040,"t":{"95":{"position":[[679,9],[878,8]]}}}],["develop",{"_index":1088,"t":{"95":{"position":[[3737,9]]},"97":{"position":[[315,9]]}}}],["dex",{"_index":1032,"t":{"95":{"position":[[178,3],[352,4],[392,4],[435,4],[802,4],[1521,4]]}}}],["differ",{"_index":399,"t":{"41":{"position":[[759,9]]},"47":{"position":[[77,9]]},"73":{"position":[[2685,9]]},"121":{"position":[[2110,9],[6474,6]]},"127":{"position":[[381,9]]},"129":{"position":[[546,9]]},"131":{"position":[[279,9]]},"133":{"position":[[313,9]]}}}],["digitalocean",{"_index":518,"t":{"47":{"position":[[152,12]]},"71":{"position":[[338,12]]}}}],["dir",{"_index":1346,"t":{"121":{"position":[[2284,3]]}}}],["dir\",th",{"_index":604,"t":{"59":{"position":[[1427,10]]}}}],["direct",{"_index":251,"t":{"17":{"position":[[67,7]]},"87":{"position":[[2253,6]]},"135":{"position":[[23,9]]},"149":{"position":[[1188,9]]}}}],["directli",{"_index":1431,"t":{"121":{"position":[[13575,8]]},"149":{"position":[[22,8]]}}}],["directori",{"_index":812,"t":{"75":{"position":[[72,10],[1356,9]]},"89":{"position":[[1201,9]]},"95":{"position":[[1244,9]]},"97":{"position":[[2480,9]]},"119":{"position":[[265,10]]},"123":{"position":[[595,9]]}}}],["directory/develop/v2",{"_index":857,"t":{"75":{"position":[[2201,20]]}}}],["disabl",{"_index":529,"t":{"53":{"position":[[209,8],[338,8]]},"87":{"position":[[5072,9]]},"113":{"position":[[1115,7]]},"121":{"position":[[1781,8],[2425,7],[3438,7],[3518,7],[5798,7],[6829,8],[12564,7]]},"127":{"position":[[483,8],[791,8]]},"149":{"position":[[608,8]]}}}],["disallow",{"_index":1657,"t":{"149":{"position":[[244,9]]}}}],["disclos",{"_index":677,"t":{"67":{"position":[[65,9],[298,9]]}}}],["disclosur",{"_index":649,"t":{"63":{"position":[[139,11]]},"65":{"position":[[194,11],[491,10]]},"67":{"position":[[129,10]]},"113":{"position":[[839,11]]}}}],["discov",{"_index":670,"t":{"65":{"position":[[590,10]]}}}],["discoveri",{"_index":431,"t":{"43":{"position":[[447,9],[888,9]]},"97":{"position":[[3252,10],[3298,9],[3485,9],[3711,9]]},"121":{"position":[[6816,9],[13390,9],[13426,10]]},"151":{"position":[[826,11]]}}}],["discret",{"_index":696,"t":{"67":{"position":[[695,10]]}}}],["discuss",{"_index":676,"t":{"67":{"position":[[47,7],[216,10]]}}}],["display",{"_index":152,"t":{"10":{"position":[[821,7]]},"45":{"position":[[1591,7]]},"83":{"position":[[332,7]]},"95":{"position":[[979,7]]},"121":{"position":[[2449,7],[2476,7],[8445,7]]}}}],["doc",{"_index":1320,"t":{"121":{"position":[[66,4]]}}}],["docker",{"_index":711,"t":{"69":{"position":[[215,6]]},"95":{"position":[[1490,6]]},"97":{"position":[[2318,6],[2556,6],[2574,6]]}}}],["document",{"_index":56,"t":{"4":{"position":[[26,13]]},"55":{"position":[[742,14]]},"87":{"position":[[306,13],[1487,14],[5580,14],[6717,13]]},"95":{"position":[[2470,13]]},"99":{"position":[[387,13]]},"121":{"position":[[14320,14]]}}}],["doesn't",{"_index":861,"t":{"75":{"position":[[2398,7]]},"77":{"position":[[545,7]]}}}],["domain",{"_index":388,"t":{"41":{"position":[[529,7],[655,7]]},"71":{"position":[[147,6]]},"73":{"position":[[648,6],[1058,7],[2364,6]]},"81":{"position":[[407,8]]},"87":{"position":[[277,6]]},"89":{"position":[[1263,6]]},"95":{"position":[[1194,6]]},"97":{"position":[[3874,6]]},"105":{"position":[[22,6],[221,9]]},"121":{"position":[[1036,6],[1073,7],[1138,6],[1210,6],[2560,6],[2620,6],[15114,6],[15143,7],[15196,6],[15910,6],[15929,6],[16004,6],[16263,7]]},"125":{"position":[[469,6]]},"135":{"position":[[548,8]]},"139":{"position":[[469,8],[694,8]]},"141":{"position":[[646,8],[929,8],[1174,8],[1380,8]]},"151":{"position":[[854,6],[964,6],[1064,6]]},"153":{"position":[[268,7]]}}}],["domain.com",{"_index":1497,"t":{"129":{"position":[[964,10]]},"131":{"position":[[819,10]]}}}],["domain.tld/gitlab",{"_index":1013,"t":{"89":{"position":[[1217,19]]}}}],["domain.tld/gitlab/oauth",{"_index":1018,"t":{"89":{"position":[[1366,24]]}}}],["domain.tld/oauth",{"_index":1016,"t":{"89":{"position":[[1332,16]]}}}],["domain=\"yourcompany.com",{"_index":1629,"t":{"145":{"position":[[237,24]]},"147":{"position":[[1274,24]]}}}],["domain=/oauth2/callback",{"_index":1195,"t":{"101":{"position":[[611,24]]}}}],["headers.default",{"_index":340,"t":{"31":{"position":[[456,16]]}}}],["headers/pass_user_head",{"_index":135,"t":{"10":{"position":[[390,25]]}}}],["headers/skip_auth_strip_head",{"_index":146,"t":{"10":{"position":[[680,31]]}}}],["headershould",{"_index":335,"t":{"31":{"position":[[346,12]]}}}],["headervalu",{"_index":264,"t":{"21":{"position":[[13,12]]},"31":{"position":[[540,13]]},"33":{"position":[[21,11]]},"51":{"position":[[26,12]]}}}],["health",{"_index":1401,"t":{"121":{"position":[[8629,6],[8716,6],[8823,6]]},"149":{"position":[[384,6]]}}}],["helm",{"_index":723,"t":{"69":{"position":[[350,6]]}}}],["here",{"_index":1113,"t":{"97":{"position":[[344,5]]}}}],["hex",{"_index":1228,"t":{"113":{"position":[[406,3]]}}}],["histor",{"_index":1208,"t":{"111":{"position":[[103,13]]}}}],["hit",{"_index":754,"t":{"73":{"position":[[408,3]]},"75":{"position":[[658,3],[1276,7]]}}}],["hold",{"_index":466,"t":{"45":{"position":[[33,5],[546,5],[631,5],[710,5],[803,5],[892,5],[979,5],[1065,5],[1145,5],[1275,5]]}}}],["homepag",{"_index":1187,"t":{"101":{"position":[[57,9]]}}}],["host",{"_index":124,"t":{"10":{"position":[[162,4]]},"59":{"position":[[2301,4]]},"83":{"position":[[47,4],[495,4],[560,4],[630,4]]},"89":{"position":[[185,7],[1053,6],[1175,6]]},"101":{"position":[[606,4]]},"121":{"position":[[1168,4],[7889,4],[7923,4]]},"129":{"position":[[959,4],[992,4]]},"131":{"position":[[475,9],[814,4],[847,4]]},"135":{"position":[[370,4],[375,6],[708,4],[713,6]]},"147":{"position":[[1006,4],[1011,6]]}}}],["host(`a",{"_index":1590,"t":{"139":{"position":[[342,8],[537,8]]},"141":{"position":[[432,8],[726,8],[1013,8]]}}}],["host(`oauth.example.com",{"_index":1622,"t":{"141":{"position":[[1255,26]]}}}],["host>/api/v3",{"_index":899,"t":{"81":{"position":[[1953,13]]}}}],["host>/auth/realms//login/oauth/access_token",{"_index":898,"t":{"81":{"position":[[1878,31]]}}}],["host>/login/oauth/author",{"_index":897,"t":{"81":{"position":[[1808,28]]}}}],["host>/oauth2/callback",{"_index":902,"t":{"83":{"position":[[144,21],[298,22]]}}}],["host_head",{"_index":1512,"t":{"131":{"position":[[143,13]]}}}],["hostnam",{"_index":1169,"t":{"97":{"position":[[3220,9]]},"101":{"position":[[228,8]]},"103":{"position":[[131,8]]}}}],["hosts.thi",{"_index":607,"t":{"59":{"position":[[1574,10]]}}}],["hour",{"_index":809,"t":{"73":{"position":[[3105,4]]}}}],["hst",{"_index":1646,"t":{"147":{"position":[[737,5]]}}}],["htaccess",{"_index":1399,"t":{"121":{"position":[[7784,8]]}}}],["html",{"_index":1347,"t":{"121":{"position":[[2310,4],[3405,6],[3485,6]]}}}],["htpasswd",{"_index":1350,"t":{"121":{"position":[[2457,8],[2521,8],[4826,8],[4883,8],[4927,8],[4963,8],[5034,8]]}}}],["http",{"_index":237,"t":{"15":{"position":[[1307,4],[1316,5],[1615,4],[1624,5]]},"59":{"position":[[1568,5]]},"83":{"position":[[26,9]]},"109":{"position":[[70,4]]},"121":{"position":[[107,4],[656,4],[1943,6],[3252,5],[3271,5],[3346,4],[5051,4],[5128,4],[5231,5],[5293,5],[7500,4],[12216,4],[13708,5],[13824,5],[14513,4],[15524,4],[15697,4],[16153,5],[16167,6]]},"123":{"position":[[151,4],[160,5]]},"127":{"position":[[439,4]]},"131":{"position":[[0,4],[1257,4],[1404,4]]},"133":{"position":[[713,5]]},"139":{"position":[[310,5]]},"141":{"position":[[392,5]]},"147":{"position":[[307,4],[340,4]]}}}],["http(",{"_index":232,"t":{"15":{"position":[[1239,7],[1561,7]]},"53":{"position":[[70,7]]},"59":{"position":[[1147,7]]},"123":{"position":[[91,7]]}}}],["http/1.0",{"_index":1498,"t":{"129":{"position":[[1080,8]]},"131":{"position":[[869,8]]}}}],["http/1.1",{"_index":1514,"t":{"131":{"position":[[186,8]]}}}],["http/1.1x",{"_index":1672,"t":{"151":{"position":[[623,9]]}}}],["http://0.0.0.0:8080\"]email_domain",{"_index":1100,"t":{"95":{"position":[[4524,35]]}}}],["http://127.0.0.1:4180",{"_index":1057,"t":{"95":{"position":[[1360,21]]},"135":{"position":[[330,22],[668,22]]},"147":{"position":[[966,22]]}}}],["http://127.0.0.1:4180/oauth2/callback",{"_index":1049,"t":{"95":{"position":[[1067,37]]},"97":{"position":[[3623,37]]}}}],["http://127.0.0.1:4180/oauth2/callback'nam",{"_index":1042,"t":{"95":{"position":[[722,44]]}}}],["http://127.0.0.1:4180/static",{"_index":1058,"t":{"95":{"position":[[1385,28]]}}}],["http://127.0.0.1:5556",{"_index":1174,"t":{"97":{"position":[[3678,21]]}}}],["http://127.0.0.1:5556/author",{"_index":1175,"t":{"97":{"position":[[3732,31]]}}}],["http://127.0.0.1:5556/dex",{"_index":1050,"t":{"95":{"position":[[1121,25]]}}}],["http://127.0.0.1:5556/key",{"_index":1177,"t":{"97":{"position":[[3819,26]]}}}],["http://127.0.0.1:5556/token",{"_index":1176,"t":{"97":{"position":[[3776,27]]}}}],["http://127.0.0.1:8080",{"_index":1460,"t":{"123":{"position":[[218,22]]}}}],["http://127.0.0.1:8080/some/path",{"_index":1461,"t":{"123":{"position":[[361,32]]}}}],["http://172.16.0.1:4180",{"_index":1599,"t":{"139":{"position":[[876,22]]},"141":{"position":[[1634,22]]}}}],["http://172.16.0.2:7555",{"_index":1598,"t":{"139":{"position":[[808,22]]},"141":{"position":[[1494,22]]}}}],["http://172.16.0.3:7555",{"_index":1623,"t":{"141":{"position":[[1566,22]]}}}],["http://[::1]:4180",{"_index":1374,"t":{"121":{"position":[[5194,17]]}}}],["http://[oauth2",{"_index":1464,"t":{"123":{"position":[[608,14],[963,14]]}}}],["http://]:::/sign_in",{"_index":1408,"t":{"121":{"position":[[9011,18]]}}}],["oauth2_proxy_",{"_index":1470,"t":{"125":{"position":[[93,14]]}}}],["oauth2_proxy_cookie_secret",{"_index":1473,"t":{"125":{"position":[[425,27]]}}}],["oauth2_proxy_email_domain",{"_index":1474,"t":{"125":{"position":[[489,27]]}}}],["oauth2_proxy_jwt_key",{"_index":1140,"t":{"97":{"position":[[1299,24]]}}}],["oauth2_proxy_jwt_key_file=/etc/ssl/private/jwt_signing_key.pem",{"_index":1163,"t":{"97":{"position":[[2672,62]]}}}],["oauth_proxi",{"_index":1333,"t":{"121":{"position":[[1500,11]]}}}],["obtain",{"_index":1452,"t":{"121":{"position":[[15664,9]]}}}],["occur",{"_index":1529,"t":{"133":{"position":[[187,5]]}}}],["oidc",{"_index":182,"t":{"10":{"position":[[1278,5]]},"35":{"position":[[229,4]]},"43":{"position":[[442,4],[883,4]]},"45":{"position":[[1174,4],[1208,4]]},"47":{"position":[[218,5],[259,5]]},"75":{"position":[[1560,4],[1868,4]]},"85":{"position":[[60,4]]},"87":{"position":[[20,4],[161,4],[1365,4],[1506,4],[1765,4],[1977,4],[3951,4],[4248,4],[5878,4]]},"89":{"position":[[1126,4]]},"95":{"position":[[244,6],[374,4],[965,4],[996,4],[1105,4],[1549,4]]},"97":{"position":[[16,4],[1673,4],[3247,4],[3293,4],[3480,4],[3559,4],[3662,4],[3706,4],[3805,4]]},"121":{"position":[[6298,4],[6410,4],[6455,4],[6574,4],[6614,4],[6649,4],[6740,4],[6761,4],[6811,4],[6840,4],[6870,4],[6917,4],[6948,4],[6995,4],[7028,4],[7069,4],[7409,4],[8163,4],[13385,4],[13412,4],[13469,4],[14997,4],[15875,4]]},"151":{"position":[[481,4],[667,4],[780,4],[889,4]]}}}],["oidc\"redirect_url",{"_index":1071,"t":{"95":{"position":[[3061,18],[4388,18]]}}}],["oidc_issuer_url",{"_index":852,"t":{"75":{"position":[[2036,16]]},"95":{"position":[[3372,15]]}}}],["oidcconfig",{"_index":488,"t":{"45":{"position":[[1111,10],[1134,10]]}}}],["oidcopt",{"_index":489,"t":{"45":{"position":[[1122,11]]}}}],["ok",{"_index":731,"t":{"69":{"position":[[588,2]]},"149":{"position":[[227,2],[340,2],[421,2]]}}}],["okta",{"_index":1033,"t":{"95":{"position":[[315,5],[1526,5],[1567,5],[1612,4],[2465,4],[3708,4],[3834,4],[4309,4],[4482,4]]}}}],["old",{"_index":1247,"t":{"113":{"position":[[1530,3]]},"121":{"position":[[5708,3],[5768,3]]}}}],["omit",{"_index":1457,"t":{"121":{"position":[[16195,4]]}}}],["on",{"_index":30,"t":{"2":{"position":[[354,3]]},"41":{"position":[[95,3],[259,3],[614,3],[1458,3]]},"51":{"position":[[101,3]]},"65":{"position":[[674,4]]},"97":{"position":[[2206,3]]},"103":{"position":[[683,3]]},"105":{"position":[[156,3]]},"109":{"position":[[187,3]]},"117":{"position":[[39,3]]},"121":{"position":[[479,4],[9284,4],[13330,3]]},"129":{"position":[[313,3]]}}}],["onc",{"_index":683,"t":{"67":{"position":[[421,4]]},"73":{"position":[[3097,4]]},"97":{"position":[[2843,4]]}}}],["onlyvalu",{"_index":416,"t":{"41":{"position":[[1436,10]]}}}],["open",{"_index":655,"t":{"65":{"position":[[113,4]]},"73":{"position":[[464,4]]},"77":{"position":[[0,4]]},"95":{"position":[[106,4]]}}}],["openid",{"_index":419,"t":{"43":{"position":[[80,6],[986,6]]},"71":{"position":[[303,6],[549,6]]},"87":{"position":[[901,7],[2066,7]]},"89":{"position":[[276,7]]},"95":{"position":[[0,6],[220,6],[2628,6]]},"97":{"position":[[862,6],[906,6]]},"121":{"position":[[6676,6]]}}}],["openssl",{"_index":1126,"t":{"97":{"position":[[1104,7]]},"117":{"position":[[78,7],[288,7]]}}}],["oppos",{"_index":1014,"t":{"89":{"position":[[1240,7]]}}}],["option",{"_index":66,"t":{"4":{"position":[[164,7],[317,8],[373,7]]},"6":{"position":[[218,7],[263,7]]},"8":{"position":[[37,7],[256,7],[379,7],[437,7]]},"10":{"position":[[1233,8],[1251,6],[1369,7],[1480,7]]},"15":{"position":[[53,8],[77,7],[222,7]]},"21":{"position":[[246,8]]},"23":{"position":[[180,8]]},"31":{"position":[[416,6]]},"33":{"position":[[467,8]]},"39":{"position":[[186,6],[316,7]]},"41":{"position":[[1187,10],[1316,10]]},"47":{"position":[[101,7],[115,7]]},"55":{"position":[[102,8]]},"59":{"position":[[1585,6],[2039,6]]},"69":{"position":[[714,8]]},"73":{"position":[[1066,11],[2071,7]]},"81":{"position":[[276,8],[362,7]]},"83":{"position":[[223,7]]},"85":{"position":[[1050,8]]},"87":{"position":[[299,6],[356,9],[435,9],[499,9],[3965,7],[4782,7],[5127,7],[5440,6],[5896,6],[5945,6],[6051,6],[6308,8],[6546,6],[6651,6],[6974,8]]},"89":{"position":[[905,7]]},"95":{"position":[[1721,10],[2023,6],[2452,8]]},"97":{"position":[[1540,8],[2132,7],[3495,7]]},"101":{"position":[[407,8],[530,7],[706,7]]},"103":{"position":[[344,8],[584,7]]},"113":{"position":[[3337,6],[3432,7]]},"115":{"position":[[48,8],[148,7]]},"119":{"position":[[169,6]]},"121":{"position":[[0,6],[52,9],[1057,8],[1652,8],[1883,11],[10776,6],[10871,7],[12680,7],[15437,10],[15740,6],[15917,7],[16362,7]]},"123":{"position":[[61,6]]},"137":{"position":[[5,6],[37,6]]},"141":{"position":[[175,7],[2326,6]]},"151":{"position":[[985,6]]}}}],["order",{"_index":1281,"t":{"115":{"position":[[109,5]]}}}],["org",{"_index":302,"t":{"25":{"position":[[46,3],[57,3],[478,3]]},"81":{"position":[[534,3],[635,7],[795,4],[1559,3]]},"121":{"position":[[3551,3],[4037,3]]}}}],["organ",{"_index":882,"t":{"81":{"position":[[259,12],[580,12],[713,12]]}}}],["organis",{"_index":303,"t":{"25":{"position":[[101,12]]},"81":{"position":[[678,12]]},"121":{"position":[[3597,12]]}}}],["organization'",{"_index":387,"t":{"41":{"position":[[514,14]]}}}],["organizationdefault",{"_index":376,"t":{"41":{"position":[[6,20]]}}}],["orgname/repo",{"_index":891,"t":{"81":{"position":[[1150,12]]},"121":{"position":[[3795,12]]}}}],["orgname/repo=accesslevel",{"_index":1364,"t":{"121":{"position":[[4302,25]]}}}],["origin",{"_index":762,"t":{"73":{"position":[[632,7]]},"95":{"position":[[146,10]]}}}],["os,base64",{"_index":1288,"t":{"117":{"position":[[125,10]]}}}],["otherwis",{"_index":374,"t":{"39":{"position":[[751,10]]},"43":{"position":[[631,10]]},"61":{"position":[[232,9]]},"95":{"position":[[1903,10]]},"151":{"position":[[992,9]]}}}],["out",{"_index":1067,"t":{"95":{"position":[[2125,3],[2318,3]]},"97":{"position":[[1156,3]]},"149":{"position":[[691,3]]},"151":{"position":[[17,4],[325,3]]}}}],["output",{"_index":1475,"t":{"127":{"position":[[34,6],[81,6]]},"129":{"position":[[142,6]]},"131":{"position":[[23,6]]},"133":{"position":[[80,6]]}}}],["outsid",{"_index":795,"t":{"73":{"position":[[2014,7]]},"125":{"position":[[326,7]]},"133":{"position":[[193,7]]}}}],["overrid",{"_index":555,"t":{"57":{"position":[[178,9]]},"93":{"position":[[183,8]]},"121":{"position":[[8465,8],[9938,8]]}}}],["overridden",{"_index":366,"t":{"39":{"position":[[371,10]]},"41":{"position":[[245,10],[388,11],[1279,11]]}}}],["override_speci",{"_index":1314,"t":{"117":{"position":[[711,16]]}}}],["overwrit",{"_index":1282,"t":{"115":{"position":[[161,9],[224,9]]}}}],["packag",{"_index":1204,"t":{"107":{"position":[[37,7]]}}}],["pad",{"_index":1230,"t":{"113":{"position":[[479,9]]}}}],["page",{"_index":54,"t":{"4":{"position":[[12,4],[143,4],[190,4],[331,4]]},"45":{"position":[[1654,5]]},"75":{"position":[[506,4],[1091,4],[1205,4]]},"121":{"position":[[2403,4],[3357,5],[8538,4],[12366,5],[13567,4]]},"149":{"position":[[656,5],[695,4],[1282,5]]},"151":{"position":[[329,4]]}}}],["pair",{"_index":1231,"t":{"113":{"position":[[533,4]]},"121":{"position":[[2924,5]]}}}],["pane",{"_index":747,"t":{"73":{"position":[[237,5],[284,5],[325,5],[432,5]]},"87":{"position":[[2659,4]]}}}],["parallel",{"_index":1344,"t":{"121":{"position":[[2173,8]]}}}],["paramet",{"_index":199,"t":{"13":{"position":[[83,9]]},"39":{"position":[[81,9],[280,10],[347,9],[476,9],[654,9]]},"41":{"position":[[36,9],[198,9],[366,9],[1159,10]]},"45":{"position":[[1965,10]]},"57":{"position":[[82,10],[202,9],[600,9]]},"87":{"position":[[6989,10]]},"123":{"position":[[258,10],[1096,10],[1121,9]]},"135":{"position":[[3773,10]]},"151":{"position":[[364,10]]},"153":{"position":[[123,10],[140,11]]}}}],["part",{"_index":204,"t":{"15":{"position":[[149,4]]},"135":{"position":[[1796,6],[2177,4],[2455,4]]}}}],["particularli",{"_index":1472,"t":{"125":{"position":[[286,12]]}}}],["pass",{"_index":1,"t":{"2":{"position":[[12,7]]},"10":{"position":[[157,4],[312,4],[344,4],[380,4],[416,4]]},"39":{"position":[[103,6],[253,6],[560,6],[677,6]]},"41":{"position":[[58,6],[216,6]]},"43":{"position":[[1593,4]]},"45":{"position":[[1988,6]]},"57":{"position":[[93,6],[212,6]]},"61":{"position":[[154,4]]},"73":{"position":[[2643,4]]},"75":{"position":[[2410,6]]},"77":{"position":[[557,6]]},"83":{"position":[[204,4]]},"87":{"position":[[3008,4]]},"95":{"position":[[1795,6]]},"97":{"position":[[2283,4]]},"101":{"position":[[388,4]]},"103":{"position":[[325,4]]},"109":{"position":[[276,6]]},"113":{"position":[[2154,4]]},"121":{"position":[[644,7],[7145,4],[7170,4],[7193,4],[7373,4],[7404,4],[7474,4],[7495,4],[7698,7],[7836,4],[7858,4],[7884,4],[7906,4],[7954,4],[7977,4],[11992,4]]},"123":{"position":[[71,4]]},"135":{"position":[[990,4],[1301,4],[1330,4]]}}}],["passhosthead",{"_index":628,"t":{"59":{"position":[[2235,14],[2255,14]]}}}],["password",{"_index":280,"t":{"21":{"position":[[529,8]]},"33":{"position":[[750,8]]},"121":{"position":[[603,8],[623,8],[2495,8],[9860,8],[9882,9],[9951,8],[10007,8],[10038,9],[10098,9],[10128,8]]}}}],["password/basic_auth_password",{"_index":144,"t":{"10":{"position":[[635,28]]}}}],["patch",{"_index":692,"t":{"67":{"position":[[601,7]]}}}],["path",{"_index":102,"t":{"6":{"position":[[123,4]]},"15":{"position":[[536,4]]},"29":{"position":[[251,4]]},"33":{"position":[[300,4]]},"37":{"position":[[150,4]]},"45":{"position":[[1698,5]]},"51":{"position":[[345,4]]},"59":{"position":[[140,4],[165,5],[296,4],[308,4],[407,5],[592,4],[622,4],[671,4],[721,4],[824,4],[877,4],[949,4],[1199,5],[1378,4]]},"61":{"position":[[171,4],[397,4],[422,5]]},"73":{"position":[[2888,4]]},"87":{"position":[[5939,5]]},"121":{"position":[[1007,4],[1637,4],[1668,4],[2295,4],[2354,4],[3037,4],[3073,5],[3131,5],[4632,4],[6070,4],[8291,5],[8572,4],[8766,4],[8961,4],[12805,5],[12943,5],[14022,4],[14357,4],[14559,5],[14653,4]]},"123":{"position":[[501,5],[703,4],[852,4],[1256,4]]},"131":{"position":[[177,8],[1166,4]]},"149":{"position":[[279,6]]}}}],["path.eg",{"_index":597,"t":{"59":{"position":[[1257,8]]}}}],["path/to/cert.key",{"_index":1651,"t":{"147":{"position":[[869,18]]}}}],["path/to/cert.pem",{"_index":1649,"t":{"147":{"position":[[830,18]]}}}],["path/to/existing/config.cfg",{"_index":111,"t":{"8":{"position":[[204,29],[558,29]]}}}],["path/to/new/config.yaml",{"_index":116,"t":{"8":{"position":[[523,25]]}}}],["path/to/sit",{"_index":1562,"t":{"135":{"position":[[2623,15]]}}}],["path_regex",{"_index":1322,"t":{"121":{"position":[[195,10],[13015,10],[13029,12]]}}}],["pathprefix",{"_index":1617,"t":{"141":{"position":[[491,16],[1285,16]]}}}],["pathprefix(`/no",{"_index":1619,"t":{"141":{"position":[[760,15]]}}}],["pathprefix(`/oauth2",{"_index":1596,"t":{"139":{"position":[[592,23]]},"141":{"position":[[1072,23]]}}}],["pattern",{"_index":390,"t":{"41":{"position":[[561,8],[978,8]]},"57":{"position":[[259,7],[379,7],[396,7]]},"59":{"position":[[449,7]]}}}],["pem",{"_index":355,"t":{"37":{"position":[[87,3],[182,3]]},"97":{"position":[[1023,4],[2383,3],[2528,3]]},"121":{"position":[[5925,3],[6102,3]]}}}],["per",{"_index":1203,"t":{"105":{"position":[[166,3]]},"121":{"position":[[484,3],[2079,3],[2133,3]]}}}],["perform",{"_index":975,"t":{"87":{"position":[[3757,7]]},"95":{"position":[[397,7],[1573,7]]}}}],["period",{"_index":284,"t":{"23":{"position":[[81,6]]},"59":{"position":[[2128,6]]},"121":{"position":[[3173,6]]}}}],["permiss",{"_index":806,"t":{"73":{"position":[[2778,11]]},"75":{"position":[[445,11],[494,11],[538,11],[598,12],[666,11],[775,10],[2222,11]]},"103":{"position":[[176,11]]}}}],["pick",{"_index":814,"t":{"75":{"position":[[144,4]]},"95":{"position":[[2235,4],[2660,4]]}}}],["pin",{"_index":1645,"t":{"147":{"position":[[713,3]]}}}],["ping",{"_index":1400,"t":{"121":{"position":[[8567,4],[8588,4],[8643,7],[8653,4],[12546,4],[12595,4]]},"127":{"position":[[716,5],[743,4],[815,4]]},"149":{"position":[[318,5]]}}}],["ping,/path2",{"_index":1358,"t":{"121":{"position":[[3109,14]]}}}],["pkce",{"_index":948,"t":{"87":{"position":[[569,4]]},"121":{"position":[[904,4]]}}}],["plain",{"_index":1326,"t":{"121":{"position":[[959,7]]},"135":{"position":[[2894,5]]}}}],["plan",{"_index":836,"t":{"75":{"position":[[1030,8]]}}}],["platform",{"_index":819,"t":{"75":{"position":[[270,8],[1660,8]]},"95":{"position":[[2603,8]]},"147":{"position":[[86,8],[276,8]]}}}],["pleas",{"_index":74,"t":{"4":{"position":[[260,6],[835,6]]},"65":{"position":[[99,6],[144,6],[346,6],[434,6]]},"71":{"position":[[430,6]]},"87":{"position":[[2113,6],[6688,6]]}}}],["plural",{"_index":1316,"t":{"119":{"position":[[186,6]]},"125":{"position":[[257,6]]}}}],["poc",{"_index":1336,"t":{"121":{"position":[[1699,6]]}}}],["point",{"_index":1017,"t":{"89":{"position":[[1349,8]]},"141":{"position":[[119,8]]}}}],["polici",{"_index":833,"t":{"75":{"position":[[884,8]]},"95":{"position":[[2351,8]]}}}],["popul",{"_index":934,"t":{"85":{"position":[[1276,8]]}}}],["port",{"_index":1037,"t":{"95":{"position":[[584,5]]},"121":{"position":[[16059,5],[16118,4],[16231,5],[16302,5]]},"147":{"position":[[390,4],[460,4]]},"151":{"position":[[1075,4]]}}}],["possibl",{"_index":286,"t":{"23":{"position":[[125,8]]},"63":{"position":[[165,9]]},"65":{"position":[[467,9]]},"85":{"position":[[82,9]]},"89":{"position":[[877,8]]},"121":{"position":[[2156,8]]}}}],["post",{"_index":658,"t":{"65":{"position":[[158,4]]}}}],["potenti",{"_index":608,"t":{"59":{"position":[[1619,9]]},"65":{"position":[[622,9]]}}}],["powershel",{"_index":1286,"t":{"117":{"position":[[86,10]]}}}],["ppc64le",{"_index":715,"t":{"69":{"position":[[270,8]]}}}],["pr",{"_index":657,"t":{"65":{"position":[[130,2]]},"67":{"position":[[373,3]]}}}],["practic",{"_index":961,"t":{"87":{"position":[[1434,10]]}}}],["pre",{"_index":977,"t":{"87":{"position":[[4122,3]]}}}],["prebuilt",{"_index":699,"t":{"69":{"position":[[34,8],[206,8],[357,8]]}}}],["preced",{"_index":572,"t":{"59":{"position":[[388,10]]},"115":{"position":[[118,11]]}}}],["prefer",{"_index":141,"t":{"10":{"position":[[582,6]]},"121":{"position":[[7569,9],[7619,6],[7645,6],[8054,9],[11902,9]]}}}],["preferred_usernam",{"_index":739,"t":{"71":{"position":[[489,18]]}}}],["prefix",{"_index":269,"t":{"21":{"position":[[219,6],[233,6],[255,6]]},"33":{"position":[[440,6],[454,6],[476,6]]},"59":{"position":[[627,8],[676,8]]},"121":{"position":[[1555,6],[8934,6],[15189,6],[15936,8]]},"125":{"position":[[75,9]]},"149":{"position":[[136,6],[175,6]]}}}],["preflight",{"_index":1424,"t":{"121":{"position":[[12636,9]]}}}],["prepend",{"_index":270,"t":{"21":{"position":[[275,9]]},"33":{"position":[[496,9]]}}}],["present",{"_index":673,"t":{"65":{"position":[[705,7]]},"109":{"position":[[237,7]]},"121":{"position":[[8179,8],[13687,9],[13803,9]]}}}],["preserv",{"_index":336,"t":{"31":{"position":[[362,9]]}}}],["preserverequestvalu",{"_index":333,"t":{"31":{"position":[[260,20],[286,20]]}}}],["pretti",{"_index":1179,"t":{"99":{"position":[[282,6]]}}}],["prevent",{"_index":425,"t":{"43":{"position":[[200,8]]},"111":{"position":[[460,7]]}}}],["preview",{"_index":993,"t":{"87":{"position":[[6818,7]]},"95":{"position":[[1682,7]]}}}],["previou",{"_index":695,"t":{"67":{"position":[[652,8]]}}}],["previous",{"_index":681,"t":{"67":{"position":[[287,10]]}}}],["primari",{"_index":205,"t":{"15":{"position":[[161,7]]}}}],["print",{"_index":113,"t":{"8":{"position":[[304,5]]},"121":{"position":[[15081,5]]}}}],["print(base64.urlsafe_b64encode(os.urandom(32)).decod",{"_index":1289,"t":{"117":{"position":[[136,57]]}}}],["prior",{"_index":72,"t":{"4":{"position":[[245,5]]},"89":{"position":[[119,5]]}}}],["privat",{"_index":354,"t":{"37":{"position":[[72,7],[162,7]]},"65":{"position":[[222,8]]},"67":{"position":[[37,9]]},"81":{"position":[[1048,7]]},"97":{"position":[[1065,7]]},"121":{"position":[[5910,7],[6082,7],[14365,7]]}}}],["process",{"_index":1162,"t":{"97":{"position":[[2587,7]]},"131":{"position":[[965,8]]},"135":{"position":[[2934,9],[2980,9]]}}}],["product",{"_index":753,"t":{"73":{"position":[[374,8]]},"97":{"position":[[294,10]]},"121":{"position":[[12437,11]]}}}],["profil",{"_index":160,"t":{"10":{"position":[[933,7]]},"45":{"position":[[2131,7]]},"85":{"position":[[727,7]]},"89":{"position":[[284,7]]},"97":{"position":[[1992,7]]},"121":{"position":[[8104,7],[8123,7]]}}}],["profileurl",{"_index":508,"t":{"45":{"position":[[2095,10],[2113,10]]}}}],["project",{"_index":312,"t":{"27":{"position":[[113,8],[131,8],[184,8]]},"63":{"position":[[33,8],[74,7],[204,8]]},"73":{"position":[[53,8],[123,7],[150,7],[184,7],[212,7]]},"81":{"position":[[13,8]]},"89":{"position":[[411,8]]},"91":{"position":[[55,8]]},"95":{"position":[[118,9]]},"121":{"position":[[4184,8],[4250,8]]}}}],["prometheu",{"_index":1405,"t":{"121":{"position":[[8883,10]]},"149":{"position":[[533,10]]}}}],["prompt",{"_index":166,"t":{"10":{"position":[[998,6]]},"121":{"position":[[217,6],[8149,6],[8168,7],[8197,6]]}}}],["prompt/approval_prompt",{"_index":168,"t":{"10":{"position":[[1014,22]]}}}],["promptallow",{"_index":378,"t":{"41":{"position":[[130,12]]}}}],["promptdefault",{"_index":381,"t":{"41":{"position":[[294,14]]}}}],["properli",{"_index":1003,"t":{"89":{"position":[[551,9]]}}}],["propos",{"_index":679,"t":{"67":{"position":[[257,8]]}}}],["protect",{"_index":510,"t":{"45":{"position":[[2213,9]]},"75":{"position":[[315,7]]},"95":{"position":[[2189,11],[2279,8]]},"113":{"position":[[774,8]]},"121":{"position":[[11310,9]]}}}],["protectedresourc",{"_index":509,"t":{"45":{"position":[[2171,17]]}}}],["proto,host,uri",{"_index":1414,"t":{"121":{"position":[[11472,16]]}}}],["protocol",{"_index":954,"t":{"87":{"position":[[892,8]]},"97":{"position":[[842,9]]},"121":{"position":[[16136,8]]},"129":{"position":[[1071,8],[1101,9]]},"131":{"position":[[534,13],[860,8],[890,9]]}}}],["provid",{"_index":26,"t":{"2":{"position":[[309,8],[473,9],[740,8]]},"6":{"position":[[111,7]]},"10":{"position":[[803,8],[812,8],[856,8],[1215,8]]},"13":{"position":[[13,9]]},"15":{"position":[[1809,9],[1819,9],[1829,9],[1869,10]]},"17":{"position":[[13,9]]},"19":{"position":[[13,9]]},"25":{"position":[[13,9]]},"27":{"position":[[13,9]]},"29":{"position":[[13,9]]},"35":{"position":[[13,9],[234,9]]},"37":{"position":[[13,9]]},"39":{"position":[[13,9],[712,8]]},"43":{"position":[[13,9]]},"45":{"position":[[13,10],[24,8],[70,8],[212,10],[345,10],[584,9],[666,9],[744,9],[842,9],[929,9],[1015,9],[1101,9],[1190,9],[1313,9],[1414,10],[1425,8],[1504,9],[1581,9]]},"47":{"position":[[29,9],[87,8]]},"49":{"position":[[0,11],[47,9],[92,10]]},"69":{"position":[[472,8],[600,8],[650,8],[803,8]]},"71":{"position":[[54,8],[90,10],[195,9],[365,8],[400,8],[455,9],[564,9]]},"73":{"position":[[2747,8]]},"75":{"position":[[2308,8]]},"77":{"position":[[92,7],[455,8]]},"81":{"position":[[184,8],[1264,7]]},"83":{"position":[[323,8]]},"85":{"position":[[24,8],[70,8],[1256,8]]},"87":{"position":[[3956,8]]},"89":{"position":[[10,8]]},"95":{"position":[[84,9],[133,8],[235,8],[297,9],[379,8],[553,8],[956,8],[970,8],[1001,9],[1554,8],[1918,8],[3050,8],[4377,8]]},"97":{"position":[[21,8],[1565,8],[1893,8],[3268,9],[3550,8]]},"99":{"position":[[14,8],[125,9],[528,8]]},"101":{"position":[[378,9]]},"103":{"position":[[315,9]]},"107":{"position":[[27,9],[61,8],[151,9]]},"121":{"position":[[1811,9],[2538,8],[8220,8],[8242,8],[8260,8],[8359,9],[8436,8],[8555,9],[13528,8],[13714,9],[15002,9],[15820,9],[16344,8]]},"123":{"position":[[194,9],[353,7],[691,7],[1149,9]]},"141":{"position":[[34,8],[2252,8]]},"145":{"position":[[47,9],[418,12]]},"147":{"position":[[1384,12]]},"151":{"position":[[169,8],[785,8]]}}}],["provider'",{"_index":1172,"t":{"97":{"position":[[3422,10]]},"121":{"position":[[8478,10]]},"135":{"position":[[1699,10]]},"151":{"position":[[309,10]]}}}],["provider.example.com",{"_index":1677,"t":{"151":{"position":[[894,20]]}}}],["provider.example.com%2fsign_out_pag",{"_index":1671,"t":{"151":{"position":[[486,36]]}}}],["provider.if",{"_index":503,"t":{"45":{"position":[[1766,11]]}}}],["provider.thi",{"_index":496,"t":{"45":{"position":[[1374,13]]}}}],["provider/sign_out_pag",{"_index":1674,"t":{"151":{"position":[[672,25]]}}}],["provider=\"github",{"_index":903,"t":{"83":{"position":[[247,17]]}}}],["provider=\"gitlab",{"_index":1004,"t":{"89":{"position":[[605,17]]}}}],["provider=adf",{"_index":873,"t":{"77":{"position":[[333,13]]}}}],["provider=azur",{"_index":841,"t":{"75":{"position":[[1439,14],[1747,14]]}}}],["provider=bitbucket",{"_index":1198,"t":{"103":{"position":[[355,18]]}}}],["provider=digitalocean",{"_index":1191,"t":{"101":{"position":[[418,21]]}}}],["provider=keycloak",{"_index":917,"t":{"85":{"position":[[440,17]]},"87":{"position":[[2,17]]}}}],["providermust",{"_index":498,"t":{"45":{"position":[[1465,12]]}}}],["provideror",{"_index":490,"t":{"45":{"position":[[1179,10]]}}}],["providers.new",{"_index":1205,"t":{"107":{"position":[[98,15]]}}}],["providerthi",{"_index":468,"t":{"45":{"position":[[173,12],[306,12]]}}}],["providertyp",{"_index":497,"t":{"45":{"position":[[1434,12]]},"47":{"position":[[39,12]]}}}],["proxi",{"_index":3,"t":{"2":{"position":[[32,5],[729,5]]},"8":{"position":[[58,5],[163,5],[467,5],[502,5]]},"10":{"position":[[191,5],[1511,5]]},"15":{"position":[[204,6],[490,7],[973,5],[1045,5],[1262,5]]},"59":{"position":[[108,7],[1057,8],[1669,5],[2416,8]]},"61":{"position":[[365,7]]},"63":{"position":[[12,5]]},"65":{"position":[[65,5],[339,6]]},"69":{"position":[[256,5],[563,5],[676,5]]},"71":{"position":[[179,5]]},"73":{"position":[[1694,5],[2845,5],[2961,6]]},"75":{"position":[[1303,5]]},"77":{"position":[[320,5]]},"83":{"position":[[238,6]]},"87":{"position":[[1697,5],[2985,5],[3621,5],[3746,5],[5434,5],[5679,5],[5913,6],[6068,6],[6413,5],[6540,5]]},"95":{"position":[[530,5],[789,5],[924,5],[1028,5],[1048,5],[3656,5],[3676,5],[4817,5],[4837,5]]},"97":{"position":[[393,5],[661,5],[1512,5],[1558,5],[2999,7],[3190,6],[3340,5],[3582,5],[3603,5]]},"101":{"position":[[206,5],[249,5]]},"103":{"position":[[108,6],[152,5]]},"107":{"position":[[130,5]]},"109":{"position":[[109,5]]},"111":{"position":[[97,5],[396,5],[655,6]]},"113":{"position":[[1021,5],[1374,5],[1644,5],[1848,5],[2166,5]]},"115":{"position":[[7,5]]},"121":{"position":[[8928,5],[8976,5],[9042,5],[9082,8],[9268,5],[11346,5],[11389,6],[13177,5],[15427,5],[15549,5],[15718,5]]},"123":{"position":[[7,5],[623,5],[978,5]]},"127":{"position":[[19,5]]},"129":{"position":[[937,5]]},"131":{"position":[[792,5]]},"135":{"position":[[192,8],[1763,5]]},"137":{"position":[[31,5]]},"139":{"position":[[223,8]]},"141":{"position":[[138,5],[208,6],[1236,5]]},"143":{"position":[[52,5],[69,5]]},"145":{"position":[[38,5],[162,5],[221,5],[978,5]]},"147":{"position":[[133,5],[432,8],[451,5],[478,5],[1199,5],[1258,5]]},"149":{"position":[[7,5],[87,7],[169,5]]}}}],["proxiedto",{"_index":629,"t":{"59":{"position":[[2323,9]]}}}],["proxy'",{"_index":9,"t":{"2":{"position":[[96,7]]},"101":{"position":[[296,7]]},"135":{"position":[[86,7]]},"139":{"position":[[93,7]]},"151":{"position":[[91,7]]}}}],["proxy'secret",{"_index":1043,"t":{"95":{"position":[[775,13]]}}}],["proxy(e.g",{"_index":821,"t":{"75":{"position":[[337,10]]}}}],["proxy.cfg",{"_index":1317,"t":{"119":{"position":[[225,9],[326,9]]}}}],["proxy.thi",{"_index":222,"t":{"15":{"position":[[929,10]]}}}],["proxy/oauth2",{"_index":706,"t":{"69":{"position":[[123,12],[243,12]]}}}],["proxy/oauth2/callback",{"_index":1189,"t":{"101":{"position":[[163,22]]}}}],["proxy/v7@latest",{"_index":707,"t":{"69":{"position":[[136,15]]}}}],["proxy=tru",{"_index":1616,"t":{"141":{"position":[[306,11]]},"147":{"position":[[1409,10]]}}}],["proxy>/oauth2/callback",{"_index":1197,"t":{"103":{"position":[[63,23]]}}}],["proxy_buffer_s",{"_index":864,"t":{"75":{"position":[[2451,17]]},"77":{"position":[[598,17]]}}}],["proxy_connect_timeout",{"_index":1653,"t":{"147":{"position":[[1094,21]]}}}],["proxy_pass",{"_index":1535,"t":{"135":{"position":[[319,10],[657,10],[2584,10],[2948,10]]},"147":{"position":[[955,10]]}}}],["proxy_pass_request_bodi",{"_index":1541,"t":{"135":{"position":[[883,23]]}}}],["proxy_read_timeout",{"_index":1655,"t":{"147":{"position":[[1142,18]]}}}],["proxy_send_timeout",{"_index":1654,"t":{"147":{"position":[[1119,18]]}}}],["proxy_set_head",{"_index":1536,"t":{"135":{"position":[[353,16],[382,16],[423,16],[458,16],[559,16],[691,16],[720,16],[761,16],[847,16],[1218,16],[1249,16],[1428,16]]},"147":{"position":[[989,16],[1018,16],[1059,16]]}}}],["proxyrawpath",{"_index":638,"t":{"61":{"position":[[118,12],[136,12]]}}}],["proxyredirecturi",{"_index":1041,"t":{"95":{"position":[[702,18]]}}}],["proxyus",{"_index":1411,"t":{"121":{"position":[[9326,9]]}}}],["proxywebsocket",{"_index":631,"t":{"59":{"position":[[2371,15],[2392,15]]}}}],["pubjwk",{"_index":177,"t":{"10":{"position":[[1185,6]]},"97":{"position":[[1917,6]]},"121":{"position":[[9098,6]]}}}],["pubjwkurl",{"_index":357,"t":{"37":{"position":[[214,9],[231,9]]}}}],["pubkey",{"_index":359,"t":{"37":{"position":[[252,6]]},"121":{"position":[[9120,6]]}}}],["public",{"_index":890,"t":{"81":{"position":[[1011,6],[1229,6]]},"97":{"position":[[974,6]]}}}],["public_repo",{"_index":894,"t":{"81":{"position":[[1376,11]]}}}],["publicli",{"_index":659,"t":{"65":{"position":[[175,9]]}}}],["pull",{"_index":1504,"t":{"129":{"position":[[1173,6]]},"131":{"position":[[1036,6]]}}}],["push",{"_index":308,"t":{"25":{"position":[[341,4]]},"81":{"position":[[994,4]]},"121":{"position":[[3898,4]]}}}],["put",{"_index":708,"t":{"69":{"position":[[163,3]]}}}],["python",{"_index":1284,"t":{"117":{"position":[[66,6],[107,6]]}}}],["quay.io/oauth2",{"_index":713,"t":{"69":{"position":[[228,14]]}}}],["queri",{"_index":361,"t":{"39":{"position":[[75,5],[390,5]]},"41":{"position":[[1153,5],[1405,5]]},"57":{"position":[[76,5]]},"139":{"position":[[1287,6]]},"151":{"position":[[358,5]]},"153":{"position":[[117,5],[134,5]]}}}],["quick",{"_index":1125,"t":{"97":{"position":[[1080,5]]}}}],["quickli",{"_index":650,"t":{"63":{"position":[[154,7]]}}}],["quit",{"_index":1237,"t":{"113":{"position":[[964,5]]}}}],["quot",{"_index":402,"t":{"41":{"position":[[845,6]]}}}],["r_basicprofil",{"_index":1021,"t":{"91":{"position":[[168,14]]}}}],["r_emailaddress",{"_index":1022,"t":{"91":{"position":[[187,15]]}}}],["rand",{"_index":1299,"t":{"117":{"position":[[296,4]]}}}],["random",{"_index":437,"t":{"43":{"position":[[586,6]]},"113":{"position":[[391,6],[442,6]]},"129":{"position":[[1210,6]]},"131":{"position":[[1073,6]]}}}],["random_password",{"_index":1312,"t":{"117":{"position":[[663,17]]}}}],["rang",{"_index":1445,"t":{"121":{"position":[[15326,6]]}}}],["raw",{"_index":639,"t":{"61":{"position":[[163,3]]},"135":{"position":[[2229,3]]}}}],["rd",{"_index":1669,"t":{"151":{"position":[[355,2]]}}}],["re",{"_index":1220,"t":{"111":{"position":[[799,2]]},"151":{"position":[[200,2]]}}}],["reach",{"_index":1432,"t":{"121":{"position":[[13584,5]]}}}],["read",{"_index":807,"t":{"73":{"position":[[2862,4]]},"75":{"position":[[440,4]]},"81":{"position":[[1207,4]]},"87":{"position":[[5562,4]]},"103":{"position":[[240,4],[261,4]]}}}],["read_api",{"_index":1002,"t":{"89":{"position":[[445,8]]}}}],["readi",{"_index":693,"t":{"67":{"position":[[613,6]]},"121":{"position":[[8760,5],[8782,5],[8837,8],[12602,5]]},"127":{"position":[[768,6]]},"149":{"position":[[398,6]]}}}],["real",{"_index":1167,"t":{"97":{"position":[[3070,4],[3215,4]]},"121":{"position":[[9168,4],[9226,4],[9312,4],[9342,4],[11428,4],[15450,4]]},"129":{"position":[[899,4]]},"131":{"position":[[754,4]]},"135":{"position":[[401,4],[739,4]]},"147":{"position":[[1037,4]]}}}],["realm",{"_index":913,"t":{"85":{"position":[[127,5]]},"87":{"position":[[219,6],[375,5],[846,5],[1871,5],[2006,5],[3902,5],[4081,5],[4359,5],[4382,5],[4420,6],[4707,6],[4906,5],[6959,5]]}}}],["realm>/protocol/openid",{"_index":923,"t":{"85":{"position":[[592,22],[687,22],[784,22],[885,22]]}}}],["reason",{"_index":803,"t":{"73":{"position":[[2537,6]]},"113":{"position":[[2364,7]]}}}],["recipi",{"_index":963,"t":{"87":{"position":[[1662,9],[3310,11]]}}}],["recommend",{"_index":769,"t":{"73":{"position":[[871,11],[1233,14],[1672,14]]},"87":{"position":[[1451,11]]},"113":{"position":[[2468,11]]},"121":{"position":[[977,13]]},"135":{"position":[[3574,11]]},"143":{"position":[[14,11]]}}}],["redeem",{"_index":158,"t":{"10":{"position":[[911,6]]},"43":{"position":[[686,6]]},"81":{"position":[[1837,6]]},"83":{"position":[[527,6]]},"85":{"position":[[631,6]]},"97":{"position":[[3765,6]]},"99":{"position":[[686,6]]},"121":{"position":[[9352,6],[13452,6]]}}}],["redeemurl",{"_index":506,"t":{"45":{"position":[[2035,9],[2052,9]]}}}],["redempt",{"_index":507,"t":{"45":{"position":[[2075,10]]},"121":{"position":[[9376,10]]}}}],["redi",{"_index":40,"t":{"2":{"position":[[552,6]]},"75":{"position":[[2498,5]]},"77":{"position":[[645,5]]},"109":{"position":[[326,5]]},"113":{"position":[[4,5],[57,6],[606,5],[711,5],[1421,5],[1565,5],[2635,5],[2698,5],[2726,5],[2817,5],[2874,5],[2937,5],[2970,5],[3016,5],[3119,5],[3174,5],[3237,5],[3267,5],[3323,5],[3370,5],[3418,5],[3531,5],[3580,5]]},"121":{"position":[[9503,5],[9555,5],[9640,5],[9660,5],[9695,5],[9712,5],[9763,5],[9840,5],[9854,5],[9876,5],[9911,5],[9969,5],[9992,5],[10023,5],[10087,5],[10122,5],[10139,5],[10173,5],[10228,5],[10249,5],[10302,5],[10388,5],[10409,5],[10443,5],[10469,5],[10527,5],[10562,5],[10594,5],[10627,5],[10686,5],[10720,5],[10762,5],[10809,5],[10857,5],[10966,5],[11015,5],[11767,5]]},"149":{"position":[[474,5]]}}}],["redirect",{"_index":25,"t":{"2":{"position":[[276,10]]},"61":{"position":[[245,10]]},"71":{"position":[[123,8]]},"73":{"position":[[703,8]]},"75":{"position":[[232,8]]},"79":{"position":[[95,8]]},"83":{"position":[[87,8],[267,8]]},"85":{"position":[[174,8]]},"87":{"position":[[97,8],[928,8],[2343,8]]},"89":{"position":[[322,8],[625,8],[703,8],[1318,8]]},"91":{"position":[[217,8]]},"95":{"position":[[1054,8],[2720,8],[3969,8],[4029,8]]},"97":{"position":[[1379,8],[1619,8],[3610,8]]},"99":{"position":[[448,12]]},"101":{"position":[[315,8],[562,8],[680,8]]},"121":{"position":[[127,11],[2716,9],[3277,8],[3366,9],[9398,8],[9428,8],[11511,8],[15155,11],[16022,8]]},"135":{"position":[[490,8],[591,8]]},"141":{"position":[[0,8],[372,9],[561,8],[572,9],[781,11],[849,8],[1894,9],[2059,9]]},"149":{"position":[[816,8]]},"151":{"position":[[22,8],[269,8],[380,8],[550,8],[585,8],[646,9],[873,8],[1006,8]]}}}],["redis.conf",{"_index":1277,"t":{"113":{"position":[[3463,10]]},"121":{"position":[[10898,10]]}}}],["redis://host[:port",{"_index":1412,"t":{"121":{"position":[[9591,21],[9740,20],[10339,21]]}}}],["reduc",{"_index":984,"t":{"87":{"position":[[5311,6]]},"127":{"position":[[828,8]]}}}],["refer",{"_index":91,"t":{"4":{"position":[[552,9],[853,9]]},"6":{"position":[[94,9]]},"51":{"position":[[57,10]]},"87":{"position":[[5549,5],[6695,5]]},"97":{"position":[[930,5],[1284,8]]},"99":{"position":[[367,5]]}}}],["refresh",{"_index":770,"t":{"73":{"position":[[886,7],[940,7],[3079,9]]},"95":{"position":[[2830,7],[4138,7]]},"111":{"position":[[734,10]]},"113":{"position":[[1053,7],[1070,7],[1249,7],[1403,7],[1453,7],[1534,7],[1608,8],[1659,7],[1736,10],[1801,7],[1859,7],[1962,9],[2007,7],[2403,7],[2552,7]]},"121":{"position":[[1719,7],[1736,7],[15847,8]]},"135":{"position":[[1494,8]]}}}],["refresh/access/id",{"_index":1235,"t":{"113":{"position":[[787,17]]}}}],["refreshes.default",{"_index":442,"t":{"43":{"position":[[712,17]]}}}],["regardless",{"_index":1634,"t":{"145":{"position":[[679,10]]}}}],["regex",{"_index":7,"t":{"2":{"position":[[70,6]]},"121":{"position":[[12715,5]]}}}],["regist",{"_index":732,"t":{"69":{"position":[[613,8]]},"71":{"position":[[17,8]]},"75":{"position":[[404,9]]},"97":{"position":[[453,8],[765,8]]}}}],["registr",{"_index":740,"t":{"73":{"position":[[16,12]]},"75":{"position":[[94,13],[130,13],[469,13],[1147,12]]},"91":{"position":[[18,12]]}}}],["regular",{"_index":383,"t":{"41":{"position":[[432,7],[814,7]]},"57":{"position":[[417,7]]},"59":{"position":[[534,7]]},"67":{"position":[[365,7]]}}}],["releas",{"_index":208,"t":{"15":{"position":[[298,8]]},"43":{"position":[[764,8]]},"67":{"position":[[493,8],[661,9]]},"69":{"position":[[59,7],[490,7]]},"87":{"position":[[754,7]]}}}],["relev",{"_index":1258,"t":{"113":{"position":[[2282,8]]}}}],["reload",{"_index":1626,"t":{"141":{"position":[[2336,6]]}}}],["remain",{"_index":582,"t":{"59":{"position":[[711,9]]},"87":{"position":[[2133,9]]},"91":{"position":[[300,9]]}}}],["remot",{"_index":1449,"t":{"121":{"position":[[15581,6]]}}}],["remote_addr",{"_index":1537,"t":{"135":{"position":[[409,13],[747,13]]},"147":{"position":[[1045,13]]}}}],["remote_address",{"_index":1481,"t":{"129":{"position":[[181,16]]},"131":{"position":[[62,16]]}}}],["remov",{"_index":68,"t":{"4":{"position":[[211,8]]},"6":{"position":[[255,7]]},"8":{"position":[[368,6],[429,7]]},"10":{"position":[[1467,6]]},"87":{"position":[[737,7]]},"151":{"position":[[76,7]]}}}],["renam",{"_index":69,"t":{"4":{"position":[[220,7]]}}}],["replac",{"_index":84,"t":{"4":{"position":[[479,7]]},"119":{"position":[[65,9]]},"125":{"position":[[129,9]]}}}],["replace(\"/\",\"_",{"_index":1306,"t":{"117":{"position":[[550,19]]}}}],["repo",{"_index":304,"t":{"25":{"position":[[176,4],[188,4]]},"81":{"position":[[1076,8]]},"97":{"position":[[2497,4]]},"121":{"position":[[3718,4]]}}}],["report",{"_index":1510,"t":{"129":{"position":[[1381,8]]},"131":{"position":[[1453,8]]}}}],["repositori",{"_index":263,"t":{"19":{"position":[[108,10],[126,10],[186,10]]},"25":{"position":[[239,10],[304,10],[360,10]]},"81":{"position":[[329,11],[953,11],[1018,10],[1056,11],[1126,10],[1236,10],[1320,11],[1445,10]]},"103":{"position":[[245,12],[696,10]]},"121":{"position":[[3771,10],[3862,10],[3917,11]]}}}],["repository=/index.php/apps/oauth2/api/v1/token",{"_index":1184,"t":{"99":{"position":[[714,40]]}}}],["url>/index.php/apps/oauth2/author",{"_index":1183,"t":{"99":{"position":[[647,37]]}}}],["url>/ocs/v2.php/cloud/user?format=json",{"_index":1185,"t":{"99":{"position":[[786,39]]}}}],["url]/stat",{"_index":1469,"t":{"123":{"position":[[984,13]]}}}],["url]/var/www/stat",{"_index":1465,"t":{"123":{"position":[[629,21]]}}}],["urldefault",{"_index":432,"t":{"43":{"position":[[457,10]]}}}],["urleg",{"_index":422,"t":{"43":{"position":[[102,6],[1006,6]]}}}],["urlparameterrul",{"_index":414,"t":{"41":{"position":[[1297,18]]},"57":{"position":[[32,16]]}}}],["us",{"_index":51,"t":{"2":{"position":[[761,6]]},"4":{"position":[[293,3],[659,5]]},"6":{"position":[[3,3],[141,5],[182,5]]},"8":{"position":[[64,5],[473,5]]},"10":{"position":[[100,5],[1352,3]]},"15":{"position":[[394,4],[626,4],[861,4],[953,4],[963,5],[1217,4],[1433,3],[1539,4],[1741,3],[1842,4]]},"17":{"position":[[233,4]]},"21":{"position":[[517,4]]},"25":{"position":[[285,3]]},"29":{"position":[[391,3]]},"31":{"position":[[183,4]]},"33":{"position":[[738,4]]},"35":{"position":[[210,5]]},"37":{"position":[[98,4],[193,4]]},"39":{"position":[[542,4]]},"41":{"position":[[941,3]]},"43":{"position":[[902,3],[1478,4]]},"45":{"position":[[467,4],[1738,4],[1826,4]]},"47":{"position":[[55,4]]},"59":{"position":[[316,4],[462,4],[528,5],[730,3],[2058,4]]},"65":{"position":[[550,4]]},"67":{"position":[[3,3],[361,3]]},"69":{"position":[[196,5],[322,5],[682,5]]},"71":{"position":[[390,5]]},"73":{"position":[[1144,5],[1577,5],[1709,3],[1812,3]]},"75":{"position":[[1042,3],[1947,5],[2287,5]]},"77":{"position":[[435,5]]},"81":{"position":[[1426,3],[1686,5]]},"85":{"position":[[47,3],[1135,4],[1440,5]]},"87":{"position":[[1377,5],[1842,3],[1883,5],[3126,3],[3932,5],[4239,5],[4739,5],[4828,5],[5249,6],[5417,5]]},"89":{"position":[[160,5],[1042,5]]},"93":{"position":[[175,4]]},"95":{"position":[[194,3],[263,4],[566,5],[1484,5],[1617,5],[4707,3]]},"97":{"position":[[2172,3],[3211,3]]},"99":{"position":[[105,5],[276,5]]},"101":{"position":[[370,3],[670,3]]},"103":{"position":[[43,3],[307,3],[555,3],[707,3]]},"105":{"position":[[29,3],[105,3],[209,3]]},"107":{"position":[[139,3]]},"109":{"position":[[115,4]]},"111":{"position":[[78,4],[287,5]]},"113":{"position":[[992,4],[2306,4],[2625,5],[2864,3],[2880,3],[3125,3],[3243,3],[3273,3],[3497,5]]},"117":{"position":[[35,3]]},"119":{"position":[[286,4]]},"121":{"position":[[900,3],[1181,4],[1542,3],[2414,3],[2658,3],[3427,3],[3507,3],[3843,3],[4686,3],[4727,3],[5448,5],[5571,3],[5936,4],[6113,4],[7271,4],[7655,3],[7741,3],[7809,4],[8331,4],[8420,4],[8517,4],[8614,4],[8701,4],[8809,4],[9204,4],[9613,4],[9646,3],[10048,4],[10116,3],[10201,4],[10234,3],[10361,4],[10394,3],[10415,3],[10502,3],[10533,3],[10661,3],[10932,5],[11095,3],[11503,4],[11938,7],[11980,4],[12148,7],[12256,7],[12430,3],[13702,5],[13818,5],[14108,4],[14255,5],[15731,3],[15890,5],[16308,3]]},"123":{"position":[[830,4],[1214,4]]},"125":{"position":[[299,6]]},"127":{"position":[[111,5],[735,5]]},"129":{"position":[[889,3]]},"131":{"position":[[744,3]]},"135":{"position":[[1651,5],[2677,3],[2719,3],[3589,3]]},"141":{"position":[[55,3],[330,3],[2299,3]]},"145":{"position":[[752,4],[942,4],[992,5]]},"147":{"position":[[218,5],[301,3],[670,3]]},"149":{"position":[[375,3],[751,4],[877,4],[1007,4],[1156,3],[1252,4]]},"151":{"position":[[345,5]]},"153":{"position":[[97,5]]}}}],["us/azure/act",{"_index":856,"t":{"75":{"position":[[2185,15]]}}}],["usag",{"_index":203,"t":{"15":{"position":[[62,5]]},"113":{"position":[[2613,6]]}}}],["use.typ",{"_index":537,"t":{"55":{"position":[[218,13],[314,13]]}}}],["useapplicationdefaultcredenti",{"_index":323,"t":{"29":{"position":[[296,32],[334,32]]}}}],["used.list",{"_index":552,"t":{"55":{"position":[[678,9]]}}}],["user",{"_index":22,"t":{"2":{"position":[[248,4],[643,4]]},"10":{"position":[[385,4],[1059,4]]},"15":{"position":[[92,5],[436,4]]},"19":{"position":[[161,4]]},"25":{"position":[[371,5],[386,5],[399,5]]},"35":{"position":[[173,5]]},"43":{"position":[[1120,4],[1220,4],[1321,4]]},"45":{"position":[[1635,5]]},"59":{"position":[[795,5]]},"73":{"position":[[397,6],[2710,4],[2978,4]]},"81":{"position":[[436,4],[463,5],[971,5],[1196,5],[1286,4],[1481,4],[1619,8]]},"87":{"position":[[288,6],[3575,4],[3800,5],[4198,4],[4592,4],[4597,5],[5188,5],[5263,4],[6511,4],[6828,5],[6965,4]]},"91":{"position":[[119,4]]},"95":{"position":[[2949,5]]},"99":{"position":[[58,5]]},"103":{"position":[[659,5]]},"109":{"position":[[138,4]]},"111":{"position":[[790,5]]},"113":{"position":[[184,4]]},"121":{"position":[[3938,4],[3966,5],[4972,4],[5043,5],[6972,4],[7529,5],[7635,4],[7863,4],[7959,4],[7994,5],[8658,4],[8678,4],[8746,4],[11833,5],[14916,5]]},"127":{"position":[[748,4]]},"129":{"position":[[94,4],[356,4],[425,4],[1367,4]]},"131":{"position":[[1439,4]]},"135":{"position":[[1013,4],[1115,5],[1237,4],[1242,6]]},"149":{"position":[[258,4]]},"151":{"position":[[12,4],[121,4],[282,4],[393,4]]}}}],["user'",{"_index":218,"t":{"15":{"position":[[760,6],[1148,6]]},"87":{"position":[[3864,6],[5218,6]]},"109":{"position":[[17,6]]},"121":{"position":[[6894,6]]},"149":{"position":[[1022,6]]}}}],["user/prefer_email_to_us",{"_index":143,"t":{"10":{"position":[[598,25]]}}}],["user/settings/appl",{"_index":900,"t":{"83":{"position":[[52,28]]}}}],["user@domain.com",{"_index":1482,"t":{"129":{"position":[[215,17]]},"131":{"position":[[96,17]]}}}],["user_ag",{"_index":1515,"t":{"131":{"position":[[195,14]]}}}],["userag",{"_index":1509,"t":{"129":{"position":[[1346,9]]},"131":{"position":[[548,14],[1418,9]]}}}],["useridclaim",{"_index":456,"t":{"43":{"position":[[1255,11],[1274,11]]}}}],["userinfo",{"_index":936,"t":{"85":{"position":[[1376,8]]}}}],["usernam",{"_index":278,"t":{"21":{"position":[[475,8]]},"25":{"position":[[416,9]]},"33":{"position":[[696,8]]},"81":{"position":[[1506,8],[1644,9]]},"87":{"position":[[4606,8]]},"121":{"position":[[2484,8],[3984,8],[7579,8],[7684,8],[7745,8],[8064,8],[11912,8]]},"129":{"position":[[63,8],[708,13],[1416,8],[1457,8]]},"131":{"position":[[444,13],[1488,8],[1529,8]]}}}],["username@email.com",{"_index":1511,"t":{"129":{"position":[[1425,18]]},"131":{"position":[[1497,18]]}}}],["usptream",{"_index":612,"t":{"59":{"position":[[1683,8]]}}}],["utc",{"_index":1384,"t":{"121":{"position":[[5631,3]]}}}],["util",{"_index":491,"t":{"45":{"position":[[1200,7]]}}}],["uuid",{"_index":1505,"t":{"129":{"position":[[1217,4]]},"131":{"position":[[1080,4]]}}}],["v1",{"_index":839,"t":{"75":{"position":[[1319,2]]}}}],["v19.0.0",{"_index":956,"t":{"87":{"position":[[1305,8]]}}}],["v2",{"_index":847,"t":{"75":{"position":[[1617,2]]},"139":{"position":[[12,2]]},"141":{"position":[[93,2]]}}}],["v2.0",{"_index":837,"t":{"75":{"position":[[1046,4],[1953,4]]}}}],["v3.0.0",{"_index":727,"t":{"69":{"position":[[520,7]]}}}],["v7.5.0",{"_index":702,"t":{"69":{"position":[[70,7]]}}}],["valid",{"_index":163,"t":{"10":{"position":[[966,8]]},"23":{"position":[[254,5]]},"45":{"position":[[2299,10]]},"47":{"position":[[109,5]]},"55":{"position":[[691,5]]},"57":{"position":[[172,5]]},"67":{"position":[[231,8]]},"69":{"position":[[382,9]]},"71":{"position":[[189,5]]},"73":{"position":[[962,9]]},"79":{"position":[[83,5]]},"81":{"position":[[1910,8]]},"83":{"position":[[595,8]]},"85":{"position":[[168,5],[827,8]]},"87":{"position":[[262,8],[922,5],[2337,5],[3794,5]]},"99":{"position":[[756,8],[849,8]]},"113":{"position":[[1795,5],[1928,6],[2082,5],[2250,8]]},"117":{"position":[[572,5]]},"121":{"position":[[180,6],[13660,10],[13776,10],[14269,5],[15014,8],[15047,10],[16016,5]]},"145":{"position":[[1017,5]]}}}],["validateurl",{"_index":511,"t":{"45":{"position":[[2248,11],[2267,11]]}}}],["valu",{"_index":201,"t":{"13":{"position":[[117,5]]},"15":{"position":[[723,6],[798,6],[1111,6],[1186,6]]},"17":{"position":[[143,5],[296,5]]},"21":{"position":[[62,5],[191,5],[292,5],[433,5],[538,6]]},"31":{"position":[[330,6],[533,6],[554,6],[582,6]]},"33":{"position":[[60,5],[110,5],[139,5],[152,5],[190,6],[337,6],[412,5],[513,5],[654,5],[759,6]]},"39":{"position":[[215,5],[224,6],[521,5],[732,5]]},"41":{"position":[[117,6],[144,6],[158,6],[174,6],[281,6],[326,6],[342,6],[412,6],[1226,5],[1235,6]]},"45":{"position":[[186,5],[319,5],[1388,5]]},"51":{"position":[[89,6],[184,5],[197,5],[235,6],[382,6]]},"57":{"position":[[250,5],[320,5],[335,5],[373,5],[481,6],[560,6],[610,5]]},"59":{"position":[[259,5]]},"71":{"position":[[423,6]]},"75":{"position":[[1264,5]]},"85":{"position":[[1539,5]]},"87":{"position":[[1731,6]]},"113":{"position":[[203,5],[1204,5],[1617,5]]},"121":{"position":[[38,6],[4353,5]]},"123":{"position":[[795,5]]},"129":{"position":[[979,5]]},"131":{"position":[[834,5]]}}}],["values.nam",{"_index":331,"t":{"31":{"position":[[204,12]]}}}],["values/acr_valu",{"_index":170,"t":{"10":{"position":[[1041,17]]}}}],["var/www/stat",{"_index":1468,"t":{"123":{"position":[[933,16]]}}}],["variabl",{"_index":121,"t":{"10":{"position":[[61,9]]},"33":{"position":[[255,9]]},"51":{"position":[[300,9]]},"69":{"position":[[738,9]]},"97":{"position":[[2157,10],[2303,9],[2366,9],[2747,9]]},"99":{"position":[[192,9]]},"115":{"position":[[69,9],[183,9],[209,9]]},"125":{"position":[[63,8],[238,8]]},"127":{"position":[[613,10]]},"129":{"position":[[776,9],[804,8]]},"131":{"position":[[628,9],[659,8]]},"133":{"position":[[500,9],[532,8]]},"135":{"position":[[2202,9],[2838,9],[3826,8]]},"149":{"position":[[189,9]]}}}],["verif",{"_index":430,"t":{"43":{"position":[[364,12],[1487,13],[1598,12]]},"59":{"position":[[1543,12]]},"121":{"position":[[6427,12],[6785,13],[7150,12],[9808,12]]}}}],["verifi",{"_index":306,"t":{"25":{"position":[[294,9]]},"43":{"position":[[530,9],[1424,8]]},"69":{"position":[[419,9]]},"81":{"position":[[1435,9]]},"87":{"position":[[3715,9]]},"121":{"position":[[3852,9],[6384,8],[6600,9],[9787,6],[13247,8],[13643,6],[13759,6]]}}}],["verifieddefault",{"_index":428,"t":{"43":{"position":[[260,15]]}}}],["verify/ssl_upstream_insecure_skip_verifi",{"_index":129,"t":{"10":{"position":[[252,40]]}}}],["version",{"_index":535,"t":{"55":{"position":[[123,7],[404,7],[466,7]]},"65":{"position":[[679,8]]},"69":{"position":[[512,7]]},"87":{"position":[[628,7],[765,7]]},"89":{"position":[[50,7],[111,7]]},"121":{"position":[[14392,7],[14419,7],[15069,7],[15087,7]]},"145":{"position":[[581,7],[670,8],[705,7],[772,8],[950,7]]}}}],["version=tls1.3",{"_index":1633,"t":{"145":{"position":[[615,15]]}}}],["via",{"_index":190,"t":{"10":{"position":[[1377,3],[1390,3]]},"39":{"position":[[382,3]]},"41":{"position":[[1397,3]]},"97":{"position":[[3308,3]]},"99":{"position":[[161,3]]},"113":{"position":[[717,3],[2720,3]]},"115":{"position":[[31,3]]},"121":{"position":[[470,3],[7229,3],[7434,3],[10568,3]]},"129":{"position":[[1027,3]]},"135":{"position":[[71,3],[1007,3],[2944,3],[3755,3]]},"139":{"position":[[78,3]]},"147":{"position":[[733,3]]}}}],["visit",{"_index":1056,"t":{"95":{"position":[[1351,8]]}}}],["volum",{"_index":1479,"t":{"127":{"position":[[841,7]]}}}],["vulner",{"_index":654,"t":{"65":{"position":[[37,13],[606,13]]},"67":{"position":[[75,16],[308,15]]}}}],["wait",{"_index":636,"t":{"59":{"position":[[2541,4]]},"121":{"position":[[14725,4]]}}}],["want",{"_index":563,"t":{"57":{"position":[[574,4]]},"75":{"position":[[307,4]]},"87":{"position":[[5303,4]]},"95":{"position":[[1739,4]]},"97":{"position":[[580,4]]},"113":{"position":[[2856,4]]},"123":{"position":[[677,5]]},"151":{"position":[[865,4]]}}}],["warn",{"_index":73,"t":{"4":{"position":[[251,8]]},"121":{"position":[[12372,9],[15597,8]]}}}],["way",{"_index":365,"t":{"39":{"position":[[328,4]]},"81":{"position":[[217,4]]},"97":{"position":[[1086,3]]}}}],["web",{"_index":758,"t":{"73":{"position":[[533,4]]},"75":{"position":[[266,3]]},"95":{"position":[[1259,3],[2591,3],[3802,3],[3921,3]]}}}],["websocket",{"_index":632,"t":{"59":{"position":[[2428,10]]},"121":{"position":[[9048,10],[9072,9]]}}}],["websockets/proxy_websocket",{"_index":126,"t":{"10":{"position":[[197,27]]}}}],["well",{"_index":533,"t":{"55":{"position":[[91,4]]},"113":{"position":[[2686,4],[2907,4],[3070,5]]},"121":{"position":[[2958,5],[2996,5]]}}}],["whenstream",{"_index":624,"t":{"59":{"position":[[2172,13]]}}}],["whether",{"_index":325,"t":{"29":{"position":[[380,7]]},"31":{"position":[[318,7]]},"57":{"position":[[155,7]]},"59":{"position":[[2281,7]]},"89":{"position":[[144,7]]},"99":{"position":[[241,7]]},"121":{"position":[[11405,7]]}}}],["whitelist",{"_index":1442,"t":{"121":{"position":[[15104,9],[15900,9],[16251,11]]},"151":{"position":[[954,9]]}}}],["whole",{"_index":565,"t":{"57":{"position":[[594,5]]},"113":{"position":[[939,5]]},"139":{"position":[[236,5]]}}}],["whose",{"_index":180,"t":{"10":{"position":[[1258,5]]}}}],["wide_authority_to_your_service_account",{"_index":784,"t":{"73":{"position":[[1475,38]]}}}],["window",{"_index":869,"t":{"77":{"position":[[45,7]]}}}],["wish",{"_index":1065,"t":{"95":{"position":[[1839,4],[2271,4],[2364,4],[2969,4]]},"101":{"position":[[95,5]]}}}],["within",{"_index":65,"t":{"4":{"position":[[131,6]]},"15":{"position":[[230,6]]},"21":{"position":[[81,6]]},"31":{"position":[[234,6]]},"51":{"position":[[112,6]]},"59":{"position":[[912,6]]},"65":{"position":[[51,6]]},"73":{"position":[[1763,6]]},"81":{"position":[[703,6]]},"95":{"position":[[4737,6]]},"111":{"position":[[568,6]]}}}],["without",{"_index":71,"t":{"4":{"position":[[237,7]]},"15":{"position":[[307,7]]},"135":{"position":[[184,7]]},"139":{"position":[[215,7]]},"141":{"position":[[43,7]]}}}],["wizard",{"_index":872,"t":{"77":{"position":[[221,6]]}}}],["wo",{"_index":1621,"t":{"141":{"position":[[846,2],[2056,2]]}}}],["won't",{"_index":834,"t":{"75":{"position":[[897,5]]}}}],["work",{"_index":645,"t":{"63":{"position":[[61,4]]},"89":{"position":[[102,4],[546,4]]},"95":{"position":[[1236,7],[1940,5],[2437,4]]},"97":{"position":[[210,4]]},"121":{"position":[[14973,5]]},"135":{"position":[[1528,4]]}}}],["workload",{"_index":776,"t":{"73":{"position":[[1184,8],[1204,8],[1623,8],[1643,8],[1930,8],[1981,8],[2030,8]]},"121":{"position":[[4805,8]]}}}],["write",{"_index":893,"t":{"81":{"position":[[1300,5]]}}}],["x",{"_index":935,"t":{"85":{"position":[[1289,1]]},"121":{"position":[[7233,1],[7314,1],[7517,1],[7535,1],[7557,1],[7982,1],[8000,1],[8020,1],[8042,1],[9293,1],[9310,1],[9324,1],[9340,1],[11128,1],[11426,1],[11460,1],[11818,1],[11839,1],[11862,1],[11887,1],[12011,1],[13080,1]]},"129":{"position":[[897,1]]},"131":{"position":[[752,1]]},"135":{"position":[[399,1],[440,1],[475,1],[576,1],[737,1],[778,1],[1011,1],[1022,1],[1235,1],[1266,1],[1445,1]]},"141":{"position":[[337,1],[2001,1],[2177,1]]},"147":{"position":[[1035,1],[1076,1]]},"151":{"position":[[570,1]]}}}],["x.y.z.linux",{"_index":730,"t":{"69":{"position":[[569,11]]}}}],["x509",{"_index":1128,"t":{"97":{"position":[[1117,4]]}}}],["xauthrequest",{"_index":1396,"t":{"121":{"position":[[7287,12],[11796,12]]},"135":{"position":[[1080,12]]}}}],["xauthrequest/set_xauthrequest",{"_index":139,"t":{"10":{"position":[[502,29]]}}}],["xxx\"client_secret",{"_index":1101,"t":{"95":{"position":[[4580,18]]}}}],["xxxxx\"client_secret",{"_index":1076,"t":{"95":{"position":[[3263,20]]}}}],["yaml",{"_index":83,"t":{"4":{"position":[[464,4]]},"6":{"position":[[47,4]]},"8":{"position":[[295,4]]},"41":{"position":[[677,4]]},"139":{"position":[[288,6]]}}}],["you'd",{"_index":892,"t":{"81":{"position":[[1166,5]]}}}],["you'r",{"_index":775,"t":{"73":{"position":[[1133,6]]},"75":{"position":[[997,6]]}}}],["yourcompany.com",{"_index":974,"t":{"87":{"position":[[3680,17]]},"121":{"position":[[1107,18]]}}}],["yourself",{"_index":567,"t":{"57":{"position":[[635,8]]}}}],["yyy\"pass_access_token",{"_index":1102,"t":{"95":{"position":[[4601,22]]}}}],["yyyyy\"pass_access_token",{"_index":1077,"t":{"95":{"position":[[3286,24]]}}}],["zero",{"_index":1275,"t":{"113":{"position":[[3358,5]]},"121":{"position":[[10797,5]]}}}],["zzz\"cookie_secur",{"_index":1103,"t":{"95":{"position":[[4646,18]]}}}],["zzzzz\"skip_provider_button",{"_index":1079,"t":{"95":{"position":[[3333,27]]}}}]],"pipeline":["stemmer"]}}] \ No newline at end of file diff --git a/index.html b/index.html index 1c046a90..214fc8f7 100644 --- a/index.html +++ b/index.html @@ -4,7 +4,7 @@ Welcome to OAuth2 Proxy | OAuth2 Proxy - + @@ -13,7 +13,7 @@ to validate accounts by email, domain or group.

    note

    This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

    Sign In Page

    Architecture

    OAuth2 Proxy Architecture

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file diff --git a/search-index.json b/search-index.json index bd3dd7b7..de2fd306 100644 --- a/search-index.json +++ b/search-index.json @@ -1 +1 @@ -[{"documents":[{"i":154,"t":"Installation","u":"/oauth2-proxy/docs/","b":["Docs"]},{"i":156,"t":"Behaviour","u":"/oauth2-proxy/docs/behaviour","b":["Docs"]},{"i":158,"t":"Security","u":"/oauth2-proxy/docs/community/security","b":["Docs","Community"]},{"i":164,"t":"Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","b":["Docs","Configuration"]},{"i":223,"t":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/configuration/oauth_provider","b":["Docs","Configuration"]},{"i":261,"t":"Overview","u":"/oauth2-proxy/docs/configuration/overview","b":["Docs","Configuration"]},{"i":289,"t":"Session Storage","u":"/oauth2-proxy/docs/configuration/session_storage","b":["Docs","Configuration"]},{"i":295,"t":"TLS Configuration","u":"/oauth2-proxy/docs/configuration/tls","b":["Docs","Configuration"]},{"i":301,"t":"Endpoints","u":"/oauth2-proxy/docs/features/endpoints","b":["Docs","Features"]}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/154",[0,2.222]],["t/156",[1,2.222]],["t/158",[2,2.222]],["t/164",[3,1.699,4,0.94]],["t/223",[4,0.761,5,1.375,6,1.375]],["t/261",[7,2.222]],["t/289",[8,1.699,9,1.699]],["t/295",[4,0.94,10,1.699]],["t/301",[11,2.222]]],"invertedIndex":[["alpha",{"_index":3,"t":{"164":{"position":[[0,5]]}}}],["behaviour",{"_index":1,"t":{"156":{"position":[[0,9]]}}}],["configur",{"_index":4,"t":{"164":{"position":[[6,13]]},"223":{"position":[[15,13]]},"295":{"position":[[4,13]]}}}],["endpoint",{"_index":11,"t":{"301":{"position":[[0,9]]}}}],["instal",{"_index":0,"t":{"154":{"position":[[0,12]]}}}],["oauth",{"_index":5,"t":{"223":{"position":[[0,5]]}}}],["overview",{"_index":7,"t":{"261":{"position":[[0,8]]}}}],["provid",{"_index":6,"t":{"223":{"position":[[6,8]]}}}],["secur",{"_index":2,"t":{"158":{"position":[[0,8]]}}}],["session",{"_index":8,"t":{"289":{"position":[[0,7]]}}}],["storag",{"_index":9,"t":{"289":{"position":[[8,7]]}}}],["tl",{"_index":10,"t":{"295":{"position":[[0,3]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":160,"t":"Security Disclosures","u":"/oauth2-proxy/docs/community/security","h":"#security-disclosures","p":158},{"i":162,"t":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/community/security","h":"#how-will-we-respond-to-disclosures","p":158},{"i":166,"t":"Using Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#using-alpha-configuration","p":164},{"i":168,"t":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":164},{"i":170,"t":"Removed options","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#removed-options","p":164},{"i":172,"t":"Configuration Reference","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#configuration-reference","p":164},{"i":173,"t":"ADFSOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#adfsoptions","p":164},{"i":175,"t":"AlphaOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#alphaoptions","p":164},{"i":177,"t":"AzureOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#azureoptions","p":164},{"i":179,"t":"BitbucketOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#bitbucketoptions","p":164},{"i":181,"t":"ClaimSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#claimsource","p":164},{"i":183,"t":"Duration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#duration","p":164},{"i":185,"t":"GitHubOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#githuboptions","p":164},{"i":187,"t":"GitLabOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#gitlaboptions","p":164},{"i":189,"t":"GoogleOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#googleoptions","p":164},{"i":191,"t":"Header","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#header","p":164},{"i":193,"t":"HeaderValue","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#headervalue","p":164},{"i":195,"t":"KeycloakOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#keycloakoptions","p":164},{"i":197,"t":"LoginGovOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#logingovoptions","p":164},{"i":199,"t":"LoginURLParameter","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#loginurlparameter","p":164},{"i":201,"t":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"","p":164},{"i":203,"t":"OIDCOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#oidcoptions","p":164},{"i":205,"t":"Provider","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#provider","p":164},{"i":207,"t":"ProviderType","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providertype","p":164},{"i":209,"t":"Providers","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providers","p":164},{"i":211,"t":"SecretSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#secretsource","p":164},{"i":213,"t":"Server","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#server","p":164},{"i":215,"t":"TLS","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#tls","p":164},{"i":217,"t":"URLParameterRule","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#urlparameterrule","p":164},{"i":219,"t":"Upstream","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstream","p":164},{"i":221,"t":"UpstreamConfig","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstreamconfig","p":164},{"i":225,"t":"Google Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#google-auth-provider","p":223},{"i":227,"t":"Azure Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#azure-auth-provider","p":223},{"i":229,"t":"ADFS Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adfs-auth-provider","p":223},{"i":231,"t":"Facebook Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#facebook-auth-provider","p":223},{"i":233,"t":"GitHub Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#github-auth-provider","p":223},{"i":235,"t":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-auth-provider","p":223},{"i":237,"t":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":223},{"i":239,"t":"GitLab Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitlab-auth-provider","p":223},{"i":241,"t":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#linkedin-auth-provider","p":223},{"i":243,"t":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":223},{"i":245,"t":"OpenID Connect Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#openid-connect-provider","p":223},{"i":247,"t":"login.gov Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#logingov-provider","p":223},{"i":249,"t":"Nextcloud Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#nextcloud-provider","p":223},{"i":251,"t":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":223},{"i":253,"t":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":223},{"i":255,"t":"Gitea Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitea-auth-provider","p":223},{"i":257,"t":"Email Authentication","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#email-authentication","p":223},{"i":259,"t":"Adding a new Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adding-a-new-provider","p":223},{"i":263,"t":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/configuration/overview","h":"#generating-a-cookie-secret","p":261},{"i":265,"t":"Config File","u":"/oauth2-proxy/docs/configuration/overview","h":"#config-file","p":261},{"i":267,"t":"Command Line Options","u":"/oauth2-proxy/docs/configuration/overview","h":"#command-line-options","p":261},{"i":269,"t":"Upstreams Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#upstreams-configuration","p":261},{"i":271,"t":"Environment variables","u":"/oauth2-proxy/docs/configuration/overview","h":"#environment-variables","p":261},{"i":273,"t":"Logging Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#logging-configuration","p":261},{"i":275,"t":"Auth Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#auth-log-format","p":261},{"i":277,"t":"Request Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#request-log-format","p":261},{"i":279,"t":"Standard Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#standard-log-format","p":261},{"i":281,"t":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":261},{"i":283,"t":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":261},{"i":285,"t":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":261},{"i":287,"t":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":261},{"i":291,"t":"Cookie Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#cookie-storage","p":289},{"i":293,"t":"Redis Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#redis-storage","p":289},{"i":297,"t":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":295},{"i":299,"t":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":295},{"i":303,"t":"Sign out","u":"/oauth2-proxy/docs/features/endpoints","h":"#sign-out","p":301},{"i":305,"t":"Auth","u":"/oauth2-proxy/docs/features/endpoints","h":"#auth","p":301}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/160",[0,4.031,1,3.493]],["t/162",[1,3.493,2,4.031]],["t/166",[3,2.64,4,3.39,5,1.854]],["t/168",[5,1.6,6,2.925,7,2.535,8,2.925]],["t/170",[9,4.031,10,3.493]],["t/172",[5,2.205,11,4.031]],["t/173",[12,4.97]],["t/175",[13,4.97]],["t/177",[14,4.97]],["t/179",[15,4.97]],["t/181",[16,4.97]],["t/183",[17,4.97]],["t/185",[18,4.97]],["t/187",[19,4.97]],["t/189",[20,4.97]],["t/191",[21,4.97]],["t/193",[22,4.97]],["t/195",[23,4.97]],["t/197",[24,4.97]],["t/199",[25,4.97]],["t/201",[26,2.925,27,2.925,28,2.925,29,2.925]],["t/203",[30,4.97]],["t/205",[31,1.64]],["t/207",[32,4.97]],["t/209",[31,1.64]],["t/211",[33,4.97]],["t/213",[34,4.97]],["t/215",[35,3.87]],["t/217",[36,4.97]],["t/219",[37,3.87]],["t/221",[38,4.97]],["t/225",[31,1.119,39,3.39,40,1.381]],["t/227",[31,1.119,40,1.381,41,2.938]],["t/229",[31,1.119,40,1.381,42,3.39]],["t/231",[31,1.119,40,1.381,43,3.39]],["t/233",[31,1.119,40,1.381,44,3.39]],["t/235",[31,1.119,40,1.381,45,2.938]],["t/237",[31,0.966,40,1.192,45,2.535,46,2.925]],["t/239",[31,1.119,40,1.381,47,3.39]],["t/241",[31,1.119,40,1.381,48,3.39]],["t/243",[31,0.966,41,2.535,49,2.925,50,2.535]],["t/245",[31,1.119,51,3.39,52,3.39]],["t/247",[31,1.33,53,4.031]],["t/249",[31,1.33,54,4.031]],["t/251",[31,1.119,40,1.381,55,3.39]],["t/253",[31,1.119,40,1.381,56,3.39]],["t/255",[31,1.119,40,1.381,57,3.39]],["t/257",[58,4.031,59,4.031]],["t/259",[7,2.938,31,1.119,50,2.938]],["t/263",[60,3.39,61,2.938,62,3.39]],["t/265",[63,4.031,64,4.031]],["t/267",[10,2.938,65,3.39,66,3.39]],["t/269",[5,2.205,37,3.139]],["t/271",[67,4.031,68,4.031]],["t/273",[5,2.205,69,2.874]],["t/275",[40,1.381,69,2.417,70,2.64]],["t/277",[69,2.417,70,2.64,71,3.39]],["t/279",[69,2.417,70,2.64,72,3.39]],["t/281",[3,2.003,5,1.407,73,2.229,74,2.573,75,2.573]],["t/283",[3,1.788,5,1.256,76,2.296,77,2.296,78,1.788,79,1.989]],["t/285",[78,2.278,79,2.535,80,2.925,81,2.925]],["t/287",[5,1.6,37,2.278,78,2.278,82,2.925]],["t/291",[61,3.493,83,3.493]],["t/293",[83,3.493,84,4.031]],["t/297",[35,2.278,85,2.535,86,2.925,87,2.535]],["t/299",[35,1.788,73,1.989,85,1.989,87,1.989,88,2.296,89,2.296]],["t/303",[90,4.031,91,4.031]],["t/305",[40,2.025]]],"invertedIndex":[["401",{"_index":80,"t":{"285":{"position":[[17,3]]}}}],["ad",{"_index":50,"t":{"243":{"position":[[16,2]]},"259":{"position":[[0,6]]}}}],["adf",{"_index":42,"t":{"229":{"position":[[0,4]]}}}],["adfsopt",{"_index":12,"t":{"173":{"position":[[0,11]]}}}],["alpha",{"_index":4,"t":{"166":{"position":[[6,5]]}}}],["alphaopt",{"_index":13,"t":{"175":{"position":[[0,12]]}}}],["auth",{"_index":40,"t":{"225":{"position":[[7,4]]},"227":{"position":[[6,4]]},"229":{"position":[[5,4]]},"231":{"position":[[9,4]]},"233":{"position":[[7,4]]},"235":{"position":[[9,4]]},"237":{"position":[[14,4]]},"239":{"position":[[7,4]]},"241":{"position":[[9,4]]},"251":{"position":[[13,4]]},"253":{"position":[[10,4]]},"255":{"position":[[6,4]]},"275":{"position":[[0,4]]},"305":{"position":[[0,4]]}}}],["auth_request",{"_index":74,"t":{"281":{"position":[[35,12]]}}}],["authent",{"_index":59,"t":{"257":{"position":[[6,14]]}}}],["azur",{"_index":41,"t":{"227":{"position":[[0,5]]},"243":{"position":[[10,5]]}}}],["azureopt",{"_index":14,"t":{"177":{"position":[[0,12]]}}}],["bitbucket",{"_index":56,"t":{"253":{"position":[[0,9]]}}}],["bitbucketopt",{"_index":15,"t":{"179":{"position":[[0,16]]}}}],["claimsourc",{"_index":16,"t":{"181":{"position":[[0,11]]}}}],["command",{"_index":65,"t":{"267":{"position":[[0,7]]}}}],["config",{"_index":63,"t":{"265":{"position":[[0,6]]}}}],["configur",{"_index":5,"t":{"166":{"position":[[12,13]]},"168":{"position":[[11,13]]},"172":{"position":[[0,13]]},"269":{"position":[[10,13]]},"273":{"position":[[8,13]]},"281":{"position":[[0,11]]},"283":{"position":[[0,11]]},"287":{"position":[[34,13]]}}}],["connect",{"_index":52,"t":{"245":{"position":[[7,7]]}}}],["convert",{"_index":6,"t":{"168":{"position":[[0,10]]}}}],["cooki",{"_index":61,"t":{"263":{"position":[[13,6]]},"291":{"position":[[0,6]]}}}],["digitalocean",{"_index":55,"t":{"251":{"position":[[0,12]]}}}],["direct",{"_index":75,"t":{"281":{"position":[[48,9]]}}}],["disclosur",{"_index":1,"t":{"160":{"position":[[9,11]]},"162":{"position":[[23,12]]}}}],["durat",{"_index":17,"t":{"183":{"position":[[0,8]]}}}],["e.g",{"_index":89,"t":{"299":{"position":[[32,4]]}}}],["email",{"_index":58,"t":{"257":{"position":[[0,5]]}}}],["environ",{"_index":67,"t":{"271":{"position":[[0,11]]}}}],["error",{"_index":81,"t":{"285":{"position":[[21,6]]}}}],["facebook",{"_index":43,"t":{"231":{"position":[[0,8]]}}}],["file",{"_index":64,"t":{"265":{"position":[[7,4]]}}}],["fix",{"_index":29,"t":{"201":{"position":[[27,5]]}}}],["format",{"_index":70,"t":{"275":{"position":[[9,6]]},"277":{"position":[[12,6]]},"279":{"position":[[13,6]]}}}],["forwardauth",{"_index":78,"t":{"283":{"position":[[42,11]]},"285":{"position":[[0,11]]},"287":{"position":[[0,11]]}}}],["gener",{"_index":60,"t":{"263":{"position":[[0,10]]}}}],["gitea",{"_index":57,"t":{"255":{"position":[[0,5]]}}}],["github",{"_index":44,"t":{"233":{"position":[[0,6]]}}}],["githubopt",{"_index":18,"t":{"185":{"position":[[0,13]]}}}],["gitlab",{"_index":47,"t":{"239":{"position":[[0,6]]}}}],["gitlabopt",{"_index":19,"t":{"187":{"position":[[0,13]]}}}],["googl",{"_index":39,"t":{"225":{"position":[[0,6]]}}}],["googleopt",{"_index":20,"t":{"189":{"position":[[0,13]]}}}],["header",{"_index":21,"t":{"191":{"position":[[0,6]]}}}],["headervalu",{"_index":22,"t":{"193":{"position":[[0,11]]}}}],["keycloak",{"_index":45,"t":{"235":{"position":[[0,8]]},"237":{"position":[[0,8]]}}}],["keycloakopt",{"_index":23,"t":{"195":{"position":[[0,15]]}}}],["line",{"_index":66,"t":{"267":{"position":[[8,4]]}}}],["linkedin",{"_index":48,"t":{"241":{"position":[[0,8]]}}}],["log",{"_index":69,"t":{"273":{"position":[[0,7]]},"275":{"position":[[5,3]]},"277":{"position":[[8,3]]},"279":{"position":[[9,3]]}}}],["login.gov",{"_index":53,"t":{"247":{"position":[[0,9]]}}}],["logingovopt",{"_index":24,"t":{"197":{"position":[[0,15]]}}}],["loginurlparamet",{"_index":25,"t":{"199":{"position":[[0,17]]}}}],["microsoft",{"_index":49,"t":{"243":{"position":[[0,9]]}}}],["middlewar",{"_index":79,"t":{"283":{"position":[[54,10]]},"285":{"position":[[28,10]]}}}],["new",{"_index":7,"t":{"168":{"position":[[32,3]]},"259":{"position":[[9,3]]}}}],["nextcloud",{"_index":54,"t":{"249":{"position":[[0,9]]}}}],["nginx",{"_index":73,"t":{"281":{"position":[[29,5]]},"299":{"position":[[37,5]]}}}],["oauth2",{"_index":86,"t":{"297":{"position":[[17,6]]}}}],["oidc",{"_index":46,"t":{"237":{"position":[[9,4]]}}}],["oidcopt",{"_index":30,"t":{"203":{"position":[[0,11]]}}}],["openid",{"_index":51,"t":{"245":{"position":[[0,6]]}}}],["option",{"_index":10,"t":{"170":{"position":[[8,7]]},"267":{"position":[[13,7]]}}}],["out",{"_index":91,"t":{"303":{"position":[[5,3]]}}}],["paramet",{"_index":26,"t":{"201":{"position":[[2,9]]}}}],["provid",{"_index":31,"t":{"205":{"position":[[0,8]]},"209":{"position":[[0,9]]},"225":{"position":[[12,8]]},"227":{"position":[[11,8]]},"229":{"position":[[10,8]]},"231":{"position":[[14,8]]},"233":{"position":[[12,8]]},"235":{"position":[[14,8]]},"237":{"position":[[19,8]]},"239":{"position":[[12,8]]},"241":{"position":[[14,8]]},"243":{"position":[[19,8]]},"245":{"position":[[15,8]]},"247":{"position":[[10,8]]},"249":{"position":[[10,8]]},"251":{"position":[[18,8]]},"253":{"position":[[15,8]]},"255":{"position":[[11,8]]},"259":{"position":[[13,8]]}}}],["providertyp",{"_index":32,"t":{"207":{"position":[[0,12]]}}}],["proxi",{"_index":87,"t":{"297":{"position":[[24,5]]},"299":{"position":[[25,6]]}}}],["redi",{"_index":84,"t":{"293":{"position":[[0,5]]}}}],["refer",{"_index":11,"t":{"172":{"position":[[14,9]]}}}],["remov",{"_index":9,"t":{"170":{"position":[[0,7]]}}}],["request",{"_index":71,"t":{"277":{"position":[[0,7]]}}}],["respond",{"_index":2,"t":{"162":{"position":[[12,7]]}}}],["revers",{"_index":88,"t":{"299":{"position":[[17,7]]}}}],["secret",{"_index":62,"t":{"263":{"position":[[20,6]]}}}],["secretsourc",{"_index":33,"t":{"211":{"position":[[0,12]]}}}],["secur",{"_index":0,"t":{"160":{"position":[[0,8]]}}}],["server",{"_index":34,"t":{"213":{"position":[[0,6]]}}}],["sign",{"_index":90,"t":{"303":{"position":[[0,4]]}}}],["standard",{"_index":72,"t":{"279":{"position":[[0,8]]}}}],["static",{"_index":82,"t":{"287":{"position":[[17,6]]}}}],["storag",{"_index":83,"t":{"291":{"position":[[7,7]]},"293":{"position":[[6,7]]}}}],["structur",{"_index":8,"t":{"168":{"position":[[36,9]]}}}],["termin",{"_index":85,"t":{"297":{"position":[[0,9]]},"299":{"position":[[0,9]]}}}],["tl",{"_index":35,"t":{"215":{"position":[[0,3]]},"297":{"position":[[10,3]]},"299":{"position":[[10,3]]}}}],["traefik",{"_index":76,"t":{"283":{"position":[[29,7]]}}}],["upstream",{"_index":37,"t":{"219":{"position":[[0,8]]},"269":{"position":[[0,9]]},"287":{"position":[[24,9]]}}}],["upstreamconfig",{"_index":38,"t":{"221":{"position":[[0,14]]}}}],["urlparameterrul",{"_index":36,"t":{"217":{"position":[[0,16]]}}}],["us",{"_index":3,"t":{"166":{"position":[[0,5]]},"281":{"position":[[16,3]]},"283":{"position":[[16,3]]}}}],["v2",{"_index":77,"t":{"283":{"position":[[37,4]]}}}],["valu",{"_index":28,"t":{"201":{"position":[[18,5]]}}}],["variabl",{"_index":68,"t":{"271":{"position":[[12,9]]}}}],["whose",{"_index":27,"t":{"201":{"position":[[12,5]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":155,"t":"Choose how to deploy: a. Download Prebuilt Binary (current release is v7.5.0) b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available) d. Using a Kubernetes manifest (Helm) Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. $ sha256sum -c sha256sum.txtoauth2-proxy-x.y.z.linux-amd64: OK Select a Provider and Register an OAuth Application with a Provider Configure OAuth2 Proxy using config file, command line options, or environment variables Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)","s":"Installation","u":"/oauth2-proxy/docs/","h":"","p":154},{"i":157,"t":"Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens). If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned) After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) Notice that the proxy also provides a number of useful endpoints.","s":"Behaviour","u":"/oauth2-proxy/docs/behaviour","h":"","p":156},{"i":159,"t":"note OAuth2 Proxy is a community project. Maintainers do not work on this project full time, and as such, while we endeavour to respond to disclosures as quickly as possible, this may take longer than in projects with corporate sponsorship.","s":"Security","u":"/oauth2-proxy/docs/community/security","h":"","p":158},{"i":161,"t":"info If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly. Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintenance team for OAuth2 Proxy, please compose an email and send it to the list of maintainers in our MAINTAINERS file. Please include as much detail as possible. Ideally, your disclosure should include: A reproducible case that can be used to demonstrate the exploit How you discovered this vulnerability A potential fix for the issue (if you have thought of one) Versions affected (if not present in master) Your GitHub ID","s":"Security Disclosures","u":"/oauth2-proxy/docs/community/security","h":"#security-disclosures","p":158},{"i":163,"t":"We use GitHub Security Advisories to privately discuss fixes for disclosed vulnerabilities. If you include a GitHub ID with your disclosure we will add you as a collaborator for the advisory so that you can join the discussion and validate any fixes we may propose. For minor issues and previously disclosed vulnerabilities (typically for dependencies), we may use regular PRs for fixes and forego the security advisory. Once a fix has been agreed upon, we will merge the fix and create a new release. If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.","s":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/community/security","h":"#how-will-we-respond-to-disclosures","p":158},{"i":165,"t":"danger This page contains documentation for alpha features. We reserve the right to make breaking changes to the features detailed within this page with no notice. Options described in this page may be changed, removed, renamed or moved without prior warning. Please beware of this before you use alpha configuration options. This page details a set of alpha configuration options in a new format. Going forward we are intending to add structured configuration in YAML format to replace the existing TOML based configuration file and flags. Below is a reference for the structure of the configuration, with AlphaOptions as the root of the configuration. When using alpha configuration, your config file will look something like below: upstreams: - id: ... ...injectRequestHeaders: - name: ... ...injectResponseHeaders: - name: ... ... Please browse the reference below for the structure of the new configuration format.","s":"Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"","p":164},{"i":167,"t":"To use the new alpha configuration, generate a YAML file based on the format described in the reference below. Provide the path to this file using the --alpha-config flag. note When using the --alpha-config flag, some options are no longer available. See removed options below for more information.","s":"Using Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#using-alpha-configuration","p":164},{"i":169,"t":"Before adding the new --alpha-config option, start OAuth2 Proxy using the convert-config-to-alpha flag to convert existing configuration to the new format. oauth2-proxy --convert-config-to-alpha --config ./path/to/existing/config.cfg This will convert any options supported by the new format to YAML and print the new configuration to STDOUT. Copy this to a new file, remove any options from your existing configuration noted in removed options and then start OAuth2 Proxy using the new config. oauth2-proxy --alpha-config ./path/to/new/config.yaml --config ./path/to/existing/config.cfg","s":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":164},{"i":171,"t":"The following flags/options and their respective environment variables are no longer available when using alpha configuration: flush-interval/flush_interval pass-host-header/pass_host_header proxy-websockets/proxy_websockets ssl-upstream-insecure-skip-verify/ssl_upstream_insecure_skip_verify upstream/upstreams pass-basic-auth/pass_basic_auth pass-access-token/pass_access_token pass-user-headers/pass_user_headers pass-authorization-header/pass_authorization_header set-basic-auth/set_basic_auth set-xauthrequest/set_xauthrequest set-authorization-header/set_authorization_header prefer-email-to-user/prefer_email_to_user basic-auth-password/basic_auth_password skip-auth-strip-headers/skip_auth_strip_headers client-id/client_id client-secret/client_secret, and client-secret-file/client_secret_file provider provider-display-name/provider_display_name provider-ca-file/provider_ca_files login-url/login_url redeem-url/redeem_url profile-url/profile_url resource validate-url/validate_url scope prompt approval-prompt/approval_prompt acr-values/acr_values user-id-claim/user_id_claim allowed-group/allowed_groups allowed-role/allowed_roles jwt-key/jwt_key jwt-key-file/jwt_key_file pubjwk-url/pubjwk_url and all provider-specific options, i.e. any option whose name includes oidc, azure, bitbucket, github, gitlab, google or keycloak. Attempting to use any of these options via flags or via config when --alpha-config is set will result in an error. info You must remove these options before starting OAuth2 Proxy with --alpha-config","s":"Removed options","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#removed-options","p":164},{"i":174,"t":"(Appears on: Provider) Field Type Description skipScope bool Skip adding the scope parameter in login requestDefault value is 'false'","s":"ADFSOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#adfsoptions","p":164},{"i":176,"t":"AlphaOptions contains alpha structured configuration options. Usage of these options allows users to access alpha features that are not available as part of the primary configuration structure for OAuth2 Proxy. danger The options within this structure are considered alpha. They may change between releases without notice. Field Type Description upstreamConfig UpstreamConfig UpstreamConfig is used to configure upstream servers.Once a user is authenticated, requests to the server will be proxied tothese upstream servers based on the path mappings defined in this list. injectRequestHeaders []Header InjectRequestHeaders is used to configure headers that should be addedto requests to upstream servers.Headers may source values from either the authenticated user's sessionor from a static secret value. injectResponseHeaders []Header InjectResponseHeaders is used to configure headers that should be addedto responses from the proxy.This is typically used when using the proxy as an external authenticationprovider in conjunction with another proxy such as NGINX and itsauth_request module.Headers may source values from either the authenticated user's sessionor from a static secret value. server Server Server is used to configure the HTTP(S) server for the proxy application.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. metricsServer Server MetricsServer is used to configure the HTTP(S) server for metrics.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. providers Providers Providers is used to configure multiple providers.","s":"AlphaOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#alphaoptions","p":164},{"i":178,"t":"(Appears on: Provider) Field Type Description tenant string Tenant directs to a tenant-specific or common (tenant-independent) endpointDefault value is 'common' graphGroupField string GraphGroupField configures the group field to be used when building the groups list from Microsoft GraphDefault value is 'id'","s":"AzureOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#azureoptions","p":164},{"i":180,"t":"(Appears on: Provider) Field Type Description team string Team sets restrict logins to members of this team repository string Repository sets restrict logins to user with access to this repository","s":"BitbucketOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#bitbucketoptions","p":164},{"i":182,"t":"(Appears on: HeaderValue) ClaimSource allows loading a header value from a claim within the session Field Type Description claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"ClaimSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#claimsource","p":164},{"i":184,"t":"(string alias)​ (Appears on: Upstream) Duration is as string representation of a period of time. A duration string is a is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".","s":"Duration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#duration","p":164},{"i":186,"t":"(Appears on: Provider) Field Type Description org string Org sets restrict logins to members of this organisation team string Team sets restrict logins to members of this team repo string Repo sets restrict logins to collaborators of this repository token string Token is the token to use when verifying repository collaboratorsit must have push access to the repository users []string Users allows users with these usernames to logineven if they do not belong to the specified org and team or collaborators","s":"GitHubOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#githuboptions","p":164},{"i":188,"t":"(Appears on: Provider) Field Type Description group []string Group sets restrict logins to members of this group projects []string Projects restricts logins to members of any of these projects","s":"GitLabOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#gitlaboptions","p":164},{"i":190,"t":"(Appears on: Provider) Field Type Description group []string Groups sets restrict logins to members of this google group adminEmail string AdminEmail is the google admin to impersonate for api calls serviceAccountJson string ServiceAccountJSON is the path to the service account json credentials useApplicationDefaultCredentials bool UseApplicationDefaultCredentials is a boolean whether to use Application Default Credentials instead of a ServiceAccountJSON","s":"GoogleOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#googleoptions","p":164},{"i":192,"t":"(Appears on: AlphaOptions) Header represents an individual header that will be added to a request or response header. Field Type Description name string Name is the header name to be used for this set of values.Names should be unique within a list of Headers. preserveRequestValue bool PreserveRequestValue determines whether any values for this headershould be preserved for the request to the upstream server.This option only applies to injected request headers.Defaults to false (headers that match this header will be stripped). values []HeaderValue Values contains the desired values for this header","s":"Header","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#header","p":164},{"i":194,"t":"(Appears on: Header) HeaderValue represents a single header value and the sources that can make up the header value Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value. claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"HeaderValue","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#headervalue","p":164},{"i":196,"t":"(Appears on: Provider) Field Type Description groups []string Group enables to restrict login to members of indicated group roles []string Role enables to restrict login to users with role (only available when using the keycloak-oidc provider)","s":"KeycloakOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#keycloakoptions","p":164},{"i":198,"t":"(Appears on: Provider) Field Type Description jwtKey string JWTKey is a private key in PEM format used to sign JWT, jwtKeyFile string JWTKeyFile is a path to the private key file in PEM format used to sign the JWT pubjwkURL string PubJWKURL is the JWK pubkey access endpoint","s":"LoginGovOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#logingovoptions","p":164},{"i":200,"t":"(Appears on: Provider) LoginURLParameter is the configuration for a single query parameter that can be passed through from the /oauth2/start endpoint to the IdP login URL. The \"default\" option specifies the default value or values (if any) that will be passed to the IdP for this parameter, and \"allow\" is a list of options for ways in which this parameter can be set or overridden via the query string to /oauth2/start. If only a default is specified and no \"allow\" then the parameter is effectively fixed - the default value will always be used and anything passed to the start URL will be ignored. If only \"allow\" is specified but no default then the parameter will only be passed on to the IdP if the caller provides it, and no value will be sent otherwise. Examples:","s":"LoginURLParameter","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#loginurlparameter","p":164},{"i":202,"t":"name: organizationdefault:- myorg A parameter that is not passed by default, but may be set to one of a fixed set of values name: promptallow:- value: login- value: consent- value: select_account A parameter that is passed by default but may be overridden by one of a fixed set of values name: promptdefault: [\"login\"]allow:- value: consent- value: select_account A parameter that may be overridden, but only by values that match a regular expression. For example to restrict login_hint to email addresses in your organization's domain: name: login_hintallow:- pattern: '^[^@]*@example\\.com$'# this allows at most one \"@\" sign, and requires \"example.com\" domain. Note that the YAML rules around exactly which characters are allowed and/or require escaping in different types of string literals are convoluted. For regular expressions the single quoted form is simplest as backslash is not considered to be an escape character. Alternatively use the \"chomped block\" format |-: - pattern: |- ^[^@]*@example\\.com$ The hyphen is important, a | block would have a trailing newline character. Field Type Description name string Name specifies the name of the query parameter. default []string (Optional) Default specifies a default value or values that will bepassed to the IdP if not overridden. allow []URLParameterRule (Optional) Allow specifies rules about how the default (if any) may beoverridden via the query string to /oauth2/start. Onlyvalues that match one or more of the allow rules will beforwarded to the IdP.","s":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"","p":164},{"i":204,"t":"(Appears on: Provider) Field Type Description issuerURL string IssuerURL is the OpenID Connect issuer URLeg: https://accounts.google.com insecureAllowUnverifiedEmail bool InsecureAllowUnverifiedEmail prevents failures if an email address in an id_token is not verifieddefault set to 'false' insecureSkipIssuerVerification bool InsecureSkipIssuerVerification skips verification of ID token issuers. When false, ID Token Issuers must match the OIDC discovery URLdefault set to 'false' insecureSkipNonce bool InsecureSkipNonce skips verifying the ID Token's nonce claim that must matchthe random nonce sent in the initial OAuth flow. Otherwise, the nonce is checkedafter the initial OAuth redeem & subsequent token refreshes.default set to 'true'Warning: In a future release, this will change to 'false' by default for enhanced security. skipDiscovery bool SkipDiscovery allows to skip OIDC discovery and use manually supplied Endpointsdefault set to 'false' jwksURL string JwksURL is the OpenID Connect JWKS URLeg: https://www.googleapis.com/oauth2/v3/certs emailClaim string EmailClaim indicates which claim contains the user email,default set to 'email' groupsClaim string GroupsClaim indicates which claim contains the user groupsdefault set to 'groups' userIDClaim string UserIDClaim indicates which claim contains the user IDdefault set to 'email' audienceClaims []string AudienceClaim allows to define any claim that is verified against the client idBy default aud claim is used for verification. extraAudiences []string ExtraAudiences is a list of additional audiences that are allowedto pass verification in addition to the client id.","s":"OIDCOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#oidcoptions","p":164},{"i":206,"t":"(Appears on: Providers) Provider holds all configuration for a single provider Field Type Description clientID string ClientID is the OAuth Client ID that is defined in the providerThis value is required for all providers. clientSecret string ClientSecret is the OAuth Client Secret that is defined in the providerThis value is required for all providers. clientSecretFile string ClientSecretFile is the name of the filecontaining the OAuth Client Secret, it will be used if ClientSecret is not set. keycloakConfig KeycloakOptions KeycloakConfig holds all configurations for Keycloak provider. azureConfig AzureOptions AzureConfig holds all configurations for Azure provider. ADFSConfig ADFSOptions ADFSConfig holds all configurations for ADFS provider. bitbucketConfig BitbucketOptions BitbucketConfig holds all configurations for Bitbucket provider. githubConfig GitHubOptions GitHubConfig holds all configurations for GitHubC provider. gitlabConfig GitLabOptions GitLabConfig holds all configurations for GitLab provider. googleConfig GoogleOptions GoogleConfig holds all configurations for Google provider. oidcConfig OIDCOptions OIDCConfig holds all configurations for OIDC provideror providers utilize OIDC configurations. loginGovConfig LoginGovOptions LoginGovConfig holds all configurations for LoginGov provider. id string ID should be a unique identifier for the provider.This value is required for all providers. provider ProviderType Type is the OAuth providermust be set from the supported providers group,otherwise 'Google' is set as default name string Name is the providers display nameif set, it will be shown to the users in the login page. caFiles []string CAFiles is a list of paths to CA certificates that should be used when connecting to the provider.If not specified, the default Go trust sources are used instead loginURL string LoginURL is the authentication endpoint loginURLParameters []LoginURLParameter LoginURLParameters defines the parameters that can be passed from the start URL to the IdP login URL redeemURL string RedeemURL is the token redemption endpoint profileURL string ProfileURL is the profile access endpoint resource string ProtectedResource is the resource that is protected (Azure AD and ADFS only) validateURL string ValidateURL is the access token validation endpoint scope string Scope is the OAuth scope specification allowedGroups []string AllowedGroups is a list of restrict logins to members of this group code_challenge_method string The code challenge method","s":"Provider","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#provider","p":164},{"i":208,"t":"(string alias)​ (Appears on: Provider) ProviderType is used to enumerate the different provider type options Valid options are: adfs, azure, bitbucket, digitalocean facebook, github, gitlab, google, keycloak, keycloak-oidc, linkedin, login.gov, nextcloud and oidc.","s":"ProviderType","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providertype","p":164},{"i":210,"t":"([]Provider alias)​ (Appears on: AlphaOptions) Providers is a collection of definitions for providers.","s":"Providers","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providers","p":164},{"i":212,"t":"(Appears on: ClaimSource, HeaderValue, TLS) SecretSource references an individual secret value. Only one source within the struct should be defined at any time. Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value.","s":"SecretSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#secretsource","p":164},{"i":214,"t":"(Appears on: AlphaOptions) Server represents the configuration for an HTTP(S) server Field Type Description BindAddress string BindAddress is the address on which to serve traffic.Leave blank or set to \"-\" to disable. SecureBindAddress string SecureBindAddress is the address on which to serve secure traffic.Leave blank or set to \"-\" to disable. TLS TLS TLS contains the information for loading the certificate and key for thesecure traffic and further configuration for the TLS server.","s":"Server","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#server","p":164},{"i":216,"t":"(Appears on: Server) TLS contains the information for loading a TLS certificate and key as well as an optional minimal TLS version that is acceptable. Field Type Description Key SecretSource Key is the TLS key data to use.Typically this will come from a file. Cert SecretSource Cert is the TLS certificate data to use.Typically this will come from a file. MinVersion string MinVersion is the minimal TLS version that is acceptable.E.g. Set to \"TLS1.3\" to select TLS version 1.3 CipherSuites []string CipherSuites is a list of TLS cipher suites that are allowed.E.g.:- TLS_RSA_WITH_RC4_128_SHA- TLS_RSA_WITH_AES_256_GCM_SHA384If not specified, the default Go safe cipher list is used.List of valid cipher suites can be found in the crypto/tls documentation.","s":"TLS","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#tls","p":164},{"i":218,"t":"(Appears on: LoginURLParameter) URLParameterRule represents a rule by which query parameters passed to the /oauth2/start endpoint are checked to determine whether they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both. Field Type Description value string A Value rule matches just this specific value pattern string A Pattern rule gives a regular expression that must be matched bysome substring of the value. The expression is not automaticallyanchored to the start and end of the value, if you want to restrictthe whole parameter value you must anchor it yourself with ^ and $.","s":"URLParameterRule","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#urlparameterrule","p":164},{"i":220,"t":"(Appears on: UpstreamConfig) Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path. Field Type Description id string ID should be a unique identifier for the upstream.This value is required for all upstreams. path string Path is used to map requests to the upstream server.The closest match will take precedence and all Paths must be unique.Path can also take a pattern when used with RewriteTarget.Path segments can be captured and matched using regular experessions.Eg:- ^/foo$: Match only the explicit path /foo- ^/bar/$: Match any path prefixed with /bar/- ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget rewriteTarget string RewriteTarget allows users to rewrite the request path before it is sent tothe upstream server.Use the Path to capture segments for reuse within the rewrite target.Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewritethe request /baz/abc/123 to /foo/abc/123 before proxying to theupstream server. uri string The URI of the upstream server. This may be an HTTP(S) server of a Filebased URL. It may include a path, in which case all requests will be servedunder that path.Eg:- http://localhost:8080- https://service.localhost- https://service.localhost/path- file://host/pathIf the URI's path is \"/base\" and the incoming request was for \"/dir\",the upstream request will be for \"/base/dir\". insecureSkipTLSVerify bool InsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.This option is insecure and will allow potential Man-In-The-Middle attacksbetweem OAuth2 Proxy and the usptream server.Defaults to false. static bool Static will make all requests to this upstream have a static response.The response will have a body of \"Authenticated\" and a response codematching StaticCode.If StaticCode is not set, the response will return a 200 response. staticCode int StaticCode determines the response code for the Static response.This option can only be used with Static enabled. flushInterval Duration FlushInterval is the period between flushing the response buffer whenstreaming response from the upstream.Defaults to 1 second. passHostHeader bool PassHostHeader determines whether the request host header should be proxiedto the upstream server.Defaults to true. proxyWebSockets bool ProxyWebSockets enables proxying of websockets to upstream serversDefaults to true. timeout Duration Timeout is the maximum duration the server will wait for a response from the upstream server.Defaults to 30 seconds.","s":"Upstream","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstream","p":164},{"i":222,"t":"(Appears on: AlphaOptions) UpstreamConfig is a collection of definitions for upstream servers. Field Type Description proxyRawPath bool ProxyRawPath will pass the raw url path to upstream allowing for url'slike: \"/%2F/\" which would otherwise be redirected to \"/\" upstreams []Upstream Upstreams represents the configuration for the upstream servers.Requests will be proxied to this upstream if the path matches the request path.","s":"UpstreamConfig","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstreamconfig","p":164},{"i":224,"t":"You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on. Valid providers are : Google default Azure ADFS Facebook GitHub Keycloak GitLab LinkedIn Microsoft Azure AD OpenID Connect login.gov Nextcloud DigitalOcean Bitbucket Gitea The provider can be selected using the provider configuration value. Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.","s":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"","p":223},{"i":226,"t":"For Google, the registration steps are: Create a new project: https://console.developers.google.com/project Choose the new project from the top right project dropdown (only if another project is selected) In the project Dashboard center pane, choose \"APIs & Services\" In the left Nav pane, choose \"Credentials\" In the center pane, choose \"OAuth consent screen\" tab. Fill in \"Product name shown to users\" and hit save. In the center pane, choose \"Credentials\" tab. Open the \"New credentials\" drop down Choose \"OAuth client ID\" Choose \"Web application\" Application name is freeform, choose something appropriate Authorized JavaScript origins is your domain ex: https://internal.yourcompany.com Authorized redirect URIs is the location of oauth2/callback ex: https://internal.yourcompany.com/oauth2/callback Choose \"Create\" Take note of the Client ID and Client Secret It's recommended to refresh sessions on a short interval (1h) with cookie-refresh setting which validates that the account is still authorized. Restrict auth to specific Google groups on your domain. (optional)​ Create a service account and download the json file if you're not using Application Default Credentials / Workload Identity / Workload Identity Federation (recommended). Make note of the Client ID for a future step. Under \"APIs & Auth\", choose APIs. Click on Admin SDK and then Enable API. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: Using Application Default Credentials (ADC) / Workload Identity / Workload Identity Federation (recommended)​ oauth2-proxy can make use of Application Default Credentials. When deployed within GCP, this means that it can automatically use the service account attached to the resource. When deployed to GKE, ADC can be leveraged through a feature called Workload Identity. Follow Google's guide to set up Workload Identity. When deployed outside of GCP, Workload Identity Federation might be an option. https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. Create or choose an existing administrative email address on the Gmail domain to assign to the google-admin-email flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. Create or choose an existing email group and set that email to the google-group flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the google-service-account-json flag. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).","s":"Google Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#google-auth-provider","p":223},{"i":228,"t":"Add an application: go to https://portal.azure.com, choose Azure Active Directory, select App registrations and then click on New registration. Pick a name, check the supported account type(single-tenant, multi-tenant, etc). In the Redirect URI section create a new Web platform entry for each app that you want to protect by the oauth2 proxy(e.g. https://internal.yourcompanycom/oauth2/callback). Click Register. Next we need to add group read permissions for the app registration, on the API Permissions page of the app, click on Add a permission, select Microsoft Graph, then select Application permissions, then click on Group and select Group.Read.All. Hit Add permissions and then on Grant admin consent (you might need an admin to do this).**IMPORTANT**: Even if this permission is listed with **\"Admin consent required=No\"** the consent might actually be required, due to AAD policies you won't be able to see. If you get a **\"Need admin approval\"** during login, most likely this is what you're missing! Next, if you are planning to use v2.0 Azure Auth endpoint, go to the Manifest page and set \"accessTokenAcceptedVersion\": 2 in the App registration manifest file. On the Certificates & secrets page of the app, add a new client secret and note down the value after hitting Add. Configure the proxy with: for V1 Azure Auth endpoint (Azure Active Directory Endpoints - https://login.microsoftonline.com/common/oauth2/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://sts.windows.net/{tenant-id}/ for V2 Azure Auth endpoint (Microsoft Identity Platform Endpoints - https://login.microsoftonline.com/common/oauth2/v2.0/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://login.microsoftonline.com/{tenant-id}/v2.0 Notes: When using v2.0 Azure Auth endpoint (https://login.microsoftonline.com/{tenant-id}/v2.0) as --oidc_issuer_url, in conjunction with --resource flag, be sure to append /.default at the end of the resource name. See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope for more details. When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"Azure Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#azure-auth-provider","p":223},{"i":230,"t":"Open the ADFS administration console on your Windows Server and add a new Application Group Provide a name for the integration, select Server Application from the Standalone applications section and click Next Follow the wizard to get the client-id, client-secret and configure the application credentials Configure the proxy with --provider=adfs --client-id= --client-secret= Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"ADFS Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adfs-auth-provider","p":223},{"i":232,"t":"Create a new FB App from https://developers.facebook.com/ Under FB Login, set your Valid OAuth redirect URIs to https://internal.yourcompany.com/oauth2/callback","s":"Facebook Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#facebook-auth-provider","p":223},{"i":234,"t":"Create a new project: https://github.com/settings/developers Under Authorization callback URL enter the correct url ie https://internal.yourcompany.com/oauth2/callback The GitHub auth provider supports two additional ways to restrict authentication to either organization and optional team level access, or to collaborators of a repository. Restricting by these options is normally accompanied with --email-domain=* NOTE: When --github-user is set, the specified users are allowed to login even if they do not belong to the specified org and team or collaborators. To restrict by organization only, include the following flag: -github-org=\"\": restrict logins to members of this organisation To restrict within an organization to specific teams, include the following flag in addition to -github-org: -github-team=\"\": restrict logins to members of any of these teams (slug), separated by a comma If you would rather restrict access to collaborators of a repository, those users must either have push access to a public repository or any access to a private repository: -github-repo=\"\": restrict logins to collaborators of this repository formatted as orgname/repo If you'd like to allow access to users with read only access to a public repository you will need to provide a token for a user that has write access to the repository. The token must be created with at least the public_repo scope: -github-token=\"\": the token to use when verifying repository collaborators To allow a user to login with their username even if they do not belong to the specified org and team or collaborators, separated by a comma -github-user=\"\": allow logins by username, separated by a comma If you are using GitHub enterprise, make sure you set the following to the appropriate url: -login-url=\"http(s):///login/oauth/authorize\"-redeem-url=\"http(s):///login/oauth/access_token\"-validate-url=\"http(s):///api/v3\"","s":"GitHub Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#github-auth-provider","p":223},{"i":236,"t":"note This is the legacy provider for Keycloak, use Keycloak OIDC Auth Provider if possible. Create new client in your Keycloak realm with Access Type 'confidental' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Make sure you set the following to the appropriate url: --provider=keycloak --client-id= --client-secret= --login-url=\"http(s):///auth/realms//protocol/openid-connect/auth\" --redeem-url=\"http(s):///auth/realms//protocol/openid-connect/token\" --profile-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --validate-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --keycloak-group= --keycloak-group= For group based authorization, the optional --keycloak-group (legacy) or --allowed-group (global standard) flags can be used to specify which groups to limit access to. If these are unset but a groups mapper is set up above in step (3), the provider will still populate the X-Forwarded-Groups header to your upstream server with the groups data in the Keycloak userinfo endpoint response. The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.","s":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-auth-provider","p":223},{"i":238,"t":"--provider=keycloak-oidc --client-id= --client-secret= --redirect-url=https://internal.yourcompany.com/oauth2/callback --oidc-issuer-url=https:///auth/realms/ --email-domain= // Validate email domain for users, see option documentation --allowed-role= // Optional, required realm role --allowed-role=: // Optional, required client role --allowed-group= // Optional, requires group client scope --code-challenge-method=S256 // PKCE note Keycloak has updated its admin console and as of version 19.0.0, the new admin console is enabled by default. The legacy admin console has been announced for removal with the release of version 21.0.0. Keycloak legacy admin console Create new client in your Keycloak realm with Access Type 'confidential', Client protocol 'openid-connect' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Create a mapper with Mapper Type 'Audience' and Included Client Audience and Included Custom Audience set to your client name. Keycloak new admin console (default as of v19.0.0) The following example shows how to create a simple OIDC client using the new Keycloak admin2 console. However, for best practices, it is recommended to consult the Keycloak documentation. The OIDC client must be configured with an audience mapper to include the client's name in the aud claim of the JWT token. The aud claim specifies the intended recipient of the token, and OAuth2 Proxy expects a match against the values of either --client-id or --oidc-extra-audience. In Keycloak, claims are added to JWT tokens through the use of mappers at either the realm level using \"client scopes\" or through \"dedicated\" client mappers. Creating the client Create a new OIDC client in your Keycloak realm by navigating to:Clients -> Create client Client Type 'OpenID Connect' Client ID , please complete the remaining fields as appropriate and click Next. Client authentication 'On' Authentication flow Standard flow 'selected' Direct access grants 'deselect' Save the configuration. Settings / Access settings: Valid redirect URIs https://internal.yourcompany.com/oauth2/callback Save the configuration. Under the Credentials tab you will now be able to locate . Configure a dedicated audience mapper for your client by navigating to Clients -> -> Client scopes. Access the dedicated mappers pane by clicking -dedicated, located under Assigned client scope.(It should have a description of \"Dedicated scope and mappers for this client\") Click Configure a new mapper and select Audience Name 'aud-mapper-' Included Client Audience select from the dropdown. OAuth2 proxy can be set up to pass both the access and ID JWT tokens to your upstream services. If you require additional audience entries, you can use the Included Custom Audience field in addition to the \"Included Client Audience\" dropdown. Note that the \"aud\" claim of a JWT token should be limited and only specify its intended recipients. Add to ID token 'On' Add to access token 'On' - #1916 Save the configuration. Any subsequent dedicated client mappers can be defined by clicking Dedicated scopes -> Add mapper -> By configuration -> Select mapper You should now be able to create a test user in Keycloak and get access to the OAuth2 Proxy instance, make sure to set an email address matching and select Email verified. Authorization OAuth2 Proxy will perform authorization by requiring a valid user, this authorization can be extended to take into account a user's membership in Keycloak groups, realm roles, and client roles using the keycloak-oidc provider options--allowed-role or --allowed-group Roles A standard Keycloak installation comes with the required mappers for realm roles and client roles through the pre-defined client scope \"roles\". This ensures that any roles assigned to a user are included in the JWT tokens when using an OIDC client that has the \"Full scope allowed\" feature activated, the feature is enabled by default. Creating a realm role Navigate to Realm roles -> Create role Role name, -> save Creating a client role Navigate to Clients -> -> Roles -> Create role Role name, -> save Assign a role to a user Users -> Username -> Role mapping -> Assign role -> filter by roles or clients and select -> Assign. Keycloak \"realm roles\" can be authorized using the --allowed-role= option, while \"client roles\" can be evaluated using --allowed-role=:. You may limit the realm roles included in the JWT tokens for any given client by navigating to: Clients -> -> Client scopes -> -dedicated -> Scope Disabling Full scope allowed activates the Assign role option, allowing you to select which roles, if assigned to a user, will be included in the user's JWT tokens. This can be useful when a user has many associated roles, and you want to reduce the size and impact of the JWT token. Groups You may also do authorization on group memberships by using the OAuth2 Proxy option --allowed-group. We will only do a brief description of creating the required client scope groups and refer you to read the Keycloak documentation. To summarize, the steps required to authorize Keycloak group membership with OAuth2 Proxy are as follows: Create a new Client Scope with the name groups in Keycloak. Include a mapper of type Group Membership. Set the \"Token Claim Name\" to groups or customize by matching it to the --oidc-groups-claim option of OAuth2 Proxy. If the \"Full group path\" option is selected, you need to include a \"/\" separator in the group names defined in the --allowed-group option of OAuth2 Proxy. Example: \"/groupname\" or \"/groupname/childgroup\". After creating the Client Scope named groups you will need to attach it to your client. Clients -> -> Client scopes -> Add client scope -> Select groups and choose Optional and you should now have a client that maps group memberships into the JWT tokens so that Oauth2 Proxy may evaluate them. Create a group by navigating to Groups -> Create group and add your test user as a member. The OAuth2 Proxy option --allowed-group=/groupname will now allow you to filter on group membership Keycloak also has the option of attaching roles to groups, please refer to the Keycloak documentation for more information. Tip To check if roles or groups are added to JWT tokens, you can preview a users token in the Keycloak console by following these steps: Clients -> -> Client scopes -> Evaluate. Select a realm user and optional scope parameters such as groups, and generate the JSON representation of an access or id token to examine its contents.","s":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":223},{"i":240,"t":"This auth provider has been tested against Gitlab version 12.X. Due to Gitlab API changes, it may not work for version prior to 12.X (see 994). Whether you are using GitLab.com or self-hosting GitLab, follow these steps to add an application. Make sure to enable at least the openid, profile and email scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. If you need projects filtering, add the extra read_api scope to your application. The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow these steps --provider=\"gitlab\" --redirect-url=\"https://myapp.com/oauth2/callback\" // Should be the same as the redirect url for the application in gitlab --client-id=GITLAB_CLIENT_ID --client-secret=GITLAB_CLIENT_SECRET --cookie-secret=COOKIE_SECRET Restricting by group membership is possible with the following option: --gitlab-group=\"mygroup,myothergroup\": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: --oidc-issuer-url=\"\" If your self-hosted GitLab is on a sub-directory (e.g. domain.tld/gitlab), as opposed to its own sub-domain (e.g. gitlab.domain.tld), you may need to add a redirect from domain.tld/oauth pointing at e.g. domain.tld/gitlab/oauth.","s":"GitLab Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitlab-auth-provider","p":223},{"i":242,"t":"For LinkedIn, the registration steps are: Create a new project: https://www.linkedin.com/secure/developer In the OAuth User Agreement section: In default scope, select r_basicprofile and r_emailaddress. In \"OAuth 2.0 Redirect URLs\", enter https://internal.yourcompany.com/oauth2/callback Fill in the remaining required fields and Save. Take note of the Consumer Key / API Key and Consumer Secret / Secret Key","s":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#linkedin-auth-provider","p":223},{"i":244,"t":"For adding an application to the Microsoft Azure AD follow these steps to add an application. Take note of your TenantId if applicable for your situation. The TenantId can be used to override the default common authorization server with a tenant specific server.","s":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":223},{"i":246,"t":"OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. The OpenID Connect Provider (OIDC) can also be used to connect to other Identity Providers such as Okta, an example can be found below. Dex​ To configure the OIDC provider for Dex, perform the following steps: Download Dex: go get github.com/dexidp/dex See the getting started guide for more details. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. Add a configuration block to the staticClients section of examples/config-dev.yaml: - id: oauth2-proxyredirectURIs:- 'http://127.0.0.1:4180/oauth2/callback'name: 'oauth2-proxy'secret: proxy Launch Dex: from $GOPATH/github.com/dexidp/dex, run: bin/dex serve examples/config-dev.yaml In a second terminal, run the oauth2-proxy with the following args: -provider oidc-provider-display-name \"My OIDC Provider\"-client-id oauth2-proxy-client-secret proxy-redirect-url http://127.0.0.1:4180/oauth2/callback-oidc-issuer-url http://127.0.0.1:5556/dex-cookie-secure=false-cookie-secret=secret-email-domain kilgore.trout To serve the current working directory as a web site under the /static endpoint, add: -upstream file://$PWD/#/static/ Test the setup by visiting http://127.0.0.1:4180 or http://127.0.0.1:4180/static . See also our local testing environment for a self-contained example using Docker and etcd as storage for Dex. Okta​ To configure the OIDC provider for Okta, perform the following steps: Log in to Okta using an administrative account. It is suggested you try this in preview first, example.oktapreview.com (OPTIONAL) If you want to configure authorization scopes and claims to be passed on to multiple applications, you may wish to configure an authorization server for each application. Otherwise, the provided default will work. Navigate to Security then select API Click Add Authorization Server, if this option is not available you may require an additional license for a custom authorization server. Fill out the Name with something to describe the application you are protecting. e.g. 'Example App'. For Audience, pick the URL of the application you wish to protect: https://example.corp.com Fill out a Description Add any Access Policies you wish to configure to limit application access. The default settings will work for other options. See Okta documentation for more information on Authorization Servers Navigate to Applications then select Add Application. Select Web for the Platform setting. Select OpenID Connect and click Create Pick an Application Name such as Example App. Set the Login redirect URI to https://example.corp.com. Under General set the Allowed grant types to Authorization Code and Refresh Token. Leave the rest as default, taking note of the Client ID and Client Secret. Under Assignments select the users or groups you wish to access your application. Create a configuration file like the following: provider = \"oidc\"redirect_url = \"https://example.corp.com/oauth2/callback\"oidc_issuer_url = \"https://corp.okta.com/oauth2/abCd1234\"upstreams = [ \"https://example.corp.com\"]email_domains = [ \"corp.com\"]client_id = \"XXXXX\"client_secret = \"YYYYY\"pass_access_token = truecookie_secret = \"ZZZZZ\"skip_provider_button = true The oidc_issuer_url is based on URL from your Authorization Server's Issuer field in step 2, or simply https://corp.okta.com . The client_id and client_secret are configured in the application settings. Generate a unique cookie_secret to encrypt the cookie. Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/example.cfg Okta - localhost​ Signup for developer account: https://developer.okta.com/signup/ Create New Web Application: https://${your-okta-domain}/dev/console/apps/new Example Application Settings for localhost: Name: My Web App Base URIs: http://localhost:4180/ Login redirect URIs: http://localhost:4180/oauth2/callback Logout redirect URIs: http://localhost:4180/ Group assignments: Everyone Grant type allowed: Authorization Code and Refresh Token Make note of the Client ID and Client secret, they are needed in a future step Make note of the default Authorization Server Issuer URI from: https://${your-okta-domain}/admin/oauth2/as Example config file /etc/localhost.cfg provider = \"oidc\"redirect_url = \"http://localhost:4180/oauth2/callback\"oidc_issuer_url = \"https://${your-okta-domain}/oauth2/default\"upstreams = [ \"http://0.0.0.0:8080\"]email_domains = [ \"*\"]client_id = \"XXX\"client_secret = \"YYY\"pass_access_token = truecookie_secret = \"ZZZ\"cookie_secure = falseskip_provider_button = true# Note: use the following for testing within a container# http_address = \"0.0.0.0:4180\" Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/localhost.cfg","s":"OpenID Connect Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#openid-connect-provider","p":223},{"i":248,"t":"login.gov is an OIDC provider for the US Government. If you are a US Government agency, you can contact the login.gov team through the contact information that you can find on https://login.gov/developers/ and work with them to understand how to get login.gov accounts for integration/test and production access. A developer guide is available here: https://developers.login.gov/, though this proxy handles everything but the data you need to create to register your application in the login.gov dashboard. As a demo, we will assume that you are running your application that you want to secure locally on http://localhost:3000/, that you will be starting your proxy up on http://localhost:4180/, and that you have an agency integration account for testing. First, register your application in the dashboard. The important bits are: Identity protocol: make this Openid connect Issuer: do what they say for OpenID Connect. We will refer to this string as ${LOGINGOV_ISSUER}. Public key: This is a self-signed certificate in .pem format generated from a 2048 bit RSA private key. A quick way to do this is openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/C=US/ST=Washington/L=DC/O=GSA/OU=18F/CN=localhost', The contents of the key.pem shall be referred to as ${OAUTH2_PROXY_JWT_KEY}. Return to App URL: Make this be http://localhost:4180/ Redirect URIs: Make this be http://localhost:4180/oauth2/callback. Attribute Bundle: Make sure that email is selected. Now start the proxy up with the following options: ./oauth2-proxy -provider login.gov \\ -client-id=${LOGINGOV_ISSUER} \\ -redirect-url=http://localhost:4180/oauth2/callback \\ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \\ -cookie-secure=false \\ -email-domain=gsa.gov \\ -upstream=http://localhost:3000/ \\ -cookie-secret=somerandomstring12341234567890AB \\ -cookie-domain=localhost \\ -skip-provider-button=true \\ -pubjwk-url=https://idp.int.identitysandbox.gov/api/openid_connect/certs \\ -profile-url=https://idp.int.identitysandbox.gov/api/openid_connect/userinfo \\ -jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\" You can also set all these options with environment variables, for use in cloud/docker environments. One tricky thing that you may encounter is that some cloud environments will pass in environment variables in a docker env-file, which does not allow multiline variables like a PEM file. If you encounter this, then you can create a jwt_signing_key.pem file in the top level directory of the repo which contains the key in PEM format and then do your docker build. The docker build process will copy that file into your image which you can then access by setting the OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem environment variable, or by setting --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem on the commandline. Once it is running, you should be able to go to http://localhost:4180/ in your browser, get authenticated by the login.gov integration server, and then get proxied on to your application running on http://localhost:3000/. In a real deployment, you would secure your application with a firewall or something so that it was only accessible from the proxy, and you would use real hostnames everywhere. Skip OIDC discovery​ Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the --skip-oidc-discovery option, and supply those required endpoints manually: -provider oidc -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -skip-oidc-discovery -login-url http://127.0.0.1:5556/authorize -redeem-url http://127.0.0.1:5556/token -oidc-jwks-url http://127.0.0.1:5556/keys -cookie-secure=false -email-domain example.com","s":"login.gov Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#logingov-provider","p":223},{"i":250,"t":"The Nextcloud provider allows you to authenticate against users in your Nextcloud instance. When you are using the Nextcloud provider, you must specify the urls via configuration, environment variable, or command line argument. Depending on whether your Nextcloud instance is using pretty urls your urls may be of the form /index.php/apps/oauth2/* or /apps/oauth2/*. Refer to the OAuth2 documentation to setup the client id and client secret. Your \"Redirection URI\" will be https://internalapp.yourcompany.com/oauth2/callback. -provider nextcloud -client-id -client-secret -login-url=\"/index.php/apps/oauth2/authorize\" -redeem-url=\"/index.php/apps/oauth2/api/v1/token\" -validate-url=\"/ocs/v2.php/cloud/user?format=json\" Note: in all cases the validate-url will not have the index.php.","s":"Nextcloud Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#nextcloud-provider","p":223},{"i":252,"t":"Create a new OAuth application You can fill in the name, homepage, and description however you wish. In the \"Application callback URL\" field, enter: https://oauth-proxy/oauth2/callback, substituting oauth2-proxy with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=digitalocean --client-id= --client-secret= Alternatively, set the equivalent options in the config file. The redirect URL defaults to https:///oauth2/callback. If you need to change it, you can use the --redirect-url command-line option.","s":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":223},{"i":254,"t":"Add a new OAuth consumer In \"Callback URL\" use https:///oauth2/callback, substituting with the actual hostname that oauth2-proxy is running on. In Permissions section select: Account -> Email Team membership -> Read Repositories -> Read Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=bitbucket --client-id= --client-secret= The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: --bitbucket-team=. To restrict the access to only these users who has access to one selected repository use --bitbucket-repository=.","s":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":223},{"i":256,"t":"Create a new application: https://< your gitea host >/user/settings/applications Under Redirect URI enter the correct URL i.e. https:///oauth2/callback Note the Client ID and Client Secret. Pass the following options to the proxy: --provider=\"github\" --redirect-url=\"https:///oauth2/callback\" --provider-display-name=\"Gitea\" --client-id=\"< client_id as generated by Gitea >\" --client-secret=\"< client_secret as generated by Gitea >\" --login-url=\"https://< your gitea host >/login/oauth/authorize\" --redeem-url=\"https://< your gitea host >/login/oauth/access_token\" --validate-url=\"https://< your gitea host >/api/v1\"","s":"Gitea Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitea-auth-provider","p":223},{"i":258,"t":"To authorize by email domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.","s":"Email Authentication","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#email-authentication","p":223},{"i":260,"t":"Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.","s":"Adding a new Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adding-a-new-provider","p":223},{"i":262,"t":"oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).","s":"Overview","u":"/oauth2-proxy/docs/configuration/overview","h":"","p":261},{"i":264,"t":"To generate a strong cookie secret use one of the below commands: Python Bash OpenSSL PowerShell Terraform python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\\n' | tr -- '+/' '-_'; echo openssl rand -base64 32 | tr -- '+/' '-_' # Add System.Web assembly to session, just in caseAdd-Type -AssemblyName System.Web[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace(\"+\",\"-\").Replace(\"/\",\"_\") # Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secretresource \"random_password\" \"cookie_secret\" { length = 32 override_special = \"-_\"}","s":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/configuration/overview","h":"#generating-a-cookie-secret","p":261},{"i":266,"t":"Every command line argument can be specified in a config file by replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the config option should be plural (trailing s). An example oauth2-proxy.cfg config file is in the contrib directory. It can be used by specifying --config=/etc/oauth2-proxy.cfg","s":"Config File","u":"/oauth2-proxy/docs/configuration/overview","h":"#config-file","p":261},{"i":268,"t":"Option Type Description Default --acr-values string optional, see docs \"\" --api-route string | list return HTTP 401 instead of redirecting to authentication server if token is not valid. Format: path_regex --approval-prompt string OAuth approval_prompt \"force\" --auth-logging bool Log authentication attempts true --auth-logging-format string Template for authentication log lines see Logging Configuration --authenticated-emails-file string authenticate against emails via file (one per line) --azure-tenant string go to a tenant-specific or common (tenant-independent) endpoint. \"common\" --basic-auth-password string the password to set when passing the HTTP Basic Auth header --client-id string the OAuth Client ID, e.g. \"123456.apps.googleusercontent.com\" --client-secret string the OAuth Client Secret --client-secret-file string the file with OAuth Client Secret --code-challenge-method string use PKCE code challenges with the specified method. Either 'plain' or 'S256' (recommended) --config string path to config file --cookie-domain string | list Optional cookie domains to force cookies to (e.g. .yourcompany.com). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). --cookie-expire duration expire timeframe for cookie. If set to 0, cookie becomes a session-cookie which will expire when the browser is closed. 168h0m0s --cookie-httponly bool set HttpOnly cookie flag true --cookie-name string the name of the cookie that the oauth_proxy creates. Should be changed to use a cookie prefix (__Host- or __Secure-) if --cookie-secure is set. \"_oauth2_proxy\" --cookie-path string an optional cookie path to force cookies to (e.g. /poc/) \"/\" --cookie-refresh duration refresh the cookie after this duration; 0 to disable; not supported by all providers [1] --cookie-secret string the seed string for secure cookies (optionally base64 encoded) --cookie-secure bool set secure (HTTPS only) cookie flag true --cookie-samesite string set SameSite cookie attribute (\"lax\", \"strict\", \"none\", or \"\"). \"\" --cookie-csrf-per-request bool Enable having different CSRF cookies per request, making it possible to have parallel requests. false --cookie-csrf-expire duration expire timeframe for CSRF cookie 15m --custom-templates-dir string path to custom html templates --custom-sign-in-logo string path or a URL to an custom image for the sign_in page logo. Use \"-\" to disable default logo. --display-htpasswd-form bool display username / password login form if an htpasswd file is provided true --email-domain string | list authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email --errors-to-info-log bool redirects error-level logging to default log channel instead of stderr false --extra-jwt-issuers string if --skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience (see a token's iss, aud fields) pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json) --exclude-logging-path string comma separated list of paths to exclude from logging, e.g. \"/ping,/path2\" \"\" (no paths excluded) --flush-interval duration period between flushing response buffers when streaming responses \"1s\" --force-https bool enforce https redirect false --force-json-errors bool force JSON errors instead of HTTP error pages or redirects false --banner string custom (html) banner string. Use \"-\" to disable default banner. --footer string custom (html) footer string. Use \"-\" to disable default footer. --github-org string restrict logins to members of this organisation --github-team string restrict logins to members of any of these teams (slug), separated by a comma --github-repo string restrict logins to collaborators of this repository formatted as orgname/repo --github-token string the token to use when verifying repository collaborators (must have push access to the repository) --github-user string | list To allow users to login by username even if they do not belong to the specified org and team or collaborators --gitlab-group string | list restrict logins to members of any of these groups (slug), separated by a comma --gitlab-projects string | list restrict logins to members of any of these projects (may be given multiple times) formatted as orgname/repo=accesslevel. Access level should be a value matching Gitlab access levels, defaulted to 20 if absent --google-admin-email string the google admin to impersonate for api calls --google-group string restrict logins to members of this google group (may be given multiple times). --google-service-account-json string the path to the service account json credentials --google-use-application-default-credentials bool use application default credentials instead of service account json (i.e. GKE Workload Identity) --htpasswd-file string additionally authenticate against a htpasswd file. Entries must be created with htpasswd -B for bcrypt encryption --htpasswd-user-group string | list the groups to be set on sessions for htpasswd users --http-address string [http://]: or unix:// to listen on for HTTP clients. Square brackets are required for ipv6 address, e.g. http://[::1]:4180 \"127.0.0.1:4180\" --https-address string [https://]: to listen on for HTTPS clients. Square brackets are required for ipv6 address, e.g. https://[::1]:443 \":443\" --logging-compress bool Should rotated log files be compressed using gzip false --logging-filename string File to log requests to, empty for stdout \"\" (stdout) --logging-local-time bool Use local time in log files and backup filenames instead of UTC true (local time) --logging-max-age int Maximum number of days to retain old log files 7 --logging-max-backups int Maximum number of old log files to retain; 0 to disable 0 --logging-max-size int Maximum size in megabytes of the log file before rotation 100 --jwt-key string private key in PEM format used to sign JWT, so that you can say something like --jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\": required by login.gov --jwt-key-file string path to the private key file in PEM format used to sign the JWT so that you can say something like --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov --login-url string Authentication endpoint --insecure-oidc-allow-unverified-email bool don't fail if an email address in an id_token is not verified false --insecure-oidc-skip-issuer-verification bool allow the OIDC issuer URL to differ from the expected (currently required for Azure multi-tenant compatibility) false --insecure-oidc-skip-nonce bool skip verifying the OIDC ID Token's nonce claim true --oidc-issuer-url string the OpenID Connect issuer URL, e.g. \"https://accounts.google.com\" --oidc-jwks-url string OIDC JWKS URI for token verification; required if OIDC discovery is disabled --oidc-email-claim string which OIDC claim contains the user's email \"email\" --oidc-groups-claim string which OIDC claim contains the user groups \"groups\" --oidc-audience-claim string which OIDC claim contains the audience \"aud\" --oidc-extra-audience string | list additional audiences which are allowed to pass verification \"[]\" --pass-access-token bool pass OAuth access_token to upstream via X-Forwarded-Access-Token header. When used with --set-xauthrequest this adds the X-Auth-Request-Access-Token header to the response false --pass-authorization-header bool pass OIDC IDToken to upstream via Authorization Bearer header false --pass-basic-auth bool pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --prefer-email-to-user bool Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, e.g. htaccess authentication. Used in conjunction with --pass-basic-auth and --pass-user-headers false --pass-host-header bool pass the request Host Header to upstream true --pass-user-headers bool pass X-Forwarded-User, X-Forwarded-Groups, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --profile-url string Profile access endpoint --prompt string OIDC prompt; if present, approval-prompt is ignored \"\" --provider string OAuth provider google --provider-ca-file string | list Paths to CA certificates that should be used when connecting to the provider. If not specified, the default Go trust sources are used instead. --provider-display-name string Override the provider's name with the given string; used for the sign-in page (depends on provider) --ping-path string the ping endpoint that can be used for basic health checks \"/ping\" --ping-user-agent string a User-Agent that can be used for basic health checks \"\" (don't check user agent) --ready-path string the ready endpoint that can be used for deep health checks \"/ready\" --metrics-address string the address prometheus metrics will be scraped from \"\" --proxy-prefix string the url root path that this proxy should be nested under (e.g. //sign_in) \"/oauth2\" --proxy-websockets bool enables WebSocket proxying true --pubjwk-url string JWK pubkey access endpoint: required by login.gov --real-client-ip-header string Header used to determine the real IP of the client, requires --reverse-proxy to be set (one of: X-Forwarded-For, X-Real-IP, or X-ProxyUser-IP) X-Real-IP --redeem-url string Token redemption endpoint --redirect-url string the OAuth Redirect URL, e.g. \"https://internalapp.yourcompany.com/oauth2/callback\" --redis-cluster-connection-urls string | list List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster --redis-connection-url string URL of redis server for redis session storage (e.g. redis://HOST[:PORT]) --redis-insecure-skip-tls-verify bool skip TLS verification when connecting to Redis false --redis-password string Redis password. Applicable for all Redis configurations. Will override any password set in --redis-connection-url --redis-sentinel-password string Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use --redis-password --redis-sentinel-master-name string Redis sentinel master name. Used in conjunction with --redis-use-sentinel --redis-sentinel-connection-urls string | list List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel --redis-use-cluster bool Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature false --redis-use-sentinel bool Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature false --redis-connection-idle-timeout int Redis connection idle timeout seconds. If Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. Exmpale: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14 0 --request-id-header string Request header to use as the request ID in logging X-Request-Id --request-logging bool Log requests true --request-logging-format string Template for request log lines see Logging Configuration --resource string The resource that is protected (Azure AD only) --reverse-proxy bool are we running behind a reverse proxy, controls whether headers like X-Real-IP are accepted and allows X-Forwarded-{Proto,Host,Uri} headers to be used on redirect selection false --scope string OAuth scope specification --session-cookie-minimal bool strip OAuth tokens from cookie session stores if they aren't needed (cookie session store only) false --session-store-type string Session data storage backend; redis or cookie cookie --set-xauthrequest bool set X-Auth-Request-User, X-Auth-Request-Groups, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode). When used with --pass-access-token, X-Auth-Request-Access-Token is added to response headers. false --set-authorization-header bool set Authorization Bearer response header (useful in Nginx auth_request mode) false --set-basic-auth bool set HTTP Basic Auth information in response (useful in Nginx auth_request mode) false --show-debug-on-error bool show detailed error information on error pages (WARNING: this may contain sensitive information - do not use in production) false --signature-key string GAP-Signature request signature key (algorithm:secretkey) --silence-ping-logging bool disable logging of requests to ping & ready endpoints false --skip-auth-preflight bool will skip authentication for OPTIONS requests false --skip-auth-regex string | list (DEPRECATED for --skip-auth-route) bypass authentication for requests paths that match (may be given multiple times) --skip-auth-route string | list bypass authentication for requests that match the method & path. Format: method=path_regex OR method!=path_regex. For all methods: path_regex OR !=path_regex --skip-auth-strip-headers bool strips X-Forwarded-* style authentication headers & Authorization header if they would be set by oauth2-proxy true --skip-jwt-bearer-tokens bool will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers) false --skip-oidc-discovery bool bypass OIDC endpoint discovery. --login-url, --redeem-url and --oidc-jwks-url must be configured in this case false --skip-provider-button bool will skip sign-in-page to directly reach the next step: oauth/start false --ssl-insecure-skip-verify bool skip validation of certificates presented when using HTTPS providers false --ssl-upstream-insecure-skip-verify bool skip validation of certificates presented when using HTTPS upstreams false --standard-logging bool Log standard runtime information true --standard-logging-format string Template for standard log lines see Logging Configuration --tls-cert-file string path to certificate file --tls-cipher-suite string | list Restricts TLS cipher suites used by server to those listed (e.g. TLS_RSA_WITH_RC4_128_SHA) (may be given multiple times). If not specified, the default Go safe cipher list is used. List of valid cipher suites can be found in the crypto/tls documentation. --tls-key-file string path to private key file --tls-min-version string minimum TLS version that is acceptable, either \"TLS1.2\" or \"TLS1.3\" \"TLS1.2\" --upstream string | list the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path --upstream-timeout duration maximum amount of time the server will wait for a response from the upstream 30s --allowed-group string | list restrict logins to members of this group (may be given multiple times) --allowed-role string | list restrict logins to users with this role (may be given multiple times). Only works with the keycloak-oidc provider. --validate-url string Access token validation endpoint --version n/a print version string --whitelist-domain string | list allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains (e.g. .example.com, *.example.com) [2] --trusted-ip string | list list of IPs or CIDR ranges to allow to bypass authentication (may be given multiple times). When combined with --reverse-proxy and optionally --real-client-ip-header this will evaluate the trust of the IP stored in an HTTP header by a reverse proxy rather than the layer-3/4 remote address. WARNING: trusting IPs has inherent security flaws, especially when obtaining the IP address from an HTTP header (reverse-proxy mode). Use this option only if you understand the risks and how to manage them. [1]: Only these providers support --cookie-refresh: GitLab, Google and OIDC [2]: When using the whitelist-domain option, any domain prefixed with a . or a *. will allow any subdomain of the specified domain as a valid redirect URL. By default, only empty ports are allowed. This translates to allowing the default port of the URL's protocol (80 for HTTP, 443 for HTTPS, etc.) since browsers omit them. To allow only a specific port, add it to the whitelisted domain: example.com:8080. To allow any port, use *: example.com:*. See below for provider specific options","s":"Command Line Options","u":"/oauth2-proxy/docs/configuration/overview","h":"#command-line-options","p":261},{"i":270,"t":"oauth2-proxy supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as http://127.0.0.1:8080/ for the upstream parameter. This will forward all authenticated requests to the upstream server. If you instead provide http://127.0.0.1:8080/some/path/ then it will only be requests that start with /some/path/ which are forwarded to the upstream. Static file paths are configured as a file:// URL. file:///var/www/static/ will serve the files from that directory at http://[oauth2-proxy url]/var/www/static/, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at, e.g. file:///var/www/static/#/static/ will make /var/www/static/ available at http://[oauth2-proxy url]/static/. Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file. When multiple upstreams are used routing to them will be based on the path they are set up with.","s":"Upstreams Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#upstreams-configuration","p":261},{"i":272,"t":"Every command line argument can be specified as an environment variable by prefixing it with OAUTH2_PROXY_, capitalising it, and replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the environment variable should be plural (trailing S). This is particularly useful for storing secrets outside of a configuration file or the command line. For example, the --cookie-secret flag becomes OAUTH2_PROXY_COOKIE_SECRET, and the --email-domain flag becomes OAUTH2_PROXY_EMAIL_DOMAINS.","s":"Environment variables","u":"/oauth2-proxy/docs/configuration/overview","h":"#environment-variables","p":261},{"i":274,"t":"By default, OAuth2 Proxy logs all output to stdout. Logging can be configured to output to a rotating log file using the --logging-filename command. If logging to a file you can also configure the maximum file size (--logging-max-size), age (--logging-max-age), max backup logs (--logging-max-backups), and if backup logs should be compressed (--logging-compress). There are three different types of logging: standard, authentication, and HTTP requests. These can each be enabled or disabled with --standard-logging, --auth-logging, and --request-logging. Each type of logging has its own configurable format and variables. By default these formats are similar to the Apache Combined Log. Logging of requests to the /ping endpoint (or using --ping-user-agent) and the /ready endpoint can be disabled with --silence-ping-logging reducing log volume.","s":"Logging Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#logging-configuration","p":261},{"i":276,"t":"Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] [] The status block will contain one of the below strings: AuthSuccess If a user has authenticated successfully by any method AuthFailure If the user failed to authenticate explicitly AuthError If there was an unexpected error during authentication If you require a different format than that, you can configure it with the --auth-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}} Available variables for auth logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Message Authenticated via OAuth2 The details of the auth attempt. Protocol HTTP/1.0 The request protocol. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request. Status AuthSuccess The status of the auth request. See above for details.","s":"Auth Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#auth-log-format","p":261},{"i":278,"t":"HTTP request logs will output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] GET \"/path/\" HTTP/1.1 \"\" If you require a different format than that, you can configure it with the --request-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}} Available variables for request logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestDuration 0.001 The time in seconds that a request took to process. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. RequestURI \"/oauth2/auth\" The URI path of the request. ResponseSize 12 The size in bytes of the response. StatusCode 200 The HTTP status code of the response. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. Upstream - The upstream data of the HTTP request. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request.","s":"Request Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#request-log-format","p":261},{"i":280,"t":"All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below: [19/Mar/2015:17:20:19 -0400] [main.go:40] If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows: [{{.Timestamp}}] [{{.File}}] {{.Message}} Available variables for standard logging: Variable Example Description Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. File main.go:40 The file and line number of the logging statement. Message HTTP: listening on 127.0.0.1:4180 The details of the log statement.","s":"Standard Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#standard-log-format","p":261},{"i":282,"t":"The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: server { listen 443 ssl; server_name ...; include ssl/ssl.conf; location /oauth2/ { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; # or, if you are handling multiple domains: # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # nginx auth_request includes headers but not body proxy_set_header Content-Length \"\"; proxy_pass_request_body off; } location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; # pass information via X-User and X-Email headers to backend, # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; # if you enabled --pass-access-token, this will pass the token to the backend auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb # limit and so the OAuth2 Proxy splits these into multiple parts. # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; # Extract the Cookie attributes from the first Set-Cookie header and append them # to the second part ($upstream_cookie_* variables only contain the raw cookie content) if ($auth_cookie ~* \"(; .*)\") { set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_1 \"auth_cookie_name_1=$auth_cookie_name_upstream_1$1\"; } # Send both Set-Cookie headers now if there was a second part if ($auth_cookie_name_upstream_1) { add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_1; } proxy_pass http://backend/; # or \"root /path/to/site;\" or \"fastcgi_pass ...\" etc }} When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module. nginx.ingress.kubernetes.io/auth-response-headers: Authorizationnginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uringinx.ingress.kubernetes.io/auth-url: https://$host/oauth2/authnginx.ingress.kubernetes.io/configuration-snippet: | auth_request_set $name_upstream_1 $upstream_cookie_name_1; access_by_lua_block { if ngx.var.name_upstream_1 ~= \"\" then ngx.header[\"Set-Cookie\"] = \"name_1=\" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match(\"(; .*)\") end } It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure). You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be \"$upstream_cookie__oauth2_proxy_1\" instead of \"$upstream_cookie_name_1\" and the new cookie-name should be \"_oauth2_proxy_1=\" instead of \"name_1=\".","s":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":261},{"i":284,"t":"This option requires --reverse-proxy option to be set.","s":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":261},{"i":286,"t":"The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration: http: routers: a-service: rule: \"Host(`a-service.example.com`)\" service: a-service-backend middlewares: - oauth-errors - oauth-auth tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth: rule: \"Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true oauth-errors: errors: status: - \"401-403\" service: oauth-backend query: \"/oauth2/sign_in\"","s":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":261},{"i":288,"t":"Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint Following options need to be set on oauth2-proxy: --upstream=static://202: Configures a static response for authenticated sessions --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly http: routers: a-service-route-1: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)\" service: a-service-backend middlewares: - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" a-service-route-2: rule: \"Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)\" service: a-service-backend middlewares: - oauth-auth-wo-redirect # unauthenticated session will return a 401 tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services-oauth2-route: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth2-proxy-route: rule: \"Host(`oauth.example.com`) && PathPrefix(`/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 b-service-backend: loadBalancer: servers: - url: http://172.16.0.3:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth-redirect: forwardAuth: address: https://oauth.example.com/ trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization oauth-auth-wo-redirect: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization note If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.","s":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":261},{"i":290,"t":"Sessions allow a user's authentication to be tracked between multiple HTTP requests to a service. The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type): cookie (default) redis","s":"Session Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"","p":289},{"i":292,"t":"The Cookie storage backend is the default backend implementation and has been used in the OAuth2 Proxy historically. With the Cookie storage backend, all session information is stored in client side cookies and transferred with each and every request. The following should be known when using this implementation: Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless Cookies are signed server side to prevent modification client-side It is mandatory to set a cookie-secret which will ensure data is encrypted within the cookie data. Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate","s":"Cookie Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#cookie-storage","p":289},{"i":294,"t":"The Redis Storage backend stores sessions, encrypted, in redis. Instead sending all the information back the client for storage, as in the Cookie storage, a ticket is sent back to the user as the cookie value instead. A ticket is composed as the following: {CookieName}-{ticketID}.{secret} Where: The CookieName is the OAuth2 cookie name (_oauth2_proxy by default) The ticketID is a 128 bit random number, hex-encoded The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session. The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from disclosure. Usage​ When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number]. You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately. Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately. Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive. Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14","s":"Redis Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#redis-storage","p":289},{"i":296,"t":"There are two recommended configurations: At OAuth2 Proxy At Reverse Proxy","s":"TLS Configuration","u":"/oauth2-proxy/docs/configuration/tls","h":"","p":295},{"i":298,"t":"Configure SSL Termination with OAuth2 Proxy by providing a --tls-cert-file=/path/to/cert.pem and --tls-key-file=/path/to/cert.key. The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --tls-cert-file=/path/to/cert.pem \\ --tls-key-file=/path/to/cert.key \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --client-id=... \\ --client-secret=... With this configuration approach the customization of the TLS settings is limited. The minimal acceptable TLS version can be set with --tls-min-version=TLS1.3. The defaults set TLS1.2 as the minimal version. Regardless of the minimum version configured, TLS1.3 is currently always used as the maximal version. TLS server side cipher suites can be specified with --tls-cipher-suite=TLS_RSA_WITH_RC4_128_SHA. If not specified, the defaults from crypto/tls of the currently used go version for building oauth2-proxy will be used. A complete list of valid TLS cipher suite names can be found in crypto/tls.","s":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":295},{"i":300,"t":"Configure SSL Termination with Nginx (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or ... Because oauth2-proxy listens on 127.0.0.1:4180 by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use --http-address=\"0.0.0.0:4180\" or --http-address=\"http://:4180\". Nginx will listen on port 443 and handle SSL connections while proxying to oauth2-proxy on port 4180. oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/. An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS: server { listen 443 default ssl; server_name internal.yourcompany.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/cert.key; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_connect_timeout 1; proxy_send_timeout 30; proxy_read_timeout 30; }} The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --reverse-proxy=true \\ --client-id=... \\ --client-secret=...","s":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":295},{"i":302,"t":"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable. /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info /ping - returns a 200 OK response, which is intended for use with health checks /ready - returns a 200 OK response if all the underlying connections (e.g., Redis store) are connected /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) /oauth2/sign_out - this URL is used to clear the session cookie /oauth2/start - a URL that will redirect to start the OAuth cycle /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. /oauth2/userinfo - the URL is used to return user's email from the session in JSON format. /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive /oauth2/static/* - stylesheets and other dependencies used in the sign_in and error pages","s":"Endpoints","u":"/oauth2-proxy/docs/features/endpoints","h":"","p":301},{"i":304,"t":"To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!): /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page Alternatively, include the redirect URL in the X-Auth-Request-Redirect header: GET /oauth2/sign_out HTTP/1.1X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page... (The \"sign_out_page\" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g \"localhost:8081\" instead of \"http://localhost:8081\").","s":"Sign out","u":"/oauth2-proxy/docs/features/endpoints","h":"#sign-out","p":301},{"i":306,"t":"This endpoint returns 202 Accepted response or a 401 Unauthorized response. It can be configured using the following query parameters query parameters: allowed_groups: comma separated list of allowed groups allowed_email_domains: comma separated list of allowed email domains allowed_emails: comma separated list of allowed emails","s":"Auth","u":"/oauth2-proxy/docs/features/endpoints","h":"#auth","p":301}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/155",[0,3.019,1,4.652,2,3.535,3,6.625,4,6.625,5,3.019,6,3.972,7,4.505,8,3.535,9,3.248,10,1.345,11,2.393,12,3.92,13,4.505,14,5.927,15,4.505,16,4.505,17,4.505,18,5.159,19,0.491,20,3.535,21,3.535,22,4.505,23,1.256,24,5.927,25,4.505,26,4.505,27,4.505,28,1.991,29,3.92,30,3.92,31,3.92,32,4.505,33,1.571,34,3.92,35,1.996,36,2.827,37,2.521,38,4.505,39,4.505,40,1.193,41,2.827,42,2.279,43,2.664,44,4.505,45,4.505,46,4.505,47,4.505,48,3.92,49,2.079,50,3.248,51,1.762,52,1.833,53,1.005,54,0.918,55,1.762,56,2.175,57,2.175,58,0.952,59,2.393,60,1.91,61,3.721,62,3.92,63,1.571,64,1.762,65,2.521]],["t/157",[10,1.39,19,0.351,23,1.161,40,1.15,51,1.852,53,1.038,63,1.651,66,2.553,67,1.533,68,2.515,69,2.395,70,3.621,71,1.714,72,4.12,73,2.799,74,3.172,75,2.395,76,2.598,77,1.533,78,1.427,79,3.843,80,2.877,81,2.395,82,4.12,83,2.162,84,1.927,85,4.12,86,1.658,87,4.734,88,2.649,89,1.591,90,4.734,91,4.734,92,2.971,93,2.286,94,2.649,95,4.734,96,2.649,97,2.799,98,3.172,99,3.253,100,3.097,101,2.799,102,0.833,103,2.971,104,1.852,105,1.651,106,2.286,107,3.172,108,1.927,109,2.971,110,3.413,111,3.172]],["t/159",[23,1.132,54,1.218,112,1.866,113,5.973,114,4.215,115,4.688,116,3.749,117,4.307,118,2.884,119,3.749,120,5.973,121,5.199,122,4.307,123,5.973,124,3.749,125,3.342,126,4.688,127,5.973,128,5.973]],["t/161",[19,0.367,23,1.194,35,1.491,43,2.925,54,1.284,93,2.388,96,2.768,107,3.315,109,3.105,115,4.943,122,4.541,124,3.105,129,4.947,130,4.22,131,5.481,132,2.388,133,5.259,134,3.567,135,6.03,136,4.305,137,3.724,138,4.947,139,3.724,140,4.947,141,2.628,142,4.305,143,3.105,144,4.947,145,4.947,146,4.947,147,2.925,148,4.305,149,1.602,150,3.883,151,2.097,152,3.041,153,4.947,154,4.947,155,4.947,156,4.947,157,4.947,158,4.947,159,4.305,160,3.567,161,4.947,162,4.947,163,3.883,164,3.883,165,1.491]],["t/163",[6,4.242,19,0.469,33,1.739,109,3.131,115,3.915,122,3.596,131,5.51,135,5.51,136,4.341,137,3.744,141,3.696,143,3.131,152,2.408,160,5.652,165,1.503,166,6.955,167,6.331,168,6.331,169,2.303,170,3.596,171,4.988,172,4.988,173,4.988,174,4.988,175,4.341,176,3.596,177,4.988,178,3.915,179,4.988,180,4.988,181,6.331,182,2.205,183,1.806,184,2.408,185,4.988,186,4.988,187,4.988,188,4.988,189,4.988,190,3.596,191,4.988,192,4.988,193,4.988]],["t/165",[10,1.593,11,2.376,19,0.437,35,1.778,53,1.314,55,1.749,58,1.395,77,1.911,102,0.787,103,2.807,104,1.749,110,3.224,132,2.159,133,4.253,139,3.488,165,1.347,169,2.064,183,2.136,194,3.891,195,4.406,196,1.977,197,2.807,198,4.703,199,3.953,200,4.471,201,3.891,202,1.977,203,4.471,204,3.488,205,3.509,206,2.807,207,4.471,208,4.471,209,2.996,210,3.891,211,3.891,212,3.891,213,2.996,214,2.918,215,3.224,216,5.745,217,2.996,218,3.509,219,2.996,220,4.471,221,2.502,222,1.82,223,3.507,224,3.702,225,2.807,226,3.509,227,3.509,228,2.807,229,3.891,230,3.891,231,4.471]],["t/167",[19,0.545,28,2.493,35,2.059,40,0.956,53,0.956,55,2.672,58,1.444,81,2.853,112,1.762,126,4.426,183,2.042,198,4.925,205,4.426,206,3.54,214,2.493,217,3.779,221,3.155,222,2.781,223,3.63,224,3.54,232,3.54,233,2.295,234,3.54,235,2.723]],["t/169",[19,0.472,23,1.391,35,1.516,42,3.22,53,1.183,54,1.496,55,3.072,58,1.551,106,2.428,112,1.571,183,2.8,198,4.917,206,3.995,213,3.37,214,2.814,217,3.37,219,4.265,222,2.047,236,5.76,237,6.364,238,2.672,239,4.377,240,3.947,241,3.947,242,5.029]],["t/171",[19,0.396,23,1.012,28,1.706,33,1.345,40,1.12,42,1.952,53,0.654,54,0.786,55,2.395,58,1.396,59,2.05,60,1.636,61,2.421,67,2.247,70,3.157,71,1.933,77,1.25,78,1.609,79,3.351,86,1.446,92,2.421,102,1.163,104,1.509,107,2.585,126,3.028,137,2.281,149,1.25,152,1.863,165,1.163,198,4.102,206,2.421,213,2.585,222,1.57,243,1.122,244,3.858,245,3.858,246,3.028,247,3.858,248,1.952,249,3.858,250,3.858,251,3.028,252,3.858,253,3.858,254,4.414,255,3.858,256,1.451,257,3.858,258,3.858,259,2.464,260,3.858,261,3.858,262,3.858,263,3.858,264,3.357,265,3.858,266,3.858,267,3.028,268,3.858,269,1.845,270,3.858,271,3.858,272,1.045,273,3.858,274,2.585,275,3.858,276,3.028,277,3.858,278,1.163,279,3.858,280,2.159,281,3.858,282,2.421,283,3.858,284,2.585,285,3.858,286,1.863,287,3.357,288,3.028,289,3.858,290,3.357,291,3.858,292,3.858,293,3.858,294,3.858,295,3.858,296,1.952,297,3.858,298,3.028,299,3.858,300,2.159,301,3.858,302,1.706,303,2.159,304,2.585,305,2.421,306,2.159,307,2.159,308,3.028,309,2.464,310,3.858,311,2.281]],["t/174",[40,1.043,70,3.64,106,2.972,278,1.855,286,2.972,312,1.855,313,1.667,314,1.448,315,1.554,316,6.156,317,3.64,318,3.114,319,6.156,320,1.994,321,4.125]],["t/176",[0,3.341,6,2.346,19,0.56,23,1.268,28,1.548,40,1.073,53,1.28,54,0.714,58,1.227,65,1.959,66,1.876,78,1.055,83,1.75,86,1.351,102,0.878,104,2.272,105,2.691,108,2.576,110,2.524,119,2.197,132,1.69,141,2.649,142,4.34,151,1.484,175,3.046,184,1.69,194,3.046,196,1.548,198,3.892,199,2.346,204,2.07,209,2.346,216,5.055,221,1.959,225,2.197,229,4.34,230,4.34,233,1.425,256,1.317,272,1.351,296,2.523,313,0.948,314,0.823,315,0.883,320,2.05,322,3.046,323,3.046,324,3.5,325,3.046,326,2.524,327,4.559,328,3.5,329,3.5,330,2.747,331,2.07,332,4.986,333,3.5,334,3.13,335,3.341,336,4.986,337,3.13,338,1.69,339,3.5,340,3.046,341,3.5,342,2.747,343,2.747,344,3.5,345,3.5,346,3.595,347,3.5,348,2.523,349,3.595,350,2.922,351,4.986,352,4.34,353,4.34,354,4.986,355,2.649,356,2.949,357,4.986,358,3.5]],["t/178",[9,4.104,19,0.422,40,0.965,53,0.965,151,2.413,165,1.715,300,3.185,312,1.715,313,1.861,314,1.338,315,1.437,320,2.226,359,5.526,360,1.998,361,4.104,362,5.392,363,4.954,364,5.692,365,6.871,366,2.796,367,4.104,368,5.692]],["t/180",[40,1.007,86,1.61,102,1.241,147,4.445,256,2.236,278,2.125,312,1.791,313,1.61,314,1.398,315,1.5,360,2.05,369,3.255,370,2.744,371,5.037]],["t/182",[19,0.389,58,1.109,71,2.367,75,2.557,77,1.7,78,1.581,108,2.136,132,2.534,236,4.119,254,4.713,312,1.581,313,1.421,314,1.234,315,1.324,320,2.483,360,1.901,372,3.784,373,4.567,374,3.784,375,4.374,376,4.567,377,4.469,378,4.567,379,4.567,380,3.784,381,3.516,382,5.689,383,3.784,384,4.567,385,3.784,386,2.936,387,4.567,388,4.119]],["t/184",[10,1.268,33,1.948,41,3.507,58,1.181,104,2.185,111,3.744,118,3.28,119,3.507,124,3.507,312,1.684,360,2.128,389,4.385,390,5.332,391,4.862,392,4.385,393,3.126,394,5.587,395,5.587,396,5.587,397,6.793,398,5.587,399,5.587,400,5.587,401,5.587,402,5.587,403,5.332,404,4.862,405,5.587,406,5.587]],["t/186",[19,0.384,36,3.251,40,0.878,78,1.561,80,3,86,1.917,102,1.246,147,4.386,170,4.675,256,1.949,278,2.133,312,1.561,313,1.403,314,1.218,315,1.307,360,2.221,369,3.267,370,2.993,371,4.743,386,2.899,407,5.555,408,4.066,409,4.675,410,5.18,411,4.066,412,5.18,413,4.066,414,2.026]],["t/188",[40,1.017,102,1.057,114,4.224,278,2.137,312,1.809,313,1.626,314,1.412,315,1.515,360,2.062,366,3.072,369,3.274,370,3.274]],["t/190",[19,0.403,40,0.921,52,2.213,102,0.957,233,2.213,278,1.638,306,3.738,312,1.638,313,1.472,314,1.278,315,1.372,317,3.215,360,2.103,366,2.944,369,2.51,370,2.51,415,6.681,416,3.215,417,4.267,418,3.215,419,4.267,420,7.233,421,3.215,422,3.042,423,3.643,424,4.193,425,6.681,426,5.436,427,3.215,428,1.372,429,3.215]],["t/192",[19,0.382,58,1.09,66,2.657,69,2.609,77,2.288,102,0.908,104,2.017,106,2.49,108,3.25,132,2.49,151,2.187,196,2.28,225,3.238,267,4.048,312,1.554,313,1.397,314,1.213,315,1.302,317,3.05,320,2.399,321,3.456,338,2.49,360,1.5,372,3.719,427,3.05,430,3.238,431,4.048,432,5.158,433,3.456,434,6.466,435,3.456,436,5.158,437,5.158,438,5.158,439,5.158,440,5.158,441,5.158,442,5.158]],["t/194",[19,0.35,35,1.421,58,0.996,59,2.505,60,1.999,71,2.211,75,1.844,77,1.978,108,2.757,196,2.085,202,2.085,233,1.919,236,3.701,254,4.404,272,1.277,312,1.421,313,1.277,314,1.109,315,1.19,320,2.59,334,2.96,360,2.158,372,3.4,375,4.153,376,4.104,377,4.252,378,4.104,379,4.104,380,3.4,381,3.16,382,5.315,383,3.4,384,4.104,385,3.4,386,2.639,387,4.104,388,3.701,430,2.96,443,3.4,444,2.788,445,3.4,446,4.539,447,3.4,448,2.96,449,5.315,450,5.315]],["t/196",[19,0.43,28,2.565,40,1.178,86,1.571,278,2.094,302,2.565,307,3.246,312,1.748,313,1.571,314,1.364,315,1.464,360,2.021,366,3.028,369,3.208,370,2.678,451,3.692,452,5.049,453,5.84]],["t/198",[19,0.505,35,1.691,40,0.951,63,1.957,79,4.276,143,4.276,214,3.012,233,2.285,256,2.112,296,3.447,312,1.691,313,1.52,314,1.32,315,1.417,360,2.133,393,3.812,454,6.813,455,5.347,456,6.813,457,6.813,458,4.047,459,4.885]],["t/200",[19,0.37,40,1.073,42,2.523,53,0.845,58,1.338,63,1.739,64,1.951,67,2.37,68,2.65,78,2.096,102,0.878,151,2.115,160,3.596,278,1.503,309,2.303,312,1.503,318,3.82,320,2.37,360,1.45,414,2.721,428,1.906,443,3.596,460,3.915,461,3.974,462,4.565,463,5.459,464,1.841,465,3.915,466,4.341,467,4.988,468,4.341,469,4.988,470,3.915,471,4.988,472,3.596,473,3.342]],["t/202",[10,1.558,19,0.278,58,1.106,64,1.467,67,1.696,69,2.648,77,2.364,78,2.069,84,2.131,93,3.151,102,1.061,112,1.171,149,1.215,160,3.774,176,3.774,214,1.658,217,2.513,234,2.354,278,1.13,309,1.731,313,1.016,314,1.231,315,0.946,318,3.302,320,2.481,325,3.264,360,1.898,369,1.731,393,2.098,414,2.359,428,1.795,443,2.704,461,3.286,462,2.704,463,4.108,466,5.248,474,3.75,475,3.75,476,3.75,477,4.108,478,5.235,479,3.75,480,3.75,481,4.556,482,3.75,483,1.731,484,3.75,485,2.047,486,3.75,487,4.108,488,5.235,489,2.513,490,4.348,491,3.75,492,3.75,493,6.03,494,3.75,495,5.235,496,2.098,497,3.75,498,3.75,499,3.75,500,2.943,501,3.75,502,3.75,503,2.943,504,3.75,505,4.108,506,2.943,507,2.943,508,2.943,509,3.75,510,3.75,511,3.264,512,3.75,513,3.75,514,3.75]],["t/204",[6,2.408,10,0.816,19,0.377,36,3.189,37,2.011,40,0.609,51,1.987,67,1.164,69,1.818,70,3.485,78,1.531,80,2.498,86,1.596,102,1.269,141,1.91,149,1.909,151,1.524,165,1.93,196,2.605,204,2.125,269,1.531,280,2.011,302,2.246,312,1.083,313,0.973,314,0.845,315,0.907,317,3.788,321,4.528,331,2.125,360,2.097,366,1.463,375,3.925,428,1.282,452,5.129,458,2.591,472,2.591,473,2.408,483,1.659,515,5.081,516,3.004,517,2.57,518,3.485,519,5.081,520,3.128,521,5.081,522,3.128,523,3.594,524,3.128,525,3.594,526,5.081,527,4.625,528,3.663,529,3.594,530,5.081,531,3.128,532,5.129,533,3.594,534,2.591,535,4.422,536,3.128,537,3.594,538,3.128,539,3.594,540,3.594,541,2.821,542,3.594,543,5.081,544,2.821,545,2.591,546,3.594,547,5.081,548,3.594,549,5.081,550,3.594,551,5.081,552,3.594,553,5.081,554,3.594,555,5.081,556,3.594,557,2.821,558,5.081,559,3.004,560,2.591,561,3.594]],["t/206",[11,1.596,19,0.395,33,1.048,40,1.329,42,1.52,51,2.462,53,1.254,63,2.054,67,0.973,77,1.724,80,1.892,83,0.905,84,2.166,86,0.814,102,1.037,106,1.451,151,1.892,165,1.604,195,1.886,233,1.223,238,1.596,256,1.679,269,1.604,272,1.208,274,2.013,276,2.358,278,1.604,282,1.886,284,2.99,286,2.57,300,1.681,302,1.973,303,2.497,304,2.013,305,1.886,306,2.497,307,1.681,312,0.905,313,0.814,314,1.049,315,0.758,318,1.52,320,1.724,331,3.147,334,1.886,356,1.777,360,2.221,366,1.223,369,1.387,370,1.387,414,1.175,428,1.126,429,1.777,433,2.013,443,2.166,460,4.177,463,2.358,464,1.297,517,1.52,562,7.291,563,4.462,564,4.462,565,5.322,566,4.462,567,3.005,568,4.462,569,3.005,570,4.462,571,3.005,572,4.462,573,3.005,574,3.217,575,4.462,576,3.005,577,4.462,578,3.005,579,3.005,580,4.462,581,3.005,582,4.462,583,3.005,584,4.462,585,3.005,586,3.005,587,3.005,588,4.462,589,3.005,590,3.005,591,2.615,592,3.005,593,2.615,594,3.005,595,3.005,596,3.005,597,2.615,598,4.462,599,3.005,600,2.615,601,4.462,602,4.462,603,2.615,604,4.462,605,3.005,606,2.013,607,4.462,608,4.462,609,3.005,610,1.886,611,2.358,612,2.166]],["t/208",[19,0.428,33,2.013,40,1.175,58,1.464,137,3.414,302,3.064,303,3.231,304,3.869,305,3.624,306,3.231,307,3.878,312,1.74,314,1.358,360,1.679,389,4.532,496,3.231,574,4.163,593,5.025,613,5.774,614,5.025,615,5.025,616,4.532,617,4.163,618,4.532]],["t/210",[40,1.312,225,4.007,312,1.924,389,5.01,619,5.555,620,5.555]],["t/212",[35,1.631,59,2.875,60,2.294,77,1.753,93,2.613,118,2.613,132,2.613,196,2.393,224,3.397,233,2.203,272,1.804,312,1.631,313,1.466,314,1.273,315,1.366,320,2.506,331,3.2,334,3.397,355,2.875,360,2.099,372,3.902,373,4.71,383,3.902,431,4.248,445,3.902,446,4.837,447,3.902,448,3.397,449,5.798,450,5.798,621,5.412]],["t/214",[10,1.696,53,1.114,102,1.157,105,2.492,141,2.813,196,2.34,225,3.323,235,2.556,296,2.678,312,1.595,313,1.434,314,1.245,315,1.336,346,3.817,352,5.719,353,5.719,355,3.971,356,3.13,360,1.911,374,3.817,430,3.323,483,3.034,622,4.739,623,6.572,624,6.572,625,4.404,626,5.293,627,5.293,628,5.293]],["t/216",[11,2.535,33,1.664,35,1.854,43,4.028,49,2.203,58,1.008,94,2.67,102,0.84,105,1.664,130,3.197,151,2.609,196,2.109,197,2.995,235,2.304,296,3.641,312,1.438,313,1.292,314,1.122,315,1.204,355,4.177,356,3.639,360,1.789,374,3.44,383,4.437,414,1.866,428,1.204,629,3.745,630,4.83,631,3.639,632,6.154,633,5.356,634,4.83,635,6.154,636,4.771,637,3.745,638,4.771,639,6.154,640,5.346,641,4.83,642,4.771,643,4.152,644,4.771,645,4.152,646,4.771,647,3.745]],["t/218",[10,1.441,33,1.747,42,2.534,63,1.747,67,2.056,69,3.211,73,2.962,176,3.611,278,1.509,300,2.803,312,1.509,313,1.356,314,1.178,315,1.264,318,3.526,320,2.542,349,3.611,360,1.846,427,2.962,430,3.144,435,3.356,460,3.931,461,3.144,462,3.611,464,1.456,481,5.524,487,5.469,490,5.025,511,4.359,545,3.611,648,3.931,649,3.931,650,5.008,651,4.359,652,5.008,653,5.008,654,5.008,655,3.611,656,2.803,657,5.008,658,4.359,659,5.008,660,5.008]],["t/220",[19,0.463,23,1.106,53,0.499,54,0.601,58,0.929,66,2.73,69,3.312,70,1.742,78,1.325,83,0.888,84,1.199,86,0.798,96,1.648,99,1.565,102,0.519,104,2.949,105,2.177,108,1.199,125,2.46,132,1.422,152,1.422,159,2.564,165,1.325,176,2.124,202,1.302,213,2.946,221,1.648,233,3.097,246,2.312,248,1.49,251,2.312,312,0.888,313,0.798,314,0.693,315,0.743,317,3.45,320,0.954,321,1.974,326,2.124,327,2.312,330,2.312,337,3.918,338,3.366,346,2.124,350,1.36,355,1.565,360,1.696,377,2.76,390,4.129,392,2.312,427,1.742,430,1.849,433,1.974,435,2.946,451,2.336,464,0.857,472,2.124,487,2.312,527,2.312,591,2.564,610,1.849,661,2.946,662,2.946,663,2.946,664,2.564,665,2.946,666,2.946,667,4.397,668,5.261,669,2.946,670,4.397,671,2.946,672,4.397,673,5.261,674,2.312,675,5.834,676,4.397,677,2.946,678,2.946,679,2.946,680,2.946,681,2.946,682,2.946,683,2.946,684,2.946,685,2.946,686,2.03,687,2.946,688,2.946,689,2.946,690,2.946,691,2.946,692,2.946,693,2.946,694,2.946,695,2.946,696,2.946,697,2.946,698,4.397,699,2.946,700,2.946,701,2.946,702,2.946,703,2.946,704,5.261,705,2.946,706,2.564,707,2.946,708,2.946,709,5.261,710,2.312,711,2.564,712,2.946,713,4.397,714,2.564,715,2.946,716,2.946,717,1.974,718,2.946,719,4.397,720,2.946,721,2.6,722,4.397,723,2.564,724,2.946,725,3.451,726,2.312,727,2.564,728,2.312]],["t/222",[10,1.256,23,1.049,53,0.938,66,2.083,67,1.793,69,2.801,78,1.668,89,1.86,104,3.136,105,1.93,225,3.475,233,2.968,312,1.668,313,1.499,314,1.302,315,1.397,317,3.274,327,4.345,430,3.475,464,1.61,473,3.71,619,4.818,620,4.818,729,6.755,730,4.818,731,5.536,732,5.536,733,5.536]],["t/224",[5,3.398,10,1.151,19,0.376,23,0.961,33,1.769,40,1.334,49,2.341,50,3.657,51,1.984,52,2.064,53,1.084,54,1.034,89,1.704,106,2.449,112,1.584,133,3.657,137,3.783,215,3.657,238,3.399,303,3.58,304,3.398,305,3.183,306,3.58,307,2.838,320,1.643,343,3.98,348,2.566,367,3.657,375,3.58,428,1.28,485,1.984,516,3.783,517,3.237,574,3.657,614,4.414,615,4.414,616,3.98,617,3.657,618,3.98,734,2.15,735,5.071,736,4.414,737,5.071]],["t/226",[0,4.81,1,3.719,2,3.032,10,1.5,19,0.396,23,0.898,33,0.867,35,1.61,37,2.162,40,0.421,49,1.147,51,1.853,52,2.356,54,0.966,58,0.816,67,0.805,68,1.321,71,1.399,73,2.284,75,0.972,76,0.9,77,1.251,80,1.054,81,1.258,83,0.749,86,1.283,89,0.835,102,0.94,112,1.669,114,3.238,118,1.2,125,1.391,132,1.2,134,1.792,149,1.875,151,1.054,165,1.61,178,1.951,182,2.559,183,1.716,184,1.2,199,1.666,201,2.163,202,2.095,219,2.589,222,2.175,228,1.56,233,1.012,243,1.554,256,0.935,259,2.187,269,1.846,272,0.673,284,1.666,286,1.2,300,1.391,306,3.238,343,1.951,366,2.494,369,1.147,370,1.147,416,3.16,417,1.951,418,3.422,419,3.032,421,3.16,422,2.99,423,3.175,424,3.845,428,1.196,444,1.47,451,2.053,477,1.951,483,1.147,485,1.853,496,1.391,535,2.163,541,1.951,597,2.163,651,2.163,686,1.147,717,1.666,738,1.951,739,3.235,740,2.486,741,2.163,742,2.163,743,2.163,744,4.738,745,4.651,746,2.486,747,2.486,748,2.486,749,3.032,750,1.792,751,1.951,752,2.163,753,1.951,754,2.486,755,3.362,756,1.951,757,2.486,758,1.56,759,2.486,760,2.163,761,3.863,762,2.163,763,1.792,764,2.163,765,1.56,766,2.486,767,3.175,768,3.175,769,2.486,770,2.163,771,2.486,772,1.951,773,2.163,774,5.565,775,4.285,776,4.738,777,1.47,778,1.666,779,3.863,780,2.486,781,2.486,782,2.486,783,1.666,784,3.863,785,3.863,786,2.163,787,2.163,788,2.163,789,2.163,790,2.163,791,2.486,792,1.951,793,1.951,794,2.486,795,2.486,796,1.951,797,2.486,798,1.951,799,2.486,800,2.163,801,2.486,802,1.792,803,2.163,804,1.951,805,1.666,806,2.486,807,2.486]],["t/228",[0,1.96,10,0.664,11,2.324,19,0.388,23,0.554,31,3.806,35,0.881,40,0.496,41,1.836,49,2.683,50,2.109,52,1.78,53,0.496,54,0.596,63,2.277,65,2.447,67,0.947,68,1.554,71,2.253,73,1.729,75,1.711,76,1.583,77,1.417,81,2.212,84,1.19,85,2.545,89,0.983,100,1.48,101,1.729,102,0.515,112,1.366,139,1.729,151,1.24,165,1.875,169,3.014,182,1.293,183,1.897,195,3.288,222,1.19,234,1.836,238,1.554,269,1.875,272,1.184,278,0.881,284,2.93,286,1.412,288,2.295,302,1.933,303,3.98,320,0.947,342,2.295,356,1.729,359,3.153,366,1.78,367,3.153,416,3.437,418,1.729,422,1.637,428,1.104,477,4.111,518,2.586,606,1.96,655,2.109,656,1.637,686,1.35,734,2.221,738,4.562,739,2.941,752,3.806,755,2.545,756,2.295,773,2.545,775,1.96,778,3.895,783,1.96,800,3.806,804,5.311,805,1.96,808,2.925,809,3.806,810,2.745,811,4.375,812,2.545,813,2.925,814,2.545,815,2.295,816,1.96,817,3.432,818,2.295,819,2.925,820,2.925,821,3.153,822,2.925,823,2.925,824,2.295,825,2.925,826,2.295,827,2.925,828,1.96,829,2.545,830,2.925,831,2.545,832,2.925,833,2.545,834,2.925,835,4.373,836,2.925,837,2.925,838,2.925,839,4.373,840,3.806,841,3.432,842,3.806,843,4.373,844,2.925,845,2.295,846,2.925,847,2.925,848,4.373,849,2.925,850,2.545,851,1.729,852,2.545,853,2.925,854,2.925,855,2.925,856,2.925,857,2.295,858,2.295,859,2.545,860,2.295,861,2.545,862,2.545,863,2.109,864,1.729,865,2.545]],["t/230",[19,0.362,23,0.926,40,1.059,49,2.256,52,2.955,53,1.059,65,3.497,67,1.583,68,2.597,71,1.77,75,2.444,76,2.263,77,1.583,100,2.472,101,2.89,105,2.179,112,1.527,134,3.524,165,1.883,169,2.256,183,1.77,243,1.421,269,2.188,272,1.324,366,1.989,424,3.067,574,4.506,739,3.161,778,3.275,796,3.836,816,3.275,821,3.524,840,4.253,841,4.905,842,4.253,857,3.836,858,3.836,859,4.253,860,3.836,861,4.253,862,4.253,863,3.524,864,2.89,865,4.253,866,4.253,867,4.887,868,4.253,869,4.887,870,4.887,871,4.887]],["t/232",[33,2.158,51,2.42,89,2.079,102,1.089,182,2.735,183,2.24,278,1.865,686,2.856,765,3.884,777,3.659,811,4.146,872,7.219,873,6.187]],["t/234",[19,0.367,33,1.21,36,2.178,40,0.84,58,1.047,71,1.257,78,1.9,80,2.673,83,1.046,86,1.933,102,0.872,112,1.084,114,1.942,132,1.675,137,4.555,143,2.178,147,4.101,149,1.124,152,2.393,170,5,182,2.191,183,1.257,202,1.534,214,1.534,222,2.017,238,1.844,243,1.681,256,2.685,259,1.602,278,2.151,280,1.942,286,1.675,300,1.942,369,3.369,370,2.288,371,4.891,386,2.773,407,4.949,408,2.724,409,2.502,411,2.724,413,3.89,414,2.261,464,1.681,465,2.724,485,1.357,559,2.93,734,1.471,758,2.178,765,2.178,777,2.052,805,2.325,826,3.89,851,2.052,874,3.47,875,2.325,876,2.502,877,2.724,878,3.47,879,2.724,880,5.78,881,2.502,882,3.02,883,3.47,884,2.724,885,3.628,886,3.873,887,2.724,888,4.313,889,3.02,890,3.47,891,3.47,892,3.47,893,3.47,894,5.78,895,3.47,896,3.47,897,3.47]],["t/236",[19,0.455,33,1.866,40,1.039,58,0.818,63,1.35,71,1.401,77,1.733,78,1.166,80,1.641,89,1.3,102,0.942,103,2.429,104,1.514,105,1.35,108,1.575,112,1.671,124,2.429,125,2.166,182,2.925,183,1.401,202,1.711,221,2.166,222,1.575,243,1.125,256,2.013,259,1.787,269,1.994,272,1.449,278,1.166,280,2.166,282,2.429,302,1.711,307,4.314,314,1.258,320,1.254,331,2.289,338,1.869,366,3.197,375,2.166,414,1.514,416,3.164,424,2.429,444,2.289,464,1.125,631,2.289,686,1.787,739,1.958,749,3.038,758,2.429,765,2.429,772,3.038,841,3.038,851,2.289,898,4.656,899,3.368,900,3.87,901,5.337,902,2.791,903,3.368,904,3.038,905,3.368,906,3.368,907,6.616,908,5.758,909,6.616,910,3.87,911,3.87,912,5.35,913,3.87,914,3.87,915,3.87,916,2.593,917,2.593,918,3.87,919,3.038,920,3.87,921,2.166,922,3.87,923,3.038,924,3.87]],["t/238",[0,0.864,6,0.864,10,1.697,12,1.123,19,0.409,23,1.045,33,1.244,36,0.81,37,0.722,40,0.219,43,1.328,49,2.545,53,0.808,54,1.124,58,1.326,64,0.878,67,0.418,68,1.584,69,1.508,73,0.763,77,2.1,78,1.854,79,3.46,80,2.749,81,0.653,83,0.677,84,2.057,86,1.544,89,1.002,102,0.781,104,0.504,106,1.084,112,0.931,117,2.15,119,0.81,125,1.256,133,1.619,149,1.155,152,2.753,165,1.924,169,1.866,182,2.866,183,1.727,197,2.239,199,1.505,202,0.57,206,0.81,215,1.619,224,1.409,232,0.81,233,0.525,234,0.81,235,0.623,243,0.867,256,1.901,259,2.048,269,2.343,272,0.808,286,3.13,302,2.342,307,3.727,313,0.608,314,0.95,315,0.567,318,0.653,320,0.418,330,1.762,331,1.763,335,1.505,349,0.93,361,0.93,366,2.91,370,0.595,375,2.669,386,0.722,391,1.123,414,0.878,416,2.39,421,0.763,422,0.722,423,0.864,424,1.409,428,0.752,444,0.763,446,0.864,451,1.193,453,5.868,483,0.595,485,0.504,516,1.328,517,1.136,518,0.763,536,1.954,538,1.123,557,2.799,559,1.328,560,4.111,610,0.81,611,1.012,625,0.864,633,1.123,649,1.012,656,0.722,674,1.012,686,1.037,734,0.952,739,1.136,742,1.954,745,1.123,749,1.762,753,3.173,758,0.81,763,1.619,765,1.409,767,0.864,777,1.328,778,2.39,788,1.954,798,3.743,802,0.93,805,0.864,809,1.954,818,1.012,821,0.93,824,1.012,851,0.763,866,4.15,881,0.93,885,0.81,898,1.954,899,5.237,901,5.643,902,3.439,903,1.123,905,1.123,906,5.46,908,1.123,916,1.505,917,1.505,925,1.29,926,1.29,927,1.29,928,1.29,929,2.245,930,1.29,931,2.245,932,1.29,933,1.29,934,1.123,935,1.012,936,1.29,937,1.29,938,1.29,939,1.29,940,0.864,941,1.998,942,1.29,943,1.123,944,1.29,945,1.29,946,1.29,947,1.29,948,1.29,949,2.245,950,1.012,951,5.053,952,3.861,953,1.29,954,1.012,955,1.29,956,2.799,957,1.29,958,1.29,959,1.619,960,1.123,961,1.123,962,1.29,963,1.29,964,1.012,965,1.954,966,2.595,967,1.29,968,1.123,969,1.29,970,1.123,971,0.93,972,1.29,973,1.29,974,1.29,975,1.29,976,1.29,977,1.29,978,1.29,979,1.123,980,1.29,981,1.012]],["t/240",[10,0.898,19,0.403,37,2.215,40,0.671,43,3.214,51,1.548,52,2.719,55,1.548,58,0.837,71,1.433,76,1.968,81,2.003,89,2.244,102,1.092,114,2.215,116,3.411,124,2.485,149,1.282,169,2.865,202,2.403,204,2.341,210,3.445,243,2.035,248,3.139,269,1.638,272,1.072,278,1.193,282,2.485,286,2.624,302,1.75,305,4.735,366,2.212,369,2.509,370,1.828,418,2.341,427,2.341,451,2.103,464,2.035,485,1.548,516,2.341,518,2.341,734,2.304,739,2.749,758,2.485,810,2.485,829,3.445,851,3.214,884,3.107,885,2.485,886,2.653,902,2.855,950,3.107,959,2.855,964,3.107,965,3.445,982,5.435,983,3.959,984,3.959,985,4.871,986,3.95,987,3.959,988,3.959,989,3.959,990,3.959,991,3.959,992,3.959,993,3.959,994,3.959,995,3.959,996,3.959,997,3.445,998,5.435,999,3.959,1000,3.959,1001,3.959,1002,3.959,1003,3.445,1004,3.959]],["t/242",[10,1.525,49,2.532,51,2.628,84,2.233,86,1.486,89,1.843,112,1.714,114,3.07,125,3.07,182,2.425,183,1.986,272,1.819,286,2.648,296,3.674,313,1.486,418,3.244,428,1.384,464,1.595,616,4.305,674,4.305,738,4.305,739,2.775,750,3.955,753,4.305,765,3.443,816,3.676,876,3.955,1005,5.486,1006,5.486,1007,5.486,1008,5.486,1009,4.774,1010,5.847]],["t/244",[19,0.436,52,3.047,105,2.445,106,3.384,112,1.839,125,3.294,169,2.717,243,1.711,259,2.717,300,3.294,303,3.294,359,4.244,362,4.62,367,4.244,428,1.485,648,4.62,739,2.978,1011,7.01,1012,5.886]],["t/246",[2,1.486,5,1.269,10,1.751,11,1.006,19,0.403,20,1.486,23,1.175,28,0.837,35,0.937,37,1.06,40,1.152,41,1.189,42,2,49,2.332,51,0.741,52,2.717,53,1.015,54,1.264,55,1.546,58,0.835,59,1.006,63,0.66,64,2.243,67,0.613,76,1.431,77,1.482,78,0.937,80,1.318,81,2,84,0.771,86,0.513,88,1.06,89,1.537,102,0.956,104,0.741,105,1.762,112,1.429,114,1.06,116,2.481,119,1.951,125,1.06,130,1.269,132,0.914,134,1.366,139,1.12,141,1.006,149,0.613,165,1.379,169,2.332,182,1.748,183,0.686,184,0.914,196,1.374,197,1.189,202,1.374,205,1.486,221,1.739,223,1.006,228,1.189,232,1.951,234,1.951,235,0.914,243,1.469,256,1.487,259,2.863,269,1.636,272,1.071,274,1.269,278,0.937,286,0.914,302,2.4,313,0.513,314,0.731,315,0.478,334,1.189,337,1.189,348,1.573,366,1.265,375,1.06,418,1.12,422,1.739,428,1.275,433,1.269,464,1.33,473,1.269,485,0.741,505,1.486,516,2.338,517,2.315,518,2.338,541,1.486,559,1.12,560,1.366,606,2.083,610,1.951,622,2.241,656,1.06,686,2.332,718,1.269,721,1.838,734,0.803,739,2.315,750,2.241,756,3.591,760,1.648,768,2.083,775,2.083,777,2.338,778,2.083,783,1.269,792,1.486,796,1.486,798,2.44,810,1.189,811,2.649,812,2.705,816,1.269,817,1.486,824,2.44,831,1.648,850,1.648,863,1.366,864,1.12,875,1.269,877,1.486,917,1.269,941,1.269,952,2.705,959,2.851,961,2.705,968,1.648,979,1.648,985,1.486,986,1.12,1009,1.648,1013,1.894,1014,1.894,1015,1.894,1016,1.894,1017,1.894,1018,5.429,1019,6.201,1020,1.894,1021,1.894,1022,2.705,1023,1.366,1024,1.894,1025,3.108,1026,3.108,1027,1.894,1028,1.894,1029,1.894,1030,1.894,1031,1.894,1032,1.894,1033,1.486,1034,1.894,1035,1.648,1036,1.894,1037,1.648,1038,1.894,1039,1.894,1040,1.894,1041,1.894,1042,1.894,1043,1.486,1044,1.894,1045,1.486,1046,1.894,1047,1.894,1048,1.894,1049,1.486,1050,1.894,1051,3.982,1052,1.894,1053,2.241,1054,3.108,1055,1.894,1056,1.894,1057,3.108,1058,1.894,1059,1.894,1060,1.894,1061,1.894,1062,1.894,1063,1.894,1064,3.108,1065,1.894,1066,1.894,1067,1.648,1068,1.894,1069,2.705,1070,1.648,1071,1.648,1072,1.366,1073,1.894,1074,3.108,1075,1.894,1076,1.648,1077,1.894,1078,3.953,1079,1.894,1080,2.705,1081,1.648,1082,1.894,1083,1.648,1084,1.894,1085,3.108,1086,1.894,1087,1.894,1088,1.894,1089,1.894,1090,1.894,1091,1.894,1092,1.894,1093,1.894,1094,1.894]],["t/248",[1,1.927,9,2.759,10,1.624,11,1.305,19,0.284,20,3.69,21,1.927,23,1.282,28,1.086,35,1.6,40,0.975,42,1.936,49,1.134,50,2.759,52,2.342,54,0.958,58,0.994,59,3.057,60,2.251,63,1.334,67,0.795,68,1.305,70,3.139,76,1.922,78,0.74,79,2.402,80,1.041,83,0.74,84,0.999,89,1.58,93,1.186,96,1.374,99,1.305,102,0.934,105,0.856,116,1.541,141,2.033,143,1.541,147,1.452,149,1.523,165,0.74,178,1.927,182,1.692,196,1.086,202,2.347,214,1.692,224,2.402,228,1.541,232,1.541,235,1.186,238,1.305,241,1.927,243,0.714,256,1.769,259,1.134,269,1.417,272,0.665,278,0.74,280,1.374,282,1.541,296,2.686,298,1.927,302,2.99,309,1.134,348,2.379,356,1.452,360,0.714,393,1.374,409,1.77,422,2.141,444,2.263,455,3.69,458,2.759,464,1.851,465,1.927,485,0.96,489,1.645,507,1.927,516,2.263,517,1.936,518,3.139,528,3.828,544,1.927,545,1.77,617,4.395,631,1.452,656,1.374,686,1.766,734,1.041,741,2.137,743,3.33,751,1.927,775,1.645,792,1.927,810,1.541,811,1.645,851,1.452,857,1.927,868,3.33,881,1.77,887,1.927,888,2.137,940,1.645,956,1.927,959,1.77,981,1.927,985,1.927,1035,2.137,1037,3.33,1045,1.927,1049,1.927,1053,1.77,1067,2.137,1076,2.137,1080,4.092,1081,2.137,1095,3.826,1096,3.826,1097,3.826,1098,2.455,1099,2.137,1100,2.455,1101,2.455,1102,2.455,1103,2.455,1104,1.77,1105,2.455,1106,2.455,1107,2.455,1108,3.826,1109,3.33,1110,2.455,1111,2.455,1112,2.455,1113,2.455,1114,2.137,1115,2.455,1116,2.455,1117,2.455,1118,2.455,1119,2.455,1120,3.826,1121,2.455,1122,2.137,1123,2.455,1124,2.137,1125,2.455,1126,2.455,1127,2.455,1128,2.455,1129,1.927,1130,2.455,1131,2.455,1132,2.455,1133,2.455,1134,2.455,1135,2.455,1136,2.455,1137,2.455,1138,2.455,1139,2.455,1140,2.455,1141,2.137,1142,2.455,1143,2.455,1144,2.455,1145,3.826,1146,2.137,1147,2.455,1148,2.455,1149,2.455,1150,1.927,1151,2.455,1152,2.137,1153,2.455,1154,2.137,1155,2.402,1156,2.455,1157,1.927,1158,2.455,1159,2.455,1160,1.77,1161,2.137,1162,2.455,1163,2.455,1164,2.455,1165,2.455]],["t/250",[19,0.46,33,2.162,37,2.702,40,1.161,53,0.818,54,0.984,56,2.331,57,2.331,59,2.565,60,2.047,78,1.455,83,1.455,86,1.308,89,1.622,96,2.702,109,3.031,112,1.508,165,1.869,197,3.031,224,3.031,269,2.178,272,1.68,278,1.455,280,2.702,309,2.229,414,1.889,416,3.667,427,2.855,464,2.102,500,3.79,618,6.3,686,2.229,802,4.471,997,5.962,1022,4.202,1166,3.79,1167,4.828,1168,4.828,1169,4.828,1170,4.202,1171,4.828,1172,4.828,1173,4.828,1174,4.828]],["t/252",[19,0.461,23,1.178,35,1.461,40,0.822,51,1.896,52,2.53,53,0.822,54,1.399,55,1.896,56,2.341,57,2.341,58,1.45,67,1.57,69,2.453,74,3.248,77,1.57,89,2.306,102,0.853,112,1.514,165,1.873,182,2.143,183,1.755,204,2.867,243,1.41,248,2.453,269,2.182,272,1.684,313,1.313,315,1.223,348,2.453,428,1.223,464,2.177,503,3.805,734,2.055,750,3.495,828,3.248,875,3.248,876,3.495,904,3.805,1051,4.219,1157,3.805,1175,4.848,1176,4.848,1177,4.848,1178,3.805,1179,4.848,1180,4.219,1181,4.848,1182,4.848,1183,4.848]],["t/254",[10,1.534,19,0.53,23,1.155,40,0.796,49,2.812,51,1.837,53,1.032,54,1.242,58,1.287,67,1.522,77,1.973,78,1.415,83,1.415,86,1.272,93,2.268,112,1.467,147,3.602,149,1.522,165,1.836,169,2.168,183,1.701,243,1.366,256,2.543,269,2.156,272,1.65,304,4.53,348,2.376,369,2.812,370,2.168,371,4.082,422,3.409,428,1.185,464,1.366,559,2.778,804,3.687,805,4.082,816,3.147,828,3.147,875,3.147,902,3.387,904,3.687,1010,4.088,1083,4.088,1157,3.687,1178,3.687,1180,4.088,1184,4.697,1185,4.697,1186,4.697,1187,4.697,1188,4.697]],["t/256",[10,1.444,23,0.953,33,1.754,40,0.852,52,2.047,58,1.063,67,1.629,89,2.139,92,3.157,112,1.571,165,1.918,182,2.223,183,1.821,232,3.995,243,1.462,248,3.713,269,2.211,272,1.724,274,3.37,278,1.516,280,2.814,350,2.322,464,1.462,686,2.322,736,6.73,777,2.974,876,3.626,877,3.947,1069,4.377,1070,4.377,1189,5.029,1190,5.029,1191,6.364,1192,5.029,1193,5.029,1194,5.029,1195,6.982,1196,5.029,1197,5.029,1198,5.029]],["t/258",[19,0.555,57,2.842,83,1.774,93,2.842,149,2.629,259,3.456,431,4.62,483,3.236,485,2.742,1199,5.886,1200,5.886,1201,5.123]],["t/260",[19,0.45,23,1.149,40,1.285,54,1.236,64,2.372,78,1.827,96,3.393,169,2.799,183,2.745,243,1.763,331,3.585,802,4.372,1202,6.063,1203,6.063]],["t/262",[23,1.1,35,2.094,53,1.178,54,1.183,55,2.269,56,3.355,57,3.355,58,1.469,59,3.953,60,3.154,92,3.641,102,1.021,309,2.678,664,5.049,1204,5.801,1205,5.801,1206,6.95]],["t/264",[10,1.853,18,4.056,19,0.346,29,4.056,33,1.625,56,2.25,75,1.823,76,1.688,93,2.25,102,0.82,169,2.152,223,2.476,232,2.926,272,1.262,314,1.096,445,4.37,447,4.857,448,2.926,464,1.355,507,3.658,1071,4.056,1114,5.275,1207,4.661,1208,6.061,1209,4.661,1210,4.661,1211,4.661,1212,4.661,1213,4.661,1214,4.661,1215,4.661,1216,4.661,1217,4.661,1218,4.661,1219,6.736,1220,4.661,1221,5.287,1222,4.661,1223,4.661,1224,6.736,1225,4.661,1226,4.661,1227,4.661,1228,4.661,1229,4.661,1230,4.661,1231,4.661,1232,4.661,1233,4.661,1234,4.661,1235,4.661,1236,4.661,1237,4.056,1238,4.661]],["t/266",[10,1.555,19,0.42,35,2.065,54,1.155,55,2.881,56,2.735,57,2.735,58,1.197,64,2.216,118,2.735,184,2.735,218,4.447,403,4.447,414,2.881,506,4.447,508,4.447,810,3.556,1166,5.377,1221,4.447,1239,4.931,1240,4.931,1241,6.851,1242,5.666,1243,5.666]],["t/268",[5,0.382,8,0.448,10,1.511,11,0.804,19,0.505,21,0.448,23,0.717,33,0.999,35,1.615,36,1.797,37,0.599,40,0.702,43,1.127,49,0.263,51,1.316,52,0.616,53,0.437,54,0.218,55,0.592,57,0.92,58,0.839,61,0.672,62,0.497,63,1.32,65,0.847,66,2.08,67,1.488,69,1.303,70,3.058,71,1.836,72,0.497,73,1.127,75,1.222,76,2.233,77,0.928,78,1.342,79,2.493,80,1.947,81,1.303,82,1.966,83,1.384,84,1.272,86,1.206,88,3.45,89,1.13,92,0.358,93,0.73,94,0.599,96,0.319,97,0.338,99,0.303,100,0.964,101,3.704,102,0.927,103,2.376,104,1.553,105,0.665,106,0.517,107,0.382,108,2.25,109,0.358,111,0.718,114,0.599,116,0.358,118,1.917,124,0.358,130,0.382,137,1.336,139,0.338,141,1.2,143,0.95,147,0.895,149,1.53,151,2.408,152,0.276,163,1.187,164,1.187,165,0.863,169,0.494,170,1.091,182,0.473,184,1.509,190,1.375,195,1.418,196,0.843,197,0.358,199,0.718,202,0.252,204,0.338,211,0.932,213,0.382,214,1.487,221,0.319,222,0.436,223,0.303,226,0.448,228,0.672,233,2.063,235,1.383,238,0.569,239,0.497,240,0.841,246,0.841,248,0.765,251,2.022,254,2.426,256,1.424,259,1.043,264,1.966,267,1.187,269,1.197,272,0.612,274,1.014,276,0.841,278,1.197,280,0.599,282,0.672,284,0.718,286,0.517,287,1.659,288,0.841,290,0.497,296,1.702,298,0.448,300,1.067,302,2.37,303,0.847,305,1.197,306,1.749,307,0.319,308,0.448,309,0.88,311,1.848,313,0.155,314,0.252,315,0.144,317,3.783,320,0.347,321,3.757,326,0.412,334,0.358,335,0.382,337,0.672,338,1.624,342,1.496,348,0.289,350,2.29,355,1.66,356,1.127,359,1.375,360,2.183,362,0.841,363,0.497,366,1.687,369,1.553,370,1.189,371,1.014,375,1.602,377,1.197,380,0.412,381,0.718,385,0.412,386,1.602,388,2.812,390,2.022,392,0.448,393,1.264,407,0.841,408,0.448,409,0.412,411,0.448,413,0.448,414,1.008,416,0.633,417,0.448,418,0.633,419,0.448,421,0.895,422,0.847,423,1.513,424,0.95,427,0.338,428,1.002,429,1.523,435,0.382,446,0.382,447,0.412,448,0.358,451,0.569,453,0.841,455,0.841,458,1.375,459,0.497,464,1.652,470,0.448,483,1.654,485,1.621,489,1.014,496,0.599,500,0.841,516,0.338,517,2.51,518,1.693,520,0.497,524,0.497,527,1.496,528,1.091,531,0.932,532,0.932,557,1.187,559,0.338,560,1.375,600,1.659,603,0.497,606,0.382,610,0.672,611,0.841,612,1.375,617,1.091,625,1.919,629,0.841,630,0.448,631,0.338,634,0.448,637,0.448,640,1.496,641,1.187,643,0.497,645,0.497,647,0.448,648,0.841,649,2.64,686,0.263,711,1.659,714,0.497,717,0.718,718,0.382,721,2.451,723,0.932,725,2.64,726,1.496,727,0.497,728,0.448,734,0.454,739,0.289,751,0.448,767,0.382,768,1.014,770,0.497,774,0.497,775,0.382,777,0.338,783,0.718,789,0.497,814,0.497,815,0.448,818,0.448,821,0.412,826,0.448,864,0.633,881,1.091,884,0.841,885,0.95,886,1.014,887,0.448,889,0.497,916,1.277,921,2.948,923,0.448,934,0.497,940,0.382,941,1.726,943,0.932,950,1.773,960,0.497,966,0.497,971,0.772,986,2.634,1023,1.375,1045,1.187,1072,0.412,1099,0.497,1122,0.497,1124,0.497,1129,0.448,1141,0.497,1152,0.497,1154,0.932,1155,1.617,1160,0.412,1170,0.497,1201,1.317,1244,0.571,1245,1.496,1246,1.513,1247,0.571,1248,2.242,1249,2.259,1250,0.571,1251,0.497,1252,0.571,1253,0.571,1254,0.571,1255,0.571,1256,2.259,1257,1.071,1258,2.259,1259,0.571,1260,0.571,1261,1.071,1262,0.571,1263,0.571,1264,0.571,1265,0.497,1266,0.571,1267,0.571,1268,1.071,1269,0.571,1270,0.497,1271,0.571,1272,1.906,1273,0.497,1274,0.571,1275,0.571,1276,0.571,1277,1.513,1278,1.513,1279,0.448,1280,2.863,1281,0.571,1282,0.571,1283,0.571,1284,0.571,1285,0.497,1286,0.571,1287,0.571,1288,1.513,1289,0.571,1290,0.571,1291,0.571,1292,0.571,1293,1.513,1294,1.513,1295,0.571,1296,0.571,1297,0.571,1298,0.571,1299,0.571,1300,0.571,1301,0.571,1302,0.772,1303,1.071,1304,1.071,1305,1.071,1306,0.571,1307,0.448,1308,0.571,1309,0.571,1310,0.841,1311,0.932,1312,0.841,1313,0.571,1314,0.932,1315,0.932,1316,0.571,1317,1.187,1318,0.497,1319,1.071,1320,1.071,1321,0.571,1322,0.571,1323,0.571,1324,0.571,1325,0.932,1326,0.497,1327,0.571,1328,0.571,1329,0.932,1330,0.571,1331,0.571,1332,0.571,1333,2.022,1334,1.317,1335,1.014,1336,0.571,1337,0.932,1338,0.497,1339,0.497,1340,0.571,1341,0.571,1342,2.661,1343,1.523,1344,0.571,1345,2.242,1346,1.513,1347,3.606,1348,1.966,1349,0.497,1350,0.497,1351,0.571,1352,0.497,1353,0.932,1354,0.497,1355,0.571,1356,0.571,1357,0.571,1358,0.338,1359,1.187,1360,1.906,1361,0.571,1362,0.571,1363,1.513,1364,0.571,1365,0.571,1366,0.497,1367,0.571,1368,0.571,1369,1.906,1370,0.571,1371,0.571,1372,0.571,1373,0.571,1374,0.497,1375,0.571,1376,0.571,1377,0.571,1378,0.497,1379,0.497,1380,0.932,1381,0.571,1382,0.571,1383,0.571,1384,0.571,1385,1.317,1386,1.071,1387,0.571,1388,0.571,1389,0.497,1390,0.571,1391,0.571,1392,0.571,1393,0.571,1394,0.571,1395,0.571,1396,0.571,1397,0.571,1398,0.571,1399,0.571,1400,0.571,1401,0.571,1402,0.571]],["t/270",[19,0.425,23,1.224,28,2.856,35,2.315,40,1.169,42,2.166,53,1.169,54,0.873,55,1.675,58,0.905,66,2.43,67,1.387,83,1.29,102,0.754,103,3.597,104,3.004,105,1.998,106,2.067,118,2.067,119,2.687,151,2.43,184,3.331,202,1.893,221,2.396,233,2.808,238,2.275,318,3.268,320,1.387,337,3.597,346,3.087,350,2.646,414,1.675,429,2.532,444,2.532,464,1.878,545,4.132,622,4.132,656,2.396,810,2.687,885,2.687,886,2.869,986,2.532,1245,3.36,1273,3.726,1403,4.281,1404,4.281,1405,4.281,1406,4.281,1407,4.281,1408,5.731,1409,4.281,1410,5.731,1411,4.281,1412,4.281,1413,4.281]],["t/272",[10,1.504,19,0.398,35,1.616,53,0.909,56,3.199,57,3.199,59,3.52,60,2.809,64,2.098,76,1.942,100,2.714,118,2.59,149,1.738,184,2.59,218,4.21,222,2.697,272,1.795,377,3.367,385,4.778,403,4.21,414,2.592,485,2.098,506,4.21,508,4.21,793,4.21,1166,5.2,1221,4.21,1239,4.668,1240,4.668,1414,5.364,1415,5.364,1416,5.364,1417,5.364,1418,5.364]],["t/274",[10,1.591,19,0.436,23,0.844,35,1.986,41,3.693,53,1.117,54,0.908,56,2.151,60,1.889,63,2.052,66,2.479,71,1.613,83,1.342,86,1.207,88,4.629,190,3.212,214,2.601,240,3.496,314,1.384,350,2.056,428,1.485,451,2.367,496,2.493,625,3.943,726,3.496,916,3.943,970,3.877,971,4.243,1311,5.121,1312,3.496,1314,3.877,1315,5.734,1317,5.501,1318,5.121,1333,5.171,1335,2.985,1366,3.877,1389,3.877,1419,4.243,1420,4.455,1421,4.455,1422,4.455,1423,4.455]],["t/276",[10,0.833,19,0.272,23,0.696,28,1.623,53,0.874,54,0.748,60,2.186,64,1.436,66,2.786,71,2.466,81,1.857,83,2.128,84,1.494,86,1.751,88,3.952,93,1.772,102,0.646,108,2.426,117,2.647,118,1.772,139,3.049,149,1.67,165,1.796,196,2.28,214,2.858,219,2.46,222,1.494,223,2.74,243,1.067,248,2.609,269,1.796,308,4.047,309,1.694,311,2.17,315,0.926,320,1.189,360,1.067,381,2.46,386,3.618,428,1.301,483,2.38,496,2.054,505,2.881,534,2.647,612,3.718,721,2.17,833,3.194,919,2.881,921,2.054,940,3.455,1155,2.304,1326,3.194,1335,2.46,1342,3.455,1343,2.17,1419,2.647,1424,3.67,1425,3.194,1426,3.194,1427,4.047,1428,4.047,1429,5.346,1430,5.188,1431,5.156,1432,3.67,1433,3.67,1434,3.67,1435,3.67,1436,3.67,1437,4.488,1438,4.047,1439,3.194,1440,3.194,1441,3.194,1442,3.194,1443,3.194,1444,3.194,1445,3.194,1446,3.194,1447,3.194,1448,3.194,1449,3.194,1450,3.194,1451,2.881,1452,2.881,1453,3.194,1454,3.194,1455,3.194]],["t/278",[10,0.843,19,0.276,23,0.704,28,1.643,53,0.881,60,2.205,64,1.453,66,2.957,71,1.345,84,1.512,86,1.006,88,3.637,102,0.654,104,2.347,108,2.442,117,2.679,118,2.511,149,1.204,165,1.808,214,2.874,219,2.49,222,1.512,223,1.974,233,2.117,243,1.08,248,3.036,269,1.808,315,0.938,320,1.204,338,2.511,350,2.77,381,2.49,386,3.358,428,1.313,445,2.679,483,1.715,496,2.079,534,2.679,610,2.332,612,2.679,631,2.197,686,1.715,710,2.916,718,2.49,721,2.197,921,2.079,940,4.021,971,2.679,1150,2.916,1155,2.332,1335,2.49,1342,3.485,1343,2.197,1419,2.679,1425,3.234,1426,3.234,1427,4.082,1428,4.082,1429,2.916,1437,4.526,1438,4.082,1439,3.234,1440,3.234,1441,3.234,1442,3.234,1443,3.234,1444,3.234,1445,3.234,1446,3.234,1447,3.234,1448,3.234,1449,3.234,1450,4.526,1451,2.916,1452,2.916,1453,4.526,1454,3.234,1455,3.234,1456,3.716,1457,3.716,1458,3.716,1459,3.716,1460,3.716,1461,3.716,1462,3.716,1463,5.201,1464,5.201,1465,5.201,1466,5.201,1467,3.716,1468,3.716,1469,2.679,1470,3.716]],["t/280",[28,2.143,35,2.068,53,1.163,57,2.341,60,2.636,64,1.896,75,1.896,84,1.973,88,4.414,111,3.248,118,2.341,139,2.867,152,2.341,214,3.309,222,1.973,223,2.576,235,2.341,243,1.41,311,2.867,314,1.14,315,1.223,350,2.238,428,1.569,496,2.713,793,3.805,879,3.805,916,4.599,919,3.805,1302,3.495,1307,3.805,1419,3.495,1427,4.879,1428,4.879,1430,5.973,1438,4.879,1451,3.805,1452,3.805,1471,4.848,1472,4.848,1473,4.848,1474,6.217,1475,6.217]],["t/282",[10,1.844,19,0.372,23,0.669,30,1.929,34,3.072,53,0.598,54,0.897,55,0.867,60,1.865,61,1.391,63,0.773,64,0.867,65,3.425,66,1.887,67,1.425,68,1.178,71,1.593,74,1.485,75,0.867,76,2.679,77,1.774,78,0.668,80,2.474,83,0.668,84,0.902,86,1.359,89,1.186,94,1.24,97,2.088,98,1.485,99,1.178,100,1.122,102,1.246,105,0.773,108,2.491,112,0.693,116,1.391,149,1.625,150,1.74,152,2.422,183,0.803,184,1.704,196,0.98,209,1.485,222,1.437,226,1.74,235,1.07,241,1.74,243,0.645,248,2.538,256,1.328,259,1.023,303,1.24,309,2.316,318,1.122,323,3.829,338,2.422,348,1.122,349,1.598,361,1.598,404,1.929,429,2.088,446,1.485,451,1.876,464,0.645,485,0.867,544,1.74,559,1.311,655,1.598,706,1.929,718,2.366,730,1.929,734,1.497,763,3.617,767,1.485,768,1.485,815,1.74,828,1.485,852,1.929,858,1.74,882,1.929,917,1.485,921,3.834,941,1.485,956,1.74,981,2.771,986,1.311,1043,2.771,1049,2.771,1104,1.598,1129,1.74,1150,2.771,1155,2.216,1160,1.598,1178,1.74,1237,1.929,1251,1.929,1302,1.598,1310,1.74,1325,1.929,1329,1.929,1342,2.366,1358,2.088,1359,4.299,1469,2.546,1476,1.598,1477,1.929,1478,2.217,1479,4.366,1480,6.069,1481,3.072,1482,4.366,1483,2.217,1484,2.217,1485,2.217,1486,2.217,1487,1.74,1488,6.121,1489,2.217,1490,2.217,1491,2.217,1492,5.017,1493,2.217,1494,3.829,1495,2.217,1496,3.53,1497,2.217,1498,2.217,1499,3.53,1500,2.217,1501,2.217,1502,3.53,1503,3.53,1504,2.217,1505,2.217,1506,2.217,1507,2.217,1508,4.399,1509,2.217,1510,4.399,1511,3.53,1512,3.53,1513,2.217,1514,2.217,1515,2.217,1516,1.929,1517,2.217,1518,2.217,1519,2.217,1520,3.53,1521,2.217,1522,3.53,1523,2.217,1524,3.53,1525,2.217,1526,1.929,1527,2.217,1528,2.217,1529,2.217]],["t/284",[23,1.223,58,1.563,84,2.626,102,1.135,1343,3.815]],["t/286",[10,0.89,23,0.743,35,1.181,51,2.944,53,0.664,54,0.799,63,1.367,64,1.533,66,2.323,68,2.083,71,2.409,74,2.627,78,1.181,83,1.181,94,2.194,97,3.192,98,2.627,99,2.083,105,1.882,108,2.513,209,2.627,217,2.627,309,1.81,311,3.651,338,2.606,350,1.81,355,2.868,421,4.368,428,1.362,461,2.461,464,1.57,483,1.81,485,2.111,489,4.675,490,3.892,658,3.412,721,4.45,845,3.077,1358,4.125,1429,3.077,1469,2.827,1476,2.827,1487,3.077,1530,4.698,1531,4.698,1532,5.789,1533,3.92,1534,3.412,1535,4.698,1536,4.698,1537,4.698,1538,4.698,1539,4.698,1540,3.92,1541,3.412,1542,4.698,1543,3.412,1544,3.412,1545,3.412,1546,3.412,1547,3.412,1548,3.412,1549,3.412,1550,3.412,1551,3.412,1552,3.412,1553,3.412,1554,3.412,1555,3.412,1556,3.412,1557,3.92]],["t/288",[8,4.076,10,1.572,19,0.385,23,0.984,35,0.869,40,0.733,51,2.634,53,0.489,54,1.324,58,0.914,63,1.005,66,1.628,71,2.566,75,1.692,80,1.834,83,0.869,89,2.328,97,1.705,99,1.532,102,0.761,103,1.809,105,1.811,108,2.517,112,0.901,209,1.932,243,0.838,256,1.628,259,1.997,269,1.304,272,1.406,311,1.705,337,1.809,338,1.392,350,1.331,355,3.066,421,4.39,428,1.456,435,1.932,444,1.705,451,1.532,464,1.51,483,1.997,485,2.257,489,4.748,490,4.161,717,1.932,721,4.19,734,1.222,783,1.932,845,2.263,860,2.263,921,2.906,935,2.263,1003,2.509,1245,4.529,1279,2.263,1312,2.263,1343,1.705,1358,3.983,1516,2.509,1530,2.509,1531,4.519,1532,5.861,1534,2.509,1535,4.519,1536,5.382,1537,5.022,1538,5.022,1539,5.022,1541,2.509,1542,4.519,1543,2.509,1544,2.509,1545,2.509,1546,2.509,1547,2.509,1548,2.509,1549,2.509,1550,2.509,1551,2.509,1552,2.509,1553,2.509,1554,2.509,1555,2.509,1556,3.765,1558,2.883,1559,2.883,1560,2.883,1561,2.509,1562,4.326,1563,4.326,1564,2.883,1565,2.883,1566,4.326,1567,2.883,1568,2.883,1569,2.883,1570,4.326,1571,2.883]],["t/290",[19,0.414,23,1.059,28,3.003,54,1.139,66,2.102,67,1.81,75,3.053,76,2.46,78,1.684,83,1.684,86,1.513,93,2.697,100,3.437,101,3.304,163,4.385,184,2.697,314,1.314,326,4.028,335,3.744,350,2.579,421,3.304,428,1.41,631,3.304,864,3.304,1358,4.017,1572,6.793]],["t/292",[19,0.455,23,1.289,41,2.983,54,1.386,66,2.309,75,2.811,76,2.759,83,1.432,86,1.287,100,3.105,102,0.836,105,1.657,132,2.295,184,2.295,235,2.295,243,1.382,269,2.049,272,1.287,393,2.659,428,1.199,522,4.136,631,3.63,768,3.185,786,4.136,803,4.136,863,4.902,864,4.02,935,3.73,954,3.73,964,3.73,1072,3.427,1248,4.136,1358,4.249,1573,4.752,1574,6.254,1575,4.752,1576,4.752,1577,4.752,1578,4.752,1579,4.752,1580,4.752,1581,4.752,1582,4.752,1583,4.752,1584,4.136]],["t/294",[19,0.522,28,1.467,53,0.955,54,0.676,55,1.298,56,1.602,58,1.014,64,1.298,75,2.755,76,2.041,77,1.554,80,1.407,86,0.899,96,1.857,100,3.648,101,4.758,102,0.992,111,3.777,112,1.499,122,2.392,148,2.888,150,2.604,152,1.602,164,2.604,222,2.667,235,1.602,243,0.965,269,1,272,1.527,296,1.679,309,2.215,320,1.075,322,2.888,380,2.392,414,1.298,428,0.837,429,2.837,433,3.215,448,3.538,464,1.639,472,2.392,517,3.563,534,3.46,606,2.223,629,4.424,656,1.857,725,5.361,734,1.407,758,3.012,790,2.888,864,3.333,1072,4.064,1104,2.392,1109,4.176,1265,2.888,1285,2.888,1345,4.176,1347,4.906,1348,4.906,1349,2.888,1350,2.888,1352,2.888,1353,4.176,1354,2.888,1358,2.837,1526,2.888,1585,4.798,1586,5.637,1587,5.637,1588,3.318,1589,4.798,1590,4.798,1591,3.318,1592,3.318,1593,3.318,1594,3.318,1595,3.318,1596,3.318,1597,3.318,1598,3.318,1599,4.798,1600,4.798,1601,3.318,1602,3.318]],["t/296",[23,1.398,53,1.088,54,1.308,767,4.3,879,5.037,1343,3.795]],["t/298",[5,3.795,9,3.033,10,1.759,11,2.235,19,0.475,23,1.298,33,1.467,40,0.96,43,4.228,53,1.161,54,1.396,56,2.031,57,2.031,61,2.641,76,2.051,77,1.363,94,2.354,102,1.127,105,1.467,130,2.819,149,1.363,151,1.783,165,1.268,227,3.302,269,1.707,272,1.534,296,2.865,348,2.128,355,4.162,414,2.215,428,1.429,468,3.661,630,4.445,634,4.445,637,3.302,640,5.025,641,4.445,647,4.445,917,2.819,941,2.819,954,3.302,1033,3.302,1378,3.661,1379,3.661,1380,3.661,1574,3.661,1603,5.664,1604,5.664,1605,3.661,1606,3.661,1607,3.661,1608,4.207,1609,4.207,1610,4.207,1611,4.207,1612,4.207]],["t/300",[10,1.78,19,0.442,23,1.339,40,0.622,52,1.494,53,0.874,54,1.388,55,2.017,56,1.772,57,1.772,61,4.058,63,1.28,64,2.332,65,3.335,66,1.94,76,1.867,83,1.106,104,1.436,105,1.28,108,1.494,112,1.147,141,2.74,149,1.189,165,1.106,223,1.95,227,2.881,243,1.067,248,2.609,269,1.554,272,1.397,306,2.885,309,1.694,340,4.488,348,1.857,350,2.38,374,4.298,428,1.301,517,1.857,717,2.46,728,4.047,734,1.556,762,3.194,763,2.647,817,4.047,921,2.885,1023,3.718,1033,2.881,1043,2.881,1104,2.647,1146,3.194,1155,2.304,1270,4.488,1302,4.662,1307,2.881,1310,4.047,1317,2.881,1342,2.46,1343,2.17,1477,3.194,1479,3.194,1480,5.188,1481,3.194,1482,4.488,1494,3.194,1561,3.194,1605,3.194,1606,3.194,1607,3.194,1613,5.156,1614,5.156,1615,5.961,1616,3.67,1617,3.67,1618,3.67,1619,3.67,1620,5.156,1621,3.67,1622,3.67,1623,3.67,1624,3.67,1625,3.67,1626,3.67,1627,3.67,1628,3.67,1629,3.67,1630,3.67,1631,3.67]],["t/302",[19,0.537,23,1.18,42,2.016,48,5.419,51,2.436,53,0.675,54,1.113,55,1.559,60,1.689,63,2.171,65,2.23,73,2.356,75,2.135,76,1.977,81,2.016,83,1.201,86,1.079,89,1.339,94,2.23,97,2.356,98,2.67,99,3.728,100,2.016,101,2.356,104,1.559,107,2.67,109,2.501,121,3.468,149,1.291,190,2.873,195,3.909,204,2.356,214,1.762,215,2.873,233,1.622,234,2.501,243,1.159,278,1.201,311,2.356,335,2.67,338,3.388,361,2.873,377,3.427,393,2.23,414,1.559,423,2.67,428,1.006,462,2.873,464,2.04,483,2.52,517,2.762,622,2.873,625,2.67,655,2.873,710,4.887,764,3.468,811,2.67,875,2.67,986,2.356,1053,2.873,1279,3.128,1333,3.128,1334,3.468,1335,2.67,1337,5.419,1338,3.468,1339,3.468,1359,3.128,1374,3.468,1469,2.873,1476,2.873,1487,3.128,1632,3.985,1633,3.985,1634,3.985,1635,3.985,1636,3.985,1637,5.459,1638,3.468,1639,5.459,1640,3.985,1641,3.985,1642,3.985]],["t/304",[19,0.321,40,0.978,52,1.761,53,0.733,54,0.882,58,0.914,63,1.509,64,1.693,66,2.171,71,2.09,74,2.9,75,1.693,76,1.567,83,1.739,86,1.876,88,2.421,89,2.587,92,3.623,106,2.089,108,1.761,110,3.12,152,2.787,195,2.716,202,1.913,206,2.716,212,3.766,228,2.716,238,2.299,256,1.628,278,1.304,302,3.063,318,2.189,393,3.23,429,2.559,448,2.716,461,2.716,464,1.888,470,3.396,473,2.9,485,2.54,503,3.396,528,3.12,656,2.421,734,2.447,772,3.396,787,3.766,828,2.9,851,2.559,921,2.421,923,3.396,986,2.559,1023,3.12,1053,4.162,1160,3.12,1161,3.766,1385,3.766,1584,3.766,1638,5.023,1643,4.327,1644,4.327,1645,4.327,1646,4.327,1647,4.327,1648,4.327,1649,4.327,1650,4.327,1651,4.327,1652,4.327,1653,4.327,1654,4.327,1655,4.327]],["t/306",[19,0.416,53,0.951,63,1.957,78,2.21,94,3.141,97,3.319,98,3.761,99,2.982,149,2.207,151,3.11,243,1.632,318,3.447,338,3.289,366,2.285,461,4.276,485,2.195,885,4.604,886,4.915,1476,4.047,1656,5.613,1657,5.613,1658,5.613]]],"invertedIndex":[["",{"_index":10,"t":{"155":{"position":[[92,1],[511,1]]},"157":{"position":[[119,1],[559,4]]},"165":{"position":[[752,3],[789,3],[827,3],[831,3]]},"184":{"position":[[234,1]]},"202":{"position":[[618,3],[972,1],[974,1],[987,1],[1038,1]]},"204":{"position":[[693,1]]},"214":{"position":[[202,1],[204,1],[331,1],[333,1]]},"218":{"position":[[649,1],[655,2]]},"222":{"position":[[259,3]]},"224":{"position":[[209,1]]},"226":{"position":[[256,1],[1182,1],[1202,1],[1306,1],[1621,1],[1641,1],[3089,1],[3110,2]]},"228":{"position":[[1195,1]]},"238":{"position":[[259,2],[353,2],[432,2],[496,2],[566,2],[2038,1],[2318,1],[2591,1],[2613,1],[3485,1],[3499,1],[3519,1],[4395,1],[4439,1],[4490,1],[4512,1],[4521,1],[4566,1],[4604,1],[4616,1],[4632,1],[4647,1],[4688,1],[4993,1],[5015,1],[5032,1],[5064,1],[5987,3],[6222,1],[6244,1],[6261,1],[6281,1],[6478,1],[6899,1],[6921,1],[6938,1]]},"240":{"position":[[674,2]]},"242":{"position":[[366,1],[396,1]]},"246":{"position":[[39,1],[1414,1],[3059,1],[3080,1],[3140,1],[3191,1],[3193,1],[3236,1],[3238,1],[3261,1],[3284,1],[3311,1],[3331,1],[3361,1],[3493,1],[4386,1],[4407,1],[4464,1],[4520,1],[4522,1],[4560,1],[4562,1],[4578,1],[4599,1],[4624,1],[4644,1],[4665,1],[4693,1],[4770,1]]},"248":{"position":[[1584,1],[1616,1],[1670,1],[1726,1],[1749,1],[1773,1],[1808,1],[1858,1],[1885,1],[1914,1],[1989,1],[2068,1]]},"254":{"position":[[213,1],[238,1],[259,1]]},"256":{"position":[[400,2],[458,2]]},"264":{"position":[[239,1],[248,1],[264,1],[272,4],[277,1],[312,1],[320,4],[325,1],[330,1],[570,1],[697,1],[706,1],[728,1],[730,1]]},"266":{"position":[[83,1],[85,1]]},"268":{"position":[[71,2],[93,1],[1050,1],[1583,1],[1706,3],[2057,4],[2062,2],[2418,1],[2420,1],[2493,1],[2574,1],[2662,1],[3124,2],[3431,1],[3433,1],[3511,1],[3513,1],[3950,1],[4089,1],[4200,1],[4990,1],[5533,2],[7096,1],[7163,4],[8215,2],[8284,1],[8730,2],[8923,2],[9540,1],[10287,1],[12600,1],[12728,1],[12877,1],[12941,1],[13092,1],[13123,1],[14073,1],[14502,1],[14790,1],[14890,1],[15128,1],[15210,1],[15217,2],[15299,1],[15952,1],[15959,2],[16312,2]]},"272":{"position":[[147,1],[149,1]]},"274":{"position":[[215,1],[241,1],[278,1],[343,1]]},"276":{"position":[[927,1]]},"278":{"position":[[782,1]]},"282":{"position":[[242,1],[272,4],[317,1],[513,1],[557,1],[629,1],[640,1],[655,1],[796,1],[879,3],[912,1],[923,1],[925,1],[969,1],[988,1],[1050,1],[1282,1],[1468,1],[1644,1],[1737,1],[1803,1],[1901,1],[2080,1],[2161,1],[2266,2],[2269,3],[2273,5],[2279,1],[2396,1],[2398,1],[2494,1],[2582,1],[2612,1],[2656,4],[2665,2],[3338,1],[3419,1],[3448,2],[3451,2],[3484,1],[3496,2],[3523,2],[3556,5],[3566,1]]},"286":{"position":[[589,2]]},"288":{"position":[[154,1],[349,1],[488,2],[570,1],[757,2],[858,1],[1069,2],[1282,2]]},"298":{"position":[[227,1],[262,1],[298,1],[334,1],[369,1],[391,1],[414,1],[431,1],[449,1]]},"300":{"position":[[114,3],[750,1],[951,1],[953,1],[1165,2],[1264,1],[1299,1],[1335,1],[1357,1],[1380,1],[1397,1],[1420,1],[1438,1]]}}}],["0",{"_index":1258,"t":{"268":{"position":[[1304,2],[1776,1],[5793,1],[5806,1],[11048,1]]}}}],["0.0.0.0:4180",{"_index":1094,"t":{"246":{"position":[[4772,14]]}}}],["0.001",{"_index":1467,"t":{"278":{"position":[[916,5]]}}}],["00010203",{"_index":1443,"t":{"276":{"position":[[1121,8]]},"278":{"position":[[984,8]]}}}],["0400",{"_index":1428,"t":{"276":{"position":[[256,5],[1301,4]]},"278":{"position":[[137,5],[1323,4]]},"280":{"position":[[267,5],[593,4]]}}}],["0405",{"_index":1444,"t":{"276":{"position":[[1130,4]]},"278":{"position":[[993,4]]}}}],["0a0b0c0d0e0f",{"_index":1447,"t":{"276":{"position":[[1145,12]]},"278":{"position":[[1008,12]]}}}],["1",{"_index":717,"t":{"220":{"position":[[2225,1]]},"226":{"position":[[2828,1]]},"268":{"position":[[1821,3],[15804,4]]},"288":{"position":[[423,2]]},"300":{"position":[[1116,2]]}}}],["1.3",{"_index":638,"t":{"216":{"position":[[474,3]]}}}],["1.5h",{"_index":400,"t":{"184":{"position":[[236,5]]}}}],["100",{"_index":1323,"t":{"268":{"position":[[5889,3]]}}}],["12",{"_index":1470,"t":{"278":{"position":[[1200,2]]}}}],["12.x",{"_index":982,"t":{"240":{"position":[[58,5],[128,4]]}}}],["123456.apps.googleusercontent.com",{"_index":1250,"t":{"268":{"position":[[724,35]]}}}],["127.0.0.1:4180",{"_index":1307,"t":{"268":{"position":[[5212,16]]},"280":{"position":[[732,14]]},"300":{"position":[[150,14]]}}}],["128",{"_index":1590,"t":{"294":{"position":[[383,3],[434,3]]}}}],["15",{"_index":1353,"t":{"268":{"position":[[10926,2],[10957,2]]},"294":{"position":[[1729,2],[1760,2]]}}}],["15m",{"_index":1275,"t":{"268":{"position":[[2261,3]]}}}],["168h0m0",{"_index":1260,"t":{"268":{"position":[[1385,8]]}}}],["19.0.0",{"_index":936,"t":{"238":{"position":[[636,7]]}}}],["19/mar/2015:17:20:19",{"_index":1427,"t":{"276":{"position":[[233,21],[1279,20]]},"278":{"position":[[114,21],[1301,20]]},"280":{"position":[[244,21],[571,20]]}}}],["1916",{"_index":958,"t":{"238":{"position":[[3370,5]]}}}],["192",{"_index":1234,"t":{"264":{"position":[[644,3]]}}}],["1h",{"_index":771,"t":{"226":{"position":[[923,4]]}}}],["1s",{"_index":1291,"t":{"268":{"position":[[3239,4]]}}}],["2",{"_index":783,"t":{"226":{"position":[[1547,1]]},"228":{"position":[[1134,1]]},"246":{"position":[[3458,2]]},"268":{"position":[[15275,3],[15880,4]]},"288":{"position":[[717,2]]}}}],["2.0",{"_index":1009,"t":{"242":{"position":[[213,3]]},"246":{"position":[[35,3]]}}}],["20",{"_index":1296,"t":{"268":{"position":[[4403,2]]}}}],["200",{"_index":710,"t":{"220":{"position":[[1941,3]]},"278":{"position":[[1249,3]]},"302":{"position":[[223,3],[336,3],[417,3]]}}}],["202",{"_index":1476,"t":{"282":{"position":[[131,3]]},"286":{"position":[[162,3]]},"302":{"position":[[1098,3]]},"306":{"position":[[22,3]]}}}],["2048",{"_index":1111,"t":{"248":{"position":[[1052,4]]}}}],["21.0.0",{"_index":938,"t":{"238":{"position":[[773,7]]}}}],["24",{"_index":1232,"t":{"264":{"position":[[630,2]]}}}],["2>/dev/nul",{"_index":1218,"t":{"264":{"position":[[227,11]]}}}],["2f",{"_index":732,"t":{"222":{"position":[[212,7]]}}}],["2h45m",{"_index":401,"t":{"184":{"position":[[245,8]]}}}],["3",{"_index":841,"t":{"228":{"position":[[1492,2],[1800,2]]},"230":{"position":[[385,2],[421,2]]},"236":{"position":[[1247,4]]}}}],["3/4",{"_index":1391,"t":{"268":{"position":[[15577,3]]}}}],["30",{"_index":728,"t":{"220":{"position":[[2598,2]]},"268":{"position":[[14763,3]]},"300":{"position":[[1138,3],[1161,3]]}}}],["300m",{"_index":399,"t":{"184":{"position":[[225,8]]}}}],["315360000",{"_index":1547,"t":{"286":{"position":[[965,9]]},"288":{"position":[[1723,9]]}}}],["32",{"_index":1224,"t":{"264":{"position":[[309,2],[578,2],[708,2]]}}}],["3650",{"_index":1123,"t":{"248":{"position":[[1175,4]]}}}],["401",{"_index":97,"t":{"157":{"position":[[403,3]]},"268":{"position":[[112,3]]},"282":{"position":[[158,3],[965,3]]},"286":{"position":[[189,3],[1254,4]]},"288":{"position":[[898,3]]},"302":{"position":[[1125,3]]},"306":{"position":[[49,3]]}}}],["403",{"_index":1557,"t":{"286":{"position":[[1259,4]]}}}],["4180",{"_index":1619,"t":{"300":{"position":[[465,5]]}}}],["443",{"_index":1310,"t":{"268":{"position":[[5378,6],[16159,3]]},"282":{"position":[[251,3]]},"300":{"position":[[395,3],[759,3]]}}}],["4607",{"_index":1445,"t":{"276":{"position":[[1135,4]]},"278":{"position":[[998,4]]}}}],["4kb",{"_index":1496,"t":{"282":{"position":[[1733,3],[1938,4]]}}}],["5",{"_index":800,"t":{"226":{"position":[[2527,1]]},"228":{"position":[[1528,2],[1836,2]]}}}],["7",{"_index":1321,"t":{"268":{"position":[[5722,1]]}}}],["74.125.224.72",{"_index":1439,"t":{"276":{"position":[[840,13]]},"278":{"position":[[695,13]]}}}],["80",{"_index":1400,"t":{"268":{"position":[[16145,3]]}}}],["8809",{"_index":1446,"t":{"276":{"position":[[1140,4]]},"278":{"position":[[1003,4]]}}}],["994",{"_index":983,"t":{"240":{"position":[[138,5]]}}}],["_",{"_index":1221,"t":{"264":{"position":[[279,3],[327,2],[732,3]]},"266":{"position":[[104,4]]},"272":{"position":[[168,4]]}}}],["__host",{"_index":1263,"t":{"268":{"position":[[1562,7]]}}}],["__secur",{"_index":1264,"t":{"268":{"position":[[1574,8]]}}}],["_oauth2_proxi",{"_index":1265,"t":{"268":{"position":[[1612,15]]},"294":{"position":[[338,14]]}}}],["_oauth2_proxy_1",{"_index":1529,"t":{"282":{"position":[[3951,18]]}}}],["aad",{"_index":830,"t":{"228":{"position":[[880,3]]}}}],["abov",{"_index":919,"t":{"236":{"position":[[1233,5]]},"276":{"position":[[1542,5]]},"280":{"position":[[45,5]]}}}],["absent",{"_index":1297,"t":{"268":{"position":[[4409,6]]}}}],["accept",{"_index":94,"t":{"157":{"position":[[363,7]]},"216":{"position":[[139,11]]},"268":{"position":[[11440,8],[14435,11]]},"282":{"position":[[135,8]]},"286":{"position":[[166,8]]},"298":{"position":[[566,10]]},"302":{"position":[[1102,8]]},"306":{"position":[[26,8]]}}}],["acceptable.e.g",{"_index":636,"t":{"216":{"position":[[420,15]]}}}],["access",{"_index":256,"t":{"171":{"position":[[349,6]]},"176":{"position":[[101,6]]},"180":{"position":[[171,6]]},"186":{"position":[[346,6]]},"198":{"position":[[259,6]]},"206":{"position":[[2139,6],[2286,6]]},"226":{"position":[[2285,7]]},"234":{"position":[[296,7],[924,6],[999,6],[1036,6],[1186,6],[1217,6],[1306,6]]},"236":{"position":[[138,6],[1173,6]]},"238":{"position":[[857,6],[2260,6],[2320,6],[2630,6],[3022,6],[3350,6],[3600,6],[7059,6]]},"246":{"position":[[2344,6],[2403,7],[2977,6]]},"248":{"position":[[305,7],[2650,6],[3170,10]]},"254":{"position":[[528,6],[638,6],[673,6]]},"268":{"position":[[3903,6],[4328,6],[4375,6],[7175,6],[7245,6],[7329,6],[8131,6],[9127,6],[11997,6],[12026,6],[15034,6]]},"282":{"position":[[1306,6],[1447,6]]},"288":{"position":[[2016,6],[2192,6]]},"304":{"position":[[214,9]]}}}],["access_by_lua_block",{"_index":1521,"t":{"282":{"position":[[3399,19]]}}}],["access_token",{"_index":1328,"t":{"268":{"position":[[7204,12]]}}}],["accesstokenacceptedvers",{"_index":836,"t":{"228":{"position":[[1104,29]]}}}],["accompani",{"_index":883,"t":{"234":{"position":[[382,11]]}}}],["account",{"_index":422,"t":{"190":{"position":[[271,7]]},"226":{"position":[[981,7],[1095,7],[1828,7],[2927,7]]},"228":{"position":[[177,7]]},"238":{"position":[[3854,7]]},"246":{"position":[[1641,8],[3747,8]]},"248":{"position":[[260,8],[737,7]]},"254":{"position":[[204,7],[487,7]]},"268":{"position":[[4608,7],[4652,7],[4782,7]]}}}],["acr",{"_index":290,"t":{"171":{"position":[[1037,3]]},"268":{"position":[[34,3]]}}}],["activ",{"_index":809,"t":{"228":{"position":[[65,6],[1349,6]]},"238":{"position":[[4302,10],[5101,9]]}}}],["actual",{"_index":828,"t":{"228":{"position":[[851,8]]},"252":{"position":[[221,6]]},"254":{"position":[[124,6]]},"282":{"position":[[3721,6]]},"304":{"position":[[1057,6]]}}}],["ad",{"_index":106,"t":{"157":{"position":[[637,5]]},"169":{"position":[[7,6]]},"174":{"position":[[66,6]]},"192":{"position":[[79,5]]},"206":{"position":[[2230,2]]},"224":{"position":[[294,2]]},"238":{"position":[[1810,5],[6789,5]]},"244":{"position":[[4,6],[49,2]]},"268":{"position":[[11327,2],[12042,5]]},"270":{"position":[[750,6]]},"304":{"position":[[939,5]]}}}],["adc",{"_index":784,"t":{"226":{"position":[[1615,5],[1884,3]]}}}],["add",{"_index":169,"t":{"163":{"position":[[148,3]]},"165":{"position":[[432,3]]},"228":{"position":[[0,3],[430,3],[532,3],[662,3],[1222,3],[1284,4]]},"230":{"position":[[64,3]]},"238":{"position":[[3322,3],[3343,3],[3487,3],[6263,3],[6497,3]]},"240":{"position":[[223,3],[431,3],[1312,3]]},"244":{"position":[[74,3]]},"246":{"position":[[605,3],[1296,4],[1989,3],[2336,3],[2567,3]]},"254":{"position":[[0,3]]},"260":{"position":[[80,3]]},"264":{"position":[[332,3]]},"268":{"position":[[7305,4],[16237,3]]}}}],["add_head",{"_index":1494,"t":{"282":{"position":[[1608,10],[2496,10],[2539,10]]},"300":{"position":[[888,10]]}}}],["addedto",{"_index":332,"t":{"176":{"position":[[667,7],[902,7]]}}}],["addit",{"_index":559,"t":{"204":{"position":[[1553,10],[1614,8]]},"234":{"position":[[206,10],[775,8]]},"238":{"position":[[3089,10],[3168,8]]},"246":{"position":[[2066,10]]},"254":{"position":[[559,10]]},"268":{"position":[[7103,10]]},"282":{"position":[[1968,10]]}}}],["addition",{"_index":1298,"t":{"268":{"position":[[4847,12]]}}}],["address",{"_index":483,"t":{"202":{"position":[[496,9]]},"204":{"position":[[230,7]]},"214":{"position":[[146,7],[268,7]]},"226":{"position":[[2343,7]]},"238":{"position":[[3663,7]]},"258":{"position":[[95,9],[199,9]]},"268":{"position":[[5056,7],[5180,8],[5237,7],[5346,8],[6354,7],[7669,7],[8856,7],[8875,7],[15588,8],[15681,7]]},"276":{"position":[[81,7],[875,8]]},"278":{"position":[[730,8]]},"286":{"position":[[1150,8]]},"288":{"position":[[1917,8],[2082,8]]},"302":{"position":[[568,7],[599,8]]}}}],["address=\"0.0.0.0:4180",{"_index":1617,"t":{"300":{"position":[[312,22]]}}}],["address=\"http://:4180",{"_index":1618,"t":{"300":{"position":[[345,23]]}}}],["adf",{"_index":574,"t":{"206":{"position":[[739,4],[2237,4]]},"208":{"position":[[128,5]]},"224":{"position":[[232,4]]},"230":{"position":[[9,4],[445,4]]}}}],["adfsconfig",{"_index":572,"t":{"206":{"position":[[676,10],[699,10]]}}}],["adfsopt",{"_index":573,"t":{"206":{"position":[[687,11]]}}}],["admin",{"_index":416,"t":{"190":{"position":[[164,5]]},"226":{"position":[[1337,5],[2275,5],[2395,5],[2481,5]]},"228":{"position":[[696,5],[729,5],[801,8],[940,5]]},"236":{"position":[[1482,5],[1548,7]]},"238":{"position":[[604,5],[652,5],[700,5],[797,5],[1276,5]]},"250":{"position":[[574,6],[612,6]]},"268":{"position":[[4425,5],[4455,5]]}}}],["admin2",{"_index":945,"t":{"238":{"position":[[1400,6]]}}}],["adminemail",{"_index":415,"t":{"190":{"position":[[121,10],[139,10]]}}}],["administr",{"_index":796,"t":{"226":{"position":[[2322,14]]},"230":{"position":[[14,14]]},"246":{"position":[[1626,14]]}}}],["advisori",{"_index":166,"t":{"163":{"position":[[23,10],[182,8],[411,9]]}}}],["ae",{"_index":1233,"t":{"264":{"position":[[640,3]]}}}],["affect",{"_index":162,"t":{"161":{"position":[[688,8]]}}}],["afterward",{"_index":1644,"t":{"304":{"position":[[334,10]]}}}],["ag",{"_index":1318,"t":{"268":{"position":[[5667,3]]},"274":{"position":[[237,3],[256,5]]}}}],["again",{"_index":1643,"t":{"304":{"position":[[240,6]]}}}],["against",{"_index":37,"t":{"155":{"position":[[415,7]]},"204":{"position":[[1433,7]]},"226":{"position":[[2731,7],[2994,7]]},"238":{"position":[[1719,7]]},"240":{"position":[[35,7]]},"246":{"position":[[163,7]]},"250":{"position":[[50,7]]},"268":{"position":[[455,7],[4873,7]]}}}],["age=2592000",{"_index":1628,"t":{"300":{"position":[[929,12]]}}}],["agenc",{"_index":1096,"t":{"248":{"position":[[80,7],[718,6]]}}}],["agent",{"_index":1335,"t":{"268":{"position":[[8663,5],[8683,5],[8751,6]]},"274":{"position":[[753,6]]},"276":{"position":[[1372,5]]},"278":{"position":[[1444,5]]},"302":{"position":[[263,6]]}}}],["agre",{"_index":179,"t":{"163":{"position":[[441,6]]}}}],["agreement",{"_index":1006,"t":{"242":{"position":[[124,9]]}}}],["ajax",{"_index":91,"t":{"157":{"position":[[335,4]]}}}],["algorithm:secretkey",{"_index":1365,"t":{"268":{"position":[[12514,21]]}}}],["alia",{"_index":389,"t":{"184":{"position":[[8,7]]},"208":{"position":[[8,7]]},"210":{"position":[[12,7]]}}}],["allow",{"_index":78,"t":{"157":{"position":[[143,8]]},"171":{"position":[[1087,7],[1116,7]]},"176":{"position":[[85,6]]},"182":{"position":[[38,6]]},"186":{"position":[[392,6]]},"200":{"position":[[295,7],[459,7],[609,7]]},"202":{"position":[[599,6],[724,7],[1291,5],[1327,5],[1477,5]]},"204":{"position":[[868,6],[1389,6]]},"220":{"position":[[788,6],[1613,5]]},"222":{"position":[[188,8]]},"234":{"position":[[473,7],[1180,5],[1473,5],[1628,5]]},"236":{"position":[[1090,7]]},"238":{"position":[[322,7],[388,7],[468,7],[3974,7],[3992,7],[4285,8],[4751,7],[4836,7],[5093,7],[5135,8],[5449,7],[6037,7],[6555,7],[6589,5]]},"246":{"position":[[2784,7],[4106,8]]},"248":{"position":[[2350,5]]},"250":{"position":[[23,6]]},"254":{"position":[[456,6]]},"260":{"position":[[117,5]]},"268":{"position":[[3960,5],[6303,5],[6445,5],[7134,7],[11453,6],[14769,7],[14870,7],[15135,7],[15223,5],[15336,5],[15967,5],[16069,8],[16097,8],[16209,5],[16292,5]]},"282":{"position":[[33,6]]},"286":{"position":[[38,6]]},"290":{"position":[[9,5]]},"306":{"position":[[192,7],[254,7],[316,7]]}}}],["allowed.e.g",{"_index":642,"t":{"216":{"position":[[553,13]]}}}],["allowed_email",{"_index":1658,"t":{"306":{"position":[[276,15]]}}}],["allowed_email_domain",{"_index":1657,"t":{"306":{"position":[[207,22]]}}}],["allowed_group",{"_index":1656,"t":{"306":{"position":[[152,15]]}}}],["allowedgroup",{"_index":608,"t":{"206":{"position":[[2371,13],[2394,13]]}}}],["allowedto",{"_index":561,"t":{"204":{"position":[[1583,9]]}}}],["alpha",{"_index":198,"t":{"165":{"position":[[44,5],[297,5],[353,5],[665,5]]},"167":{"position":[[15,5],[153,5],[194,5]]},"169":{"position":[[24,5],[92,5],[189,5],[510,5]]},"171":{"position":[[106,5],[1408,5],[1524,5]]},"176":{"position":[[22,5],[108,5],[267,6]]}}}],["alphaopt",{"_index":225,"t":{"165":{"position":[[607,12]]},"176":{"position":[[0,12]]},"192":{"position":[[13,13]]},"210":{"position":[[33,13]]},"214":{"position":[[13,13]]},"222":{"position":[[13,13]]}}}],["altern",{"_index":503,"t":{"202":{"position":[[927,13]]},"252":{"position":[[496,14]]},"304":{"position":[[523,14]]}}}],["alway",{"_index":468,"t":{"200":{"position":[[532,6]]},"298":{"position":[[745,6]]}}}],["amazon",{"_index":1613,"t":{"300":{"position":[[61,6],[255,6]]}}}],["amd64",{"_index":24,"t":{"155":{"position":[[262,7],[564,6]]}}}],["amount",{"_index":1383,"t":{"268":{"position":[[14694,6]]}}}],["anchor",{"_index":659,"t":{"218":{"position":[[625,6]]}}}],["and/or",{"_index":494,"t":{"202":{"position":[[732,6]]}}}],["announc",{"_index":937,"t":{"238":{"position":[[723,9]]}}}],["anoth",{"_index":343,"t":{"176":{"position":[[1037,7]]},"224":{"position":[[82,7]]},"226":{"position":[[176,7]]}}}],["anyth",{"_index":469,"t":{"200":{"position":[[551,8]]}}}],["apach",{"_index":1422,"t":{"274":{"position":[[668,6]]}}}],["api",{"_index":418,"t":{"190":{"position":[[189,3]]},"226":{"position":[[250,5],[1300,5],[1322,5],[1363,4],[2281,3]]},"228":{"position":[[490,3]]},"240":{"position":[[78,3]]},"242":{"position":[[368,3]]},"246":{"position":[[1979,3]]},"268":{"position":[[76,3],[4480,3]]}}}],["api/v1",{"_index":1198,"t":{"256":{"position":[[635,9]]}}}],["app",{"_index":811,"t":{"228":{"position":[[90,3],[294,3],[465,3],[518,4],[1143,3],[1217,4]]},"232":{"position":[[16,3]]},"246":{"position":[[2215,5],[2701,4],[3925,3]]},"248":{"position":[[1334,3]]},"302":{"position":[[923,3]]}}}],["appear",{"_index":312,"t":{"174":{"position":[[0,8]]},"178":{"position":[[0,8]]},"180":{"position":[[0,8]]},"182":{"position":[[0,8]]},"184":{"position":[[16,8]]},"186":{"position":[[0,8]]},"188":{"position":[[0,8]]},"190":{"position":[[0,8]]},"192":{"position":[[0,8]]},"194":{"position":[[0,8]]},"196":{"position":[[0,8]]},"198":{"position":[[0,8]]},"200":{"position":[[0,8]]},"204":{"position":[[0,8]]},"206":{"position":[[0,8]]},"208":{"position":[[16,8]]},"210":{"position":[[20,8]]},"212":{"position":[[0,8]]},"214":{"position":[[0,8]]},"216":{"position":[[0,8]]},"218":{"position":[[0,8]]},"220":{"position":[[0,8]]},"222":{"position":[[0,8]]}}}],["append",{"_index":852,"t":{"228":{"position":[[2101,6]]},"282":{"position":[[2149,6]]}}}],["appli",{"_index":439,"t":{"192":{"position":[[428,7]]}}}],["applic",{"_index":52,"t":{"155":{"position":[[614,11]]},"190":{"position":[[395,11]]},"224":{"position":[[35,11]]},"226":{"position":[[538,12],[551,11],[1150,11],[1583,11],[1716,11]]},"228":{"position":[[7,12],[586,11]]},"230":{"position":[[74,11],[142,11],[174,12],[282,11]]},"240":{"position":[[230,12],[343,11],[468,12],[724,11]]},"244":{"position":[[14,11],[81,12],[124,10]]},"246":{"position":[[1817,13],[1890,12],[2169,11],[2255,11],[2391,11],[2542,12],[2571,12],[2668,11],[2989,12],[3549,11],[3806,12],[3876,11]]},"248":{"position":[[467,11],[559,11],[779,11],[3018,11],[3109,11]]},"252":{"position":[[19,11],[108,12]]},"256":{"position":[[13,12]]},"268":{"position":[[4690,11],[4731,11],[9892,10]]},"300":{"position":[[532,12]]},"304":{"position":[[228,11]]}}}],["application.y",{"_index":347,"t":{"176":{"position":[[1268,15]]}}}],["application/json",{"_index":95,"t":{"157":{"position":[[371,17]]}}}],["approach",{"_index":1608,"t":{"298":{"position":[[495,8]]}}}],["appropri",{"_index":758,"t":{"226":{"position":[[598,11]]},"234":{"position":[[1750,11]]},"236":{"position":[[421,11]]},"238":{"position":[[2153,11]]},"240":{"position":[[1107,11]]},"294":{"position":[[1239,14],[1442,14]]}}}],["approv",{"_index":288,"t":{"171":{"position":[[1005,8]]},"228":{"position":[[946,11]]},"268":{"position":[[208,8],[8188,8]]}}}],["approval_prompt",{"_index":1247,"t":{"268":{"position":[[237,15]]}}}],["apps/oauth2",{"_index":1169,"t":{"250":{"position":[[351,15]]}}}],["aren't",{"_index":1357,"t":{"268":{"position":[[11661,6]]}}}],["arg",{"_index":1034,"t":{"246":{"position":[[949,5]]}}}],["argument",{"_index":1166,"t":{"250":{"position":[[218,9]]},"266":{"position":[[19,8],[116,8]]},"272":{"position":[[19,8],[180,8]]}}}],["arm64",{"_index":26,"t":{"155":{"position":[[280,5]]}}}],["armv6",{"_index":25,"t":{"155":{"position":[[270,5]]}}}],["around",{"_index":491,"t":{"202":{"position":[[688,6]]}}}],["ask",{"_index":87,"t":{"157":{"position":[[256,5]]}}}],["assembl",{"_index":1226,"t":{"264":{"position":[[347,8]]}}}],["assemblynam",{"_index":1228,"t":{"264":{"position":[[390,12]]}}}],["assign",{"_index":798,"t":{"226":{"position":[[2374,6]]},"238":{"position":[[2720,8],[4184,8],[4573,6],[4634,6],[4690,7],[5115,6],[5174,8]]},"246":{"position":[[2926,11],[4073,12]]}}}],["associ",{"_index":969,"t":{"238":{"position":[[5277,10]]}}}],["assum",{"_index":1107,"t":{"248":{"position":[[526,6]]}}}],["attach",{"_index":788,"t":{"226":{"position":[[1836,8]]},"238":{"position":[[6187,6],[6661,9]]}}}],["attacksbetweem",{"_index":702,"t":{"220":{"position":[[1647,14]]}}}],["attempt",{"_index":308,"t":{"171":{"position":[[1338,10]]},"268":{"position":[[300,8]]},"276":{"position":[[99,10],[1062,8]]}}}],["attent",{"_index":145,"t":{"161":{"position":[[294,9]]}}}],["attribut",{"_index":1129,"t":{"248":{"position":[[1446,9]]},"268":{"position":[[2018,9]]},"282":{"position":[[2101,10]]}}}],["aud",{"_index":557,"t":{"204":{"position":[[1465,3]]},"238":{"position":[[1597,3],[1629,3],[2876,4],[3235,5]]},"268":{"position":[[2912,3],[7061,5],[13295,3]]}}}],["audienc",{"_index":560,"t":{"204":{"position":[[1564,9]]},"238":{"position":[[1169,10],[1200,8],[1229,8],[1545,8],[1776,9],[2533,8],[2862,8],[2924,8],[3100,8],[3150,8],[3201,9]]},"246":{"position":[[2225,9]]},"268":{"position":[[7000,8],[7052,8],[7080,8],[7114,9]]}}}],["audienceclaim",{"_index":555,"t":{"204":{"position":[[1351,14],[1375,13]]}}}],["auth",{"_index":71,"t":{"157":{"position":[[65,4]]},"171":{"position":[[630,4],[669,4]]},"182":{"position":[[412,4],[470,4]]},"194":{"position":[[633,4],[691,4]]},"226":{"position":[[1019,4],[1308,6]]},"228":{"position":[[1057,4],[1328,4],[1626,4],[1964,4],[2303,4]]},"230":{"position":[[450,4]]},"234":{"position":[[179,4]]},"236":{"position":[[65,4]]},"240":{"position":[[5,4]]},"268":{"position":[[263,4],[316,4],[598,4],[667,4],[7316,4],[7485,4],[7511,5],[7847,4],[11820,4],[11841,4],[11864,4],[11889,4],[12013,4],[12202,4],[12227,4],[12631,4],[12710,4],[12758,4],[12859,4],[13049,4]]},"274":{"position":[[519,4]]},"276":{"position":[[606,4],[790,4],[1057,4],[1473,4],[1524,4]]},"278":{"position":[[1545,4]]},"282":{"position":[[94,5],[477,4],[578,4]]},"286":{"position":[[437,4],[631,4],[912,4],[1131,5]]},"288":{"position":[[556,4],[841,4],[1111,4],[1317,4],[1670,4],[1889,4],[2003,4],[2051,4],[2179,4]]},"304":{"position":[[572,4],[633,4]]}}}],["auth/pass_basic_auth",{"_index":255,"t":{"171":{"position":[[323,20]]}}}],["auth/set_basic_auth",{"_index":261,"t":{"171":{"position":[[478,19]]}}}],["auth_cooki",{"_index":1492,"t":{"282":{"position":[[1568,12],[1630,13],[2252,13],[2305,13]]}}}],["auth_cookie_name_0",{"_index":1502,"t":{"282":{"position":[[2285,19],[2518,20]]}}}],["auth_cookie_name_1",{"_index":1503,"t":{"282":{"position":[[2323,19],[2561,20]]}}}],["auth_cookie_name_1=$auth_cookie_name_upstream_1$1",{"_index":1504,"t":{"282":{"position":[[2343,52]]}}}],["auth_cookie_name_upstream_1",{"_index":1499,"t":{"282":{"position":[[2014,28],[2463,30]]}}}],["auth_request",{"_index":1359,"t":{"268":{"position":[[11955,12],[12165,12],[12273,12]]},"282":{"position":[[10,12],[804,12],[927,12],[1538,12],[1871,12]]},"302":{"position":[[1175,12]]}}}],["auth_request_set",{"_index":1488,"t":{"282":{"position":[[1098,16],[1157,16],[1360,16],[1551,16],[1997,16],[2857,16],[3340,16]]}}}],["authent",{"_index":83,"t":{"157":{"position":[[200,14],[294,14],[458,14],[657,14]]},"176":{"position":[[444,14],[746,13],[1134,13]]},"206":{"position":[[1871,14]]},"220":{"position":[[1833,15]]},"226":{"position":[[3036,14]]},"234":{"position":[[234,14]]},"238":{"position":[[2188,14],[2208,14]]},"248":{"position":[[2935,13]]},"250":{"position":[[37,12]]},"254":{"position":[[498,13]]},"258":{"position":[[111,13]]},"268":{"position":[[142,14],[285,14],[356,14],[409,13],[442,12],[2581,12],[2667,12],[4860,12],[6263,14],[7793,15],[12661,14],[12777,14],[12891,14],[13100,14],[15173,15],[15352,14]]},"270":{"position":[[291,13]]},"274":{"position":[[419,15]]},"276":{"position":[[0,14],[113,13],[365,13],[440,12],[514,14],[1013,13]]},"282":{"position":[[49,12]]},"286":{"position":[[56,12]]},"288":{"position":[[273,13]]},"290":{"position":[[24,14]]},"292":{"position":[[802,12]]},"300":{"position":[[494,12]]},"302":{"position":[[109,14]]},"304":{"position":[[154,14],[294,14]]}}}],["authenticationprovid",{"_index":341,"t":{"176":{"position":[[994,22]]}}}],["autherror",{"_index":1435,"t":{"276":{"position":[[464,9]]}}}],["authfailur",{"_index":1433,"t":{"276":{"position":[[406,11]]}}}],["author",{"_index":259,"t":{"171":{"position":[[421,13],[536,13]]},"226":{"position":[[610,10],[692,10],[998,11]]},"234":{"position":[[67,13]]},"236":{"position":[[1031,14]]},"238":{"position":[[3725,13],[3765,13],[3811,13],[4728,10],[5379,13],[5631,9]]},"244":{"position":[[211,13]]},"246":{"position":[[1757,13],[1860,13],[1993,13],[2098,13],[2508,13],[2807,13],[3414,13],[4115,13],[4256,13]]},"248":{"position":[[3369,14]]},"258":{"position":[[3,9],[68,9],[179,9]]},"268":{"position":[[7378,13],[7438,13],[12081,13],[12111,13],[13125,13]]},"282":{"position":[[1667,13]]},"288":{"position":[[2031,13],[2207,13]]}}}],["authorizationnginx.ingress.kubernetes.io/auth",{"_index":1515,"t":{"282":{"position":[[3120,45]]}}}],["authresponsehead",{"_index":1570,"t":{"288":{"position":[[1978,20],[2154,20]]}}}],["authsuccess",{"_index":1431,"t":{"276":{"position":[[339,11],[1494,11]]}}}],["auto",{"_index":1565,"t":{"288":{"position":[[776,4]]}}}],["automat",{"_index":787,"t":{"226":{"position":[[1798,13]]},"304":{"position":[[186,13]]}}}],["automaticallyanchor",{"_index":654,"t":{"218":{"position":[[510,21]]}}}],["avail",{"_index":28,"t":{"155":{"position":[[291,10]]},"167":{"position":[[240,10]]},"171":{"position":[[85,9]]},"176":{"position":[[136,9]]},"196":{"position":[[195,9]]},"246":{"position":[[2037,9]]},"248":{"position":[[334,9]]},"270":{"position":[[737,9],[871,9],[950,9]]},"276":{"position":[[766,9]]},"278":{"position":[[618,9]]},"280":{"position":[[490,9]]},"290":{"position":[[198,9],[249,9]]},"294":{"position":[[1271,9]]}}}],["azur",{"_index":303,"t":{"171":{"position":[[1284,6]]},"206":{"position":[[660,5],[2223,6]]},"208":{"position":[[134,6]]},"224":{"position":[[226,5],[288,5]]},"228":{"position":[[59,5],[1051,5],[1322,5],[1342,6],[1533,5],[1620,5],[1841,5],[1958,5],[2297,5]]},"244":{"position":[[43,5]]},"268":{"position":[[496,5],[6523,5],[11320,6]]},"282":{"position":[[3676,7]]}}}],["azureconfig",{"_index":570,"t":{"206":{"position":[[594,11],[619,11]]}}}],["azureopt",{"_index":571,"t":{"206":{"position":[[606,12]]}}}],["b",{"_index":8,"t":{"155":{"position":[[78,2]]},"268":{"position":[[4937,1]]},"288":{"position":[[463,2],[1044,2],[1517,1]]}}}],["back",{"_index":1585,"t":{"294":{"position":[[100,4],[172,4]]}}}],["backend",{"_index":1358,"t":{"268":{"position":[[11758,8]]},"282":{"position":[[1041,8],[1352,7]]},"286":{"position":[[393,7],[659,7],[769,8],[837,8],[1279,7]]},"288":{"position":[[527,7],[812,7],[1139,7],[1345,7],[1455,8],[1527,8],[1595,8]]},"290":{"position":[[224,9],[259,8]]},"292":{"position":[[19,7],[42,7],[141,8],[366,7]]},"294":{"position":[[18,7],[1291,7]]}}}],["backport",{"_index":191,"t":{"163":{"position":[[632,8]]}}}],["backslash",{"_index":502,"t":{"202":{"position":[[872,9]]}}}],["backup",{"_index":1315,"t":{"268":{"position":[[5603,6],[5738,7]]},"274":{"position":[[266,6],[293,9],[310,6]]}}}],["balanc",{"_index":1615,"t":{"300":{"position":[[100,10],[241,8],[290,10]]}}}],["banner",{"_index":1293,"t":{"268":{"position":[[3384,6],[3412,6],[3454,7]]}}}],["bar",{"_index":672,"t":{"220":{"position":[[603,8],[641,5]]}}}],["base",{"_index":221,"t":{"165":{"position":[[505,5]]},"167":{"position":[[57,5]]},"176":{"position":[[523,5]]},"220":{"position":[[1386,7]]},"236":{"position":[[1025,5]]},"246":{"position":[[3391,5],[3929,4]]},"268":{"position":[[14640,5]]},"270":{"position":[[1243,5]]}}}],["base/dir",{"_index":697,"t":{"220":{"position":[[1467,12]]}}}],["base64",{"_index":447,"t":{"194":{"position":[[168,6]]},"212":{"position":[[213,6]]},"264":{"position":[[241,6],[302,6],[586,6]]},"268":{"position":[[1895,6]]}}}],["base64url",{"_index":1592,"t":{"294":{"position":[[457,9]]}}}],["bash",{"_index":1209,"t":{"264":{"position":[[73,4]]}}}],["basic",{"_index":254,"t":{"171":{"position":[[317,5],[472,5],[624,5]]},"182":{"position":[[406,5],[464,5]]},"194":{"position":[[627,5],[685,5]]},"268":{"position":[[592,5],[661,5],[7479,5],[7505,5],[7841,5],[8623,5],[8710,5],[12196,5],[12221,5]]}}}],["basicauthpassword",{"_index":382,"t":{"182":{"position":[[330,17],[361,17]]},"194":{"position":[[551,17],[582,17]]}}}],["baz",{"_index":673,"t":{"220":{"position":[[648,12],[690,4],[957,11]]}}}],["baz/abc/123",{"_index":683,"t":{"220":{"position":[[1021,12]]}}}],["bcrypt",{"_index":1299,"t":{"268":{"position":[[4943,6]]}}}],["bearer",{"_index":82,"t":{"157":{"position":[[181,6]]},"268":{"position":[[2834,6],[7452,6],[12125,6],[13199,6],[13260,6]]}}}],["becom",{"_index":385,"t":{"182":{"position":[[453,6]]},"194":{"position":[[674,6]]},"268":{"position":[[1314,7]]},"272":{"position":[[417,7],[481,7]]}}}],["befor",{"_index":213,"t":{"165":{"position":[[282,6]]},"169":{"position":[[0,6]]},"171":{"position":[[1488,6]]},"220":{"position":[[829,6],[1050,6]]},"268":{"position":[[5873,6]]}}}],["beforward",{"_index":514,"t":{"202":{"position":[[1494,11]]}}}],["behind",{"_index":62,"t":{"155":{"position":[[755,6]]},"268":{"position":[[11372,6]]}}}],["believ",{"_index":129,"t":{"161":{"position":[[12,7]]}}}],["beload",{"_index":376,"t":{"182":{"position":[[204,8]]},"194":{"position":[[425,8]]}}}],["belong",{"_index":413,"t":{"186":{"position":[[454,6]]},"234":{"position":[[510,6],[1535,6]]},"268":{"position":[[4013,6]]}}}],["below",{"_index":223,"t":{"165":{"position":[[541,5],[728,6],[863,5]]},"167":{"position":[[104,6],[271,5]]},"246":{"position":[[345,6]]},"264":{"position":[[50,5]]},"268":{"position":[[16334,5]]},"276":{"position":[[167,5],[324,5]]},"278":{"position":[[48,5]]},"280":{"position":[[237,6]]},"300":{"position":[[53,7]]}}}],["beoverridden",{"_index":512,"t":{"202":{"position":[[1384,12]]}}}],["bepass",{"_index":510,"t":{"202":{"position":[[1252,8]]}}}],["best",{"_index":946,"t":{"238":{"position":[[1429,4]]}}}],["between",{"_index":326,"t":{"176":{"position":[[290,7]]},"220":{"position":[[2135,7]]},"268":{"position":[[3180,7]]},"290":{"position":[[53,7]]}}}],["bewar",{"_index":212,"t":{"165":{"position":[[267,6]]},"304":{"position":[[838,6]]}}}],["bin/dex",{"_index":1032,"t":{"246":{"position":[[848,7]]}}}],["binari",{"_index":4,"t":{"155":{"position":[[43,6],[171,6],[349,8]]}}}],["bindaddress",{"_index":352,"t":{"176":{"position":[[1377,11],[1685,11]]},"214":{"position":[[108,11],[127,11]]}}}],["bit",{"_index":1109,"t":{"248":{"position":[[823,4],[1057,3]]},"294":{"position":[[387,3],[438,3]]}}}],["bitbucket",{"_index":304,"t":{"171":{"position":[[1291,10]]},"206":{"position":[[832,9]]},"208":{"position":[[141,10]]},"224":{"position":[[345,9]]},"254":{"position":[[477,9],[594,9],[713,9]]}}}],["bitbucketconfig",{"_index":575,"t":{"206":{"position":[[754,15],[787,15]]}}}],["bitbucketopt",{"_index":576,"t":{"206":{"position":[[770,16]]}}}],["blank",{"_index":624,"t":{"214":{"position":[[186,5],[315,5]]}}}],["block",{"_index":505,"t":{"202":{"position":[[958,6],[1040,5]]},"246":{"position":[[625,5]]},"276":{"position":[[294,5]]}}}],["bodi",{"_index":706,"t":{"220":{"position":[[1825,4]]},"282":{"position":[[842,4]]}}}],["bool",{"_index":317,"t":{"174":{"position":[[56,4]]},"190":{"position":[[329,4]]},"192":{"position":[[281,4]]},"204":{"position":[[166,4],[322,4],[501,4],[849,4]]},"220":{"position":[[1502,4],[1725,4],[2250,4],[2387,4]]},"222":{"position":[[131,4]]},"268":{"position":[[276,4],[1412,4],[1927,4],[2091,4],[2471,4],[2711,4],[3258,4],[3312,4],[4722,4],[5404,4],[5566,4],[6326,4],[6440,4],[6590,4],[7188,4],[7399,4],[7490,4],[7640,4],[7901,4],[7972,4],[9059,4],[9794,4],[10427,4],[10546,4],[11159,4],[11352,4],[11602,4],[11809,4],[12102,4],[12207,4],[12320,4],[12559,4],[12646,4],[13068,4],[13213,4],[13400,4],[13544,4],[13650,4],[13766,4],[13865,4]]}}}],["boolean",{"_index":426,"t":{"190":{"position":[[372,7]]}}}],["both",{"_index":349,"t":{"176":{"position":[[1302,4],[1610,4]]},"218":{"position":[[291,5]]},"238":{"position":[[3013,4]]},"282":{"position":[[2405,4]]}}}],["bracket",{"_index":1304,"t":{"268":{"position":[[5149,8],[5315,8]]}}}],["break",{"_index":203,"t":{"165":{"position":[[89,8]]}}}],["brief",{"_index":973,"t":{"238":{"position":[[5482,5]]}}}],["bring",{"_index":144,"t":{"161":{"position":[[281,5]]}}}],["brows",{"_index":231,"t":{"165":{"position":[[842,6]]}}}],["browser",{"_index":1154,"t":{"248":{"position":[[2922,8]]},"268":{"position":[[1366,7],[16186,8]]}}}],["browserxssfilt",{"_index":1548,"t":{"286":{"position":[[975,17]]},"288":{"position":[[1733,17]]}}}],["bs=32",{"_index":1216,"t":{"264":{"position":[[213,5]]}}}],["buffer",{"_index":714,"t":{"220":{"position":[[2165,6]]},"268":{"position":[[3206,7]]}}}],["build",{"_index":9,"t":{"155":{"position":[[81,5]]},"178":{"position":[[243,8]]},"248":{"position":[[2563,6],[2581,5]]},"298":{"position":[[962,8]]}}}],["built",{"_index":1016,"t":{"246":{"position":[[157,5]]}}}],["bundl",{"_index":1130,"t":{"248":{"position":[[1456,7]]}}}],["button",{"_index":1373,"t":{"268":{"position":[[13537,6]]}}}],["button=tru",{"_index":1138,"t":{"248":{"position":[[1902,11]]}}}],["bypass",{"_index":1369,"t":{"268":{"position":[[12770,6],[12884,6],[13405,6],[15345,6]]}}}],["bysom",{"_index":652,"t":{"218":{"position":[[457,6]]}}}],["byte",{"_index":445,"t":{"194":{"position":[[145,6]]},"212":{"position":[[190,6]]},"264":{"position":[[581,4],[633,6]]},"278":{"position":[[1215,5]]}}}],["c",{"_index":18,"t":{"155":{"position":[[193,2],[524,1]]},"264":{"position":[[115,1]]}}}],["c=us/st=washington/l=dc/o=gsa/ou=18f/cn=localhost",{"_index":1126,"t":{"248":{"position":[[1193,53]]}}}],["ca",{"_index":276,"t":{"171":{"position":[[865,2]]},"206":{"position":[[1707,2]]},"268":{"position":[[8269,2],[8300,2]]}}}],["cafil",{"_index":598,"t":{"206":{"position":[[1660,7],[1677,7]]}}}],["call",{"_index":419,"t":{"190":{"position":[[193,5]]},"226":{"position":[[1923,6],[2468,5]]},"268":{"position":[[4484,5]]}}}],["callback",{"_index":875,"t":{"234":{"position":[[81,8]]},"246":{"position":[[594,10]]},"252":{"position":[[121,8]]},"254":{"position":[[28,9]]},"302":{"position":[[963,8]]}}}],["caller",{"_index":471,"t":{"200":{"position":[[705,6]]}}}],["capitalis",{"_index":1415,"t":{"272":{"position":[[108,12]]}}}],["captur",{"_index":668,"t":{"220":{"position":[[507,8],[699,7],[885,7]]}}}],["case",{"_index":96,"t":{"157":{"position":[[398,4]]},"161":{"position":[[533,4]]},"220":{"position":[[1214,4]]},"248":{"position":[[3451,5]]},"250":{"position":[[839,5]]},"260":{"position":[[90,4]]},"268":{"position":[[13510,4]]},"294":{"position":[[1079,5]]}}}],["caseadd",{"_index":1227,"t":{"264":{"position":[[376,7]]}}}],["center",{"_index":744,"t":{"226":{"position":[[230,6],[318,6],[425,6]]}}}],["cert",{"_index":634,"t":{"216":{"position":[[260,4],[278,4]]},"268":{"position":[[14005,4]]},"298":{"position":[[65,4],[306,4]]}}}],["cert.pem",{"_index":1121,"t":{"248":{"position":[[1160,8]]}}}],["certif",{"_index":356,"t":{"176":{"position":[[1480,11],[1788,11]]},"206":{"position":[[1710,12]]},"214":{"position":[[400,11]]},"216":{"position":[[68,11],[294,11]]},"228":{"position":[[1182,12]]},"248":{"position":[[1008,11]]},"268":{"position":[[8303,12],[13674,12],[13790,12],[14030,11]]}}}],["certresolv",{"_index":1537,"t":{"286":{"position":[[447,13],[672,13]]},"288":{"position":[[624,13],[907,13],[1152,13],[1358,13]]}}}],["challeng",{"_index":611,"t":{"206":{"position":[[2500,9]]},"238":{"position":[[544,9]]},"268":{"position":[[876,9],[914,10]]}}}],["chang",{"_index":204,"t":{"165":{"position":[[98,7],[202,8]]},"176":{"position":[[283,6]]},"204":{"position":[[783,6]]},"240":{"position":[[82,8]]},"252":{"position":[[651,6]]},"268":{"position":[[1531,7]]},"302":{"position":[[150,7]]}}}],["channel",{"_index":1281,"t":{"268":{"position":[[2761,7]]}}}],["charact",{"_index":493,"t":{"202":{"position":[[709,10],[916,10],[1076,10]]}}}],["check",{"_index":73,"t":{"157":{"position":[[80,7]]},"218":{"position":[[134,7]]},"226":{"position":[[2723,7],[2986,7]]},"228":{"position":[[157,5]]},"238":{"position":[[6760,5]]},"268":{"position":[[8636,6],[8723,6],[8740,5],[8830,6]]},"302":{"position":[[391,6]]}}}],["checkedaft",{"_index":537,"t":{"204":{"position":[[655,12]]}}}],["checksum",{"_index":39,"t":{"155":{"position":[[441,8]]}}}],["chomp",{"_index":504,"t":{"202":{"position":[[949,8]]}}}],["choos",{"_index":0,"t":{"155":{"position":[[0,6]]},"176":{"position":[[1288,6],[1596,6]]},"226":{"position":[[108,6],[243,6],[290,6],[331,6],[438,6],[501,6],[526,6],[581,6],[805,6],[1315,6],[2303,6],[2559,6]]},"228":{"position":[[52,6]]},"238":{"position":[[6301,6]]}}}],["cidr",{"_index":1387,"t":{"268":{"position":[[15321,4]]}}}],["cipher",{"_index":640,"t":{"216":{"position":[[530,6],[663,6],[697,6]]},"268":{"position":[[14053,6],[14094,6],[14240,6],[14275,6]]},"298":{"position":[[797,6],[839,6],[1027,6]]}}}],["ciphersuit",{"_index":639,"t":{"216":{"position":[[478,12],[500,12]]}}}],["claim",{"_index":375,"t":{"182":{"position":[[75,5],[123,5],[136,5],[161,5],[393,5],[442,5]]},"194":{"position":[[344,5],[357,5],[382,5],[614,5],[663,5]]},"204":{"position":[[561,5],[1101,5],[1201,5],[1302,5],[1410,5],[1469,5]]},"224":{"position":[[477,7],[508,5]]},"236":{"position":[[361,5]]},"238":{"position":[[1115,5],[1601,5],[1633,5],[1799,6],[3241,5],[5819,5],[5890,5]]},"246":{"position":[[1782,6]]},"268":{"position":[[6636,5],[6851,5],[6875,5],[6929,5],[6953,5],[7009,5],[7033,5]]}}}],["claim/user_id_claim",{"_index":292,"t":{"171":{"position":[[1067,19]]}}}],["claimsourc",{"_index":373,"t":{"182":{"position":[[26,11]]},"212":{"position":[[13,12]]}}}],["clear",{"_index":1637,"t":{"302":{"position":[[704,6],[759,5]]}}}],["click",{"_index":778,"t":{"226":{"position":[[1328,5]]},"228":{"position":[[117,5],[398,5],[523,5],[616,5]]},"230":{"position":[[199,5]]},"238":{"position":[[2169,5],[2667,8],[2822,5],[3458,8]]},"246":{"position":[[1983,5],[2647,5]]}}}],["client",{"_index":269,"t":{"171":{"position":[[712,6],[732,6],[765,6]]},"204":{"position":[[1445,6],[1630,6]]},"206":{"position":[[140,6],[269,6],[441,6]]},"226":{"position":[[515,6],[838,6],[852,6],[1265,6],[1527,6],[2453,6]]},"228":{"position":[[1232,6],[1456,6],[1497,6],[1764,6],[1805,6]]},"230":{"position":[[239,6],[250,6],[349,6],[390,6]]},"236":{"position":[[103,6],[292,6],[460,6],[498,6]]},"238":{"position":[[27,6],[58,6],[454,6],[524,6],[822,6],[885,6],[1046,6],[1193,6],[1250,6],[1370,6],[1511,6],[1750,6],[1889,7],[1928,6],[1957,6],[1982,6],[2047,6],[2054,6],[2083,6],[2181,6],[2558,6],[2582,7],[2615,6],[2729,6],[2813,8],[2917,6],[3194,6],[3425,6],[3919,6],[4097,6],[4134,6],[4253,6],[4457,6],[4481,7],[4546,7],[4668,7],[4796,7],[4959,6],[4984,7],[5017,6],[5525,6],[5714,6],[6144,6],[6205,7],[6213,7],[6246,6],[6267,6],[6343,6],[6890,7],[6923,6]]},"240":{"position":[[748,6],[777,6]]},"246":{"position":[[1011,6],[1034,6],[2891,6],[2905,6],[4169,6],[4183,6]]},"248":{"position":[[1587,6],[3565,6],[3589,6]]},"250":{"position":[[414,6],[428,6],[548,6],[582,6]]},"252":{"position":[[338,6],[352,6],[442,6],[466,6]]},"254":{"position":[[275,6],[289,6],[376,6],[400,6]]},"256":{"position":[[175,6],[189,6],[355,6],[405,6]]},"268":{"position":[[681,6],[708,6],[762,6],[793,6],[809,6],[855,6],[5133,8],[5299,8],[9173,6],[9241,7],[13317,6],[15455,6]]},"276":{"position":[[677,11],[833,6],[1408,7]]},"278":{"position":[[413,11],[688,6],[1480,7]]},"288":{"position":[[2276,6],[2307,6]]},"292":{"position":[[187,6],[340,6],[481,6]]},"294":{"position":[[109,6]]},"298":{"position":[[435,6],[453,6]]},"300":{"position":[[1424,6],[1442,6]]}}}],["client'",{"_index":906,"t":{"236":{"position":[[518,8]]},"238":{"position":[[43,8],[78,8],[1576,8],[2099,8],[2493,8],[2599,8],[2682,8],[2894,8],[2946,8],[4498,8],[4855,8],[5001,8],[5040,8],[6230,8],[6907,8]]}}}],["client/remot",{"_index":1440,"t":{"276":{"position":[[858,13]]},"278":{"position":[[713,13]]}}}],["client_id",{"_index":1069,"t":{"246":{"position":[[3499,9],[4564,13]]},"256":{"position":[[368,9]]}}}],["client_secret",{"_index":1070,"t":{"246":{"position":[[3513,13]]},"256":{"position":[[422,13]]}}}],["clientid",{"_index":563,"t":{"206":{"position":[[102,8],[118,8]]}}}],["clientsecret",{"_index":565,"t":{"206":{"position":[[223,12],[243,12],[475,12]]}}}],["clientsecretfil",{"_index":566,"t":{"206":{"position":[[356,16],[380,16]]}}}],["close",{"_index":1259,"t":{"268":{"position":[[1377,7]]}}}],["closest",{"_index":663,"t":{"220":{"position":[[364,7]]}}}],["cloud",{"_index":1146,"t":{"248":{"position":[[2259,5]]},"300":{"position":[[80,5]]}}}],["cloud/dock",{"_index":1142,"t":{"248":{"position":[[2179,12]]}}}],["cluster",{"_index":1345,"t":{"268":{"position":[[9509,7],[9561,7],[9650,7],[10419,7],[10449,8],[10475,7]]},"294":{"position":[[1260,7],[1418,7]]}}}],["cluster=tru",{"_index":1600,"t":{"294":{"position":[[1367,12],[1515,12]]}}}],["code",{"_index":610,"t":{"206":{"position":[[2495,4]]},"220":{"position":[[2005,4]]},"238":{"position":[[539,4]]},"246":{"position":[[2821,4],[4129,4]]},"268":{"position":[[871,4],[909,4]]},"278":{"position":[[1269,4]]}}}],["code_challenge_method",{"_index":609,"t":{"206":{"position":[[2462,21]]}}}],["codematch",{"_index":707,"t":{"220":{"position":[[1864,12]]}}}],["collabor",{"_index":170,"t":{"163":{"position":[[161,12]]},"186":{"position":[[217,13],[494,13]]},"234":{"position":[[310,13],[550,14],[934,13],[1104,13],[1456,13],[1575,14]]},"268":{"position":[[3749,13],[3873,13],[4053,13]]}}}],["collaboratorsit",{"_index":410,"t":{"186":{"position":[[315,15]]}}}],["collect",{"_index":619,"t":{"210":{"position":[[62,10]]},"222":{"position":[[47,10]]}}}],["combin",{"_index":1389,"t":{"268":{"position":[[15403,8]]},"274":{"position":[[675,8]]}}}],["come",{"_index":633,"t":{"216":{"position":[[242,4],[338,4]]},"238":{"position":[[4045,5]]}}}],["comma",{"_index":886,"t":{"234":{"position":[[889,5],[1605,5],[1669,5]]},"240":{"position":[[1025,5]]},"268":{"position":[[3049,5],[3703,5],[4169,5]]},"270":{"position":[[1057,5]]},"306":{"position":[[168,5],[230,5],[292,5]]}}}],["command",{"_index":56,"t":{"155":{"position":[[684,7]]},"250":{"position":[[205,7]]},"252":{"position":[[693,7]]},"262":{"position":[[35,7],[135,7]]},"264":{"position":[[56,9]]},"266":{"position":[[6,7]]},"272":{"position":[[6,7],[365,7]]},"274":{"position":[[140,8]]},"294":{"position":[[731,8]]},"298":{"position":[[135,7]]},"300":{"position":[[1172,7]]}}}],["commandlin",{"_index":1153,"t":{"248":{"position":[[2830,12]]}}}],["common",{"_index":362,"t":{"178":{"position":[[99,6],[152,8]]},"244":{"position":[[204,6]]},"268":{"position":[[543,6],[581,8]]}}}],["commun",{"_index":113,"t":{"159":{"position":[[23,9]]}}}],["compat",{"_index":1327,"t":{"268":{"position":[[6542,14]]}}}],["complet",{"_index":954,"t":{"238":{"position":[[2120,8]]},"292":{"position":[[405,10]]},"298":{"position":[[1000,8]]}}}],["compos",{"_index":148,"t":{"161":{"position":[[353,7]]},"294":{"position":[[230,8]]}}}],["compress",{"_index":1311,"t":{"268":{"position":[[5395,8],[5437,10]]},"274":{"position":[[332,10],[354,10]]}}}],["compris",{"_index":1594,"t":{"294":{"position":[[565,9]]}}}],["concurr",{"_index":1582,"t":{"292":{"position":[[628,12]]}}}],["confident",{"_index":900,"t":{"236":{"position":[[150,13]]}}}],["confidenti",{"_index":939,"t":{"238":{"position":[[869,15]]}}}],["config",{"_index":55,"t":{"155":{"position":[[671,6]]},"165":{"position":[[691,6]]},"167":{"position":[[159,6],[200,6]]},"169":{"position":[[30,6],[82,6],[179,6],[197,6],[487,7],[516,6],[551,6]]},"171":{"position":[[1394,6],[1414,6],[1530,6]]},"240":{"position":[[495,6]]},"246":{"position":[[3684,6],[4346,6],[4845,6]]},"252":{"position":[[545,6]]},"262":{"position":[[82,6]]},"266":{"position":[[50,6],[162,6],[235,6]]},"268":{"position":[[993,6],[1015,6],[10938,6]]},"270":{"position":[[1173,6]]},"282":{"position":[[2906,6]]},"294":{"position":[[1741,6]]},"300":{"position":[[46,6],[645,6]]},"302":{"position":[[182,6]]}}}],["config=/etc/oauth2",{"_index":1243,"t":{"266":{"position":[[307,18]]}}}],["configur",{"_index":53,"t":{"155":{"position":[[642,9],[731,9]]},"157":{"position":[[518,10],[698,14]]},"165":{"position":[[303,13],[359,13],[447,13],[511,13],[587,14],[639,14],[671,14],[898,13]]},"167":{"position":[[21,14]]},"169":{"position":[[123,13],[318,13],[406,13]]},"171":{"position":[[112,14]]},"176":{"position":[[39,13],[169,13],[402,9],[634,9],[869,9],[1225,9],[1464,9],[1547,9],[1772,9],[1850,9]]},"178":{"position":[[200,10]]},"200":{"position":[[48,13]]},"206":{"position":[[43,13],[556,14],[641,14],[720,14],[813,14],[902,14],[989,14],[1075,14],[1155,14],[1213,15],[1285,14]]},"214":{"position":[[49,13],[454,13]]},"220":{"position":[[53,13]]},"222":{"position":[[309,13]]},"224":{"position":[[105,9],[409,13]]},"228":{"position":[[1289,9]]},"230":{"position":[[268,9],[306,9]]},"238":{"position":[[1526,10],[2294,14],[2415,14],[2511,9],[2828,9],[3385,14],[3504,13]]},"246":{"position":[[360,9],[611,13],[1535,9],[1747,9],[1847,9],[2372,9],[3011,13],[3531,10]]},"250":{"position":[[165,14]]},"252":{"position":[[304,10]]},"254":{"position":[[442,13],[570,13]]},"262":{"position":[[20,10],[234,13]]},"268":{"position":[[393,13],[2977,13],[9917,15],[11257,13],[13491,10],[13985,13]]},"270":{"position":[[180,10],[511,10],[775,10],[1031,10]]},"272":{"position":[[339,13]]},"274":{"position":[[67,10],[183,9],[589,12]]},"276":{"position":[[582,9],[654,10]]},"278":{"position":[[315,9],[390,10]]},"280":{"position":[[134,13],[349,9],[425,10]]},"282":{"position":[[2798,13],[3744,10]]},"286":{"position":[[295,14]]},"288":{"position":[[240,10]]},"294":{"position":[[1031,9],[1153,9],[1390,9]]},"296":{"position":[[26,15]]},"298":{"position":[[0,9],[176,13],[481,13],[713,11]]},"300":{"position":[[0,9],[1213,13]]},"302":{"position":[[935,10]]},"304":{"position":[[971,13]]},"306":{"position":[[86,10]]}}}],["conflict",{"_index":1583,"t":{"292":{"position":[[768,9]]}}}],["conjunct",{"_index":342,"t":{"176":{"position":[[1020,11]]},"228":{"position":[[2056,11]]},"268":{"position":[[7817,11],[9621,11],[10209,11],[10369,11]]}}}],["connect",{"_index":517,"t":{"204":{"position":[[87,7],[993,7]]},"206":{"position":[[1748,10]]},"224":{"position":[[304,7],[556,7]]},"238":{"position":[[909,8],[2074,8]]},"246":{"position":[[7,7],[227,7],[271,7],[2635,7]]},"248":{"position":[[869,7],[913,8]]},"268":{"position":[[6683,7],[8341,10],[9517,10],[9569,10],[9666,10],[9826,10],[9975,10],[10071,11],[10264,10],[10317,10],[10432,7],[10483,10],[10551,7],[10642,10],[10692,10],[10726,10],[10815,10],[10972,10],[11021,10]]},"294":{"position":[[942,10],[970,10],[1223,10],[1426,10],[1614,10],[1775,10],[1824,10]]},"300":{"position":[[414,11]]},"302":{"position":[[455,11],[491,9]]}}}],["connect/auth",{"_index":910,"t":{"236":{"position":[[615,13]]}}}],["connect/token",{"_index":911,"t":{"236":{"position":[[710,14]]}}}],["connect/userinfo",{"_index":912,"t":{"236":{"position":[[807,17],[908,17]]}}}],["consent",{"_index":477,"t":{"202":{"position":[[165,7],[333,7]]},"226":{"position":[[345,7]]},"228":{"position":[[702,7],[810,7],[837,7]]}}}],["consent#th",{"_index":856,"t":{"228":{"position":[[2238,11]]}}}],["consid",{"_index":325,"t":{"176":{"position":[[256,10]]},"202":{"position":[[889,10]]}}}],["consol",{"_index":866,"t":{"230":{"position":[[29,7]]},"238":{"position":[[610,7],[658,7],[706,7],[803,7],[1282,7],[1407,8],[6856,7]]}}}],["consult",{"_index":948,"t":{"238":{"position":[[1466,7]]}}}],["consum",{"_index":1010,"t":{"242":{"position":[[353,8],[380,8]]},"254":{"position":[[16,8]]}}}],["contact",{"_index":1097,"t":{"248":{"position":[[96,7],[135,7]]}}}],["contain",{"_index":196,"t":{"165":{"position":[[17,8]]},"176":{"position":[[13,8]]},"192":{"position":[[561,8]]},"194":{"position":[[315,10]]},"204":{"position":[[1107,8],[1207,8],[1308,8]]},"212":{"position":[[360,10]]},"214":{"position":[[359,8]]},"216":{"position":[[25,8]]},"246":{"position":[[1466,9],[4746,10]]},"248":{"position":[[2508,8]]},"268":{"position":[[6881,8],[6959,8],[7039,8],[12391,7]]},"276":{"position":[[53,7],[305,7]]},"282":{"position":[[2217,7]]}}}],["content",{"_index":981,"t":{"238":{"position":[[7093,9]]},"248":{"position":[[1251,8]]},"282":{"position":[[864,7],[2240,8]]}}}],["contenttypenosniff",{"_index":1549,"t":{"286":{"position":[[998,19]]},"288":{"position":[[1756,19]]}}}],["contrib",{"_index":1242,"t":{"266":{"position":[[257,7]]}}}],["control",{"_index":1355,"t":{"268":{"position":[[11396,8]]}}}],["convert",{"_index":236,"t":{"169":{"position":[[74,7],[106,7],[171,7],[244,7]]},"182":{"position":[[379,8]]},"194":{"position":[[600,8]]}}}],["convolut",{"_index":498,"t":{"202":{"position":[[798,11]]}}}],["cooki",{"_index":76,"t":{"157":{"position":[[112,6],[122,6],[543,8],[570,6]]},"226":{"position":[[933,6]]},"228":{"position":[[2336,6],[2374,6]]},"230":{"position":[[483,6],[521,6]]},"240":{"position":[[570,6],[814,6]]},"246":{"position":[[1147,6],[1167,6],[3618,7]]},"248":{"position":[[1729,6],[1811,6],[1861,6],[3847,6]]},"264":{"position":[[21,6]]},"268":{"position":[[1029,6],[1066,6],[1090,7],[1203,6],[1242,6],[1286,7],[1307,6],[1332,6],[1396,6],[1430,6],[1449,6],[1484,6],[1548,6],[1590,6],[1630,6],[1661,6],[1682,7],[1712,6],[1748,6],[1827,6],[1875,7],[1913,6],[1956,6],[1975,6],[2011,6],[2067,6],[2125,7],[2200,6],[2254,6],[11587,6],[11631,6],[11675,7],[11776,6],[11783,6],[15840,6]]},"272":{"position":[[398,6]]},"282":{"position":[[1487,6],[1623,6],[1710,7],[1847,7],[1914,7],[1979,7],[2094,6],[2131,6],[2233,6],[2414,6],[2511,6],[2554,6],[3475,8],[3728,6],[3761,6],[3810,6],[3929,6]]},"290":{"position":[[122,6],[309,6]]},"292":{"position":[[4,6],[126,6],[199,7],[426,7],[518,6],[579,6]]},"294":{"position":[[139,6],[196,6],[326,6]]},"298":{"position":[[373,6],[395,6]]},"300":{"position":[[1339,6],[1361,6]]},"302":{"position":[[711,8],[777,6]]},"304":{"position":[[103,8]]}}}],["cookie_secret",{"_index":1071,"t":{"246":{"position":[[3589,13]]},"264":{"position":[[681,15]]}}}],["cookienam",{"_index":1587,"t":{"294":{"position":[[257,12],[301,10],[541,12]]}}}],["copi",{"_index":241,"t":{"169":{"position":[[343,4]]},"248":{"position":[[2600,4]]},"282":{"position":[[1825,6]]}}}],["coreo",{"_index":1017,"t":{"246":{"position":[[171,6]]}}}],["corp.com\"]client_id",{"_index":1061,"t":{"246":{"position":[[3240,20]]}}}],["corpor",{"_index":127,"t":{"159":{"position":[[218,9]]}}}],["correct",{"_index":877,"t":{"234":{"position":[[104,7]]},"246":{"position":[[545,7]]},"256":{"position":[[110,7]]}}}],["correctli",{"_index":860,"t":{"228":{"position":[[2425,10]]},"230":{"position":[[572,10]]},"288":{"position":[[382,9]]}}}],["count=1",{"_index":1217,"t":{"264":{"position":[[219,7]]}}}],["cover",{"_index":1471,"t":{"280":{"position":[[30,7]]}}}],["creat",{"_index":182,"t":{"163":{"position":[[480,6]]},"226":{"position":[[40,6],[812,8],[1078,6],[2293,6],[2549,6]]},"228":{"position":[[253,6]]},"232":{"position":[[0,6]]},"234":{"position":[[0,6],[1350,7]]},"236":{"position":[[92,6],[299,6],[487,8],[1461,6]]},"238":{"position":[[811,6],[1053,6],[1136,6],[1349,6],[1944,8],[1964,6],[2040,6],[3561,6],[4348,8],[4397,6],[4446,8],[4523,6],[5503,8],[5701,6],[6131,8],[6438,6],[6480,6]]},"242":{"position":[[42,6]]},"246":{"position":[[2653,6],[3002,6],[3791,6]]},"248":{"position":[[443,6],[2429,6]]},"252":{"position":[[0,6]]},"256":{"position":[[0,6]]},"268":{"position":[[1512,8],[4914,7]]}}}],["credenti",{"_index":424,"t":{"190":{"position":[[284,11],[415,11]]},"226":{"position":[[297,13],[445,13],[478,12],[1170,11],[1603,11],[1736,12]]},"230":{"position":[[294,11]]},"236":{"position":[[270,10]]},"238":{"position":[[1024,10],[2440,11]]},"268":{"position":[[4665,11],[4710,11],[4751,11]]}}}],["crypto/tl",{"_index":647,"t":{"216":{"position":[[731,10]]},"268":{"position":[[14309,10]]},"298":{"position":[[914,10],[1062,11]]}}}],["csrf",{"_index":1272,"t":{"268":{"position":[[2074,4],[2120,4],[2207,4],[2249,4]]}}}],["current",{"_index":5,"t":{"155":{"position":[[50,8]]},"224":{"position":[[517,9]]},"246":{"position":[[1228,7]]},"268":{"position":[[6499,10]]},"298":{"position":[[735,9],[932,9]]}}}],["custom",{"_index":941,"t":{"238":{"position":[[1222,6],[3143,6],[5844,9]]},"246":{"position":[[2091,6]]},"268":{"position":[[2267,6],[2303,6],[2327,6],[2374,6],[3398,6],[3478,6]]},"282":{"position":[[3803,6]]},"298":{"position":[[508,13]]}}}],["cycl",{"_index":1639,"t":{"302":{"position":[[844,5],[906,6]]}}}],["d",{"_index":29,"t":{"155":{"position":[[302,2]]},"264":{"position":[[254,1]]}}}],["danger",{"_index":194,"t":{"165":{"position":[[0,6]]},"176":{"position":[[211,6]]}}}],["dashboard",{"_index":743,"t":{"226":{"position":[[220,9]]},"248":{"position":[[496,10],[798,10]]}}}],["data",{"_index":631,"t":{"216":{"position":[[210,4],[306,4]]},"236":{"position":[[1355,4]]},"248":{"position":[[426,4]]},"268":{"position":[[11745,4]]},"278":{"position":[[1392,4]]},"290":{"position":[[179,4]]},"292":{"position":[[550,4],[586,5]]}}}],["date",{"_index":1451,"t":{"276":{"position":[[1310,4]]},"278":{"position":[[1332,4]]},"280":{"position":[[602,4]]}}}],["day",{"_index":1122,"t":{"248":{"position":[[1170,4]]},"268":{"position":[[5693,4]]}}}],["dd",{"_index":1214,"t":{"264":{"position":[[194,2]]}}}],["debug",{"_index":1361,"t":{"268":{"position":[[12305,5]]}}}],["decim",{"_index":395,"t":{"184":{"position":[[153,7]]}}}],["decod",{"_index":1231,"t":{"264":{"position":[[620,6]]}}}],["decreas",{"_index":1204,"t":{"262":{"position":[[98,10]]}}}],["dedic",{"_index":951,"t":{"238":{"position":[[1916,11],[2523,9],[2641,9],[2695,10],[2775,10],[3415,9],[3467,9],[5053,9]]}}}],["deep",{"_index":1336,"t":{"268":{"position":[[8818,4]]}}}],["default",{"_index":428,"t":{"190":{"position":[[407,7]]},"200":{"position":[[176,9],[207,7],[431,7],[513,7],[637,7]]},"202":{"position":[[68,8],[226,7],[1170,7],[1198,7],[1218,7],[1363,7]]},"204":{"position":[[804,7],[1457,7]]},"206":{"position":[[1549,7],[1797,7]]},"216":{"position":[[647,7]]},"224":{"position":[[218,7]]},"226":{"position":[[1162,7],[1595,7],[1728,7]]},"228":{"position":[[2108,9],[2250,7]]},"238":{"position":[[680,8],[1290,8],[4339,8]]},"242":{"position":[[146,7]]},"244":{"position":[[196,7]]},"246":{"position":[[576,7],[1927,7],[2415,7],[2863,8],[4248,7]]},"252":{"position":[[575,8]]},"254":{"position":[[434,7]]},"268":{"position":[[24,7],[2433,7],[2749,7],[3446,7],[3526,7],[4390,9],[4702,7],[4743,7],[8391,7],[14224,7],[16039,8],[16110,7]]},"274":{"position":[[3,8],[627,7]]},"276":{"position":[[152,7],[636,7]]},"278":{"position":[[33,7],[372,7]]},"280":{"position":[[219,7],[407,7]]},"286":{"position":[[461,7],[686,7]]},"288":{"position":[[638,7],[921,7],[1166,7],[1372,7]]},"290":{"position":[[316,9]]},"292":{"position":[[34,7]]},"294":{"position":[[356,8]]},"298":{"position":[[635,8],[900,8]]},"300":{"position":[[168,8],[763,7]]},"302":{"position":[[620,7]]}}}],["defin",{"_index":331,"t":{"176":{"position":[[550,7]]},"204":{"position":[[1399,6]]},"206":{"position":[[158,7],[291,7],[1953,7]]},"212":{"position":[[140,7]]},"236":{"position":[[1511,6]]},"238":{"position":[[3447,7],[4126,7],[6020,7]]},"260":{"position":[[48,6]]}}}],["definit",{"_index":620,"t":{"210":{"position":[[76,11]]},"222":{"position":[[61,11]]}}}],["delay",{"_index":187,"t":{"163":{"position":[[571,5]]}}}],["demo",{"_index":1106,"t":{"248":{"position":[[512,5]]}}}],["demonstr",{"_index":156,"t":{"161":{"position":[[558,11]]}}}],["depend",{"_index":109,"t":{"157":{"position":[[680,10]]},"161":{"position":[[85,13]]},"163":{"position":[[339,14]]},"250":{"position":[[228,9]]},"268":{"position":[[8543,8]]},"302":{"position":[[1239,12]]}}}],["deploy",{"_index":1,"t":{"155":{"position":[[14,7],[748,6]]},"226":{"position":[[1754,8],[1867,8],[2005,8]]},"248":{"position":[[3075,11]]}}}],["deprec",{"_index":1368,"t":{"268":{"position":[[12735,11]]}}}],["describ",{"_index":205,"t":{"165":{"position":[[172,9]]},"167":{"position":[[77,9]]},"246":{"position":[[2156,8]]}}}],["descript",{"_index":315,"t":{"174":{"position":[[34,11]]},"176":{"position":[[334,11]]},"178":{"position":[[34,11]]},"180":{"position":[[34,11]]},"182":{"position":[[111,11]]},"186":{"position":[[34,11]]},"188":{"position":[[34,11]]},"190":{"position":[[34,11]]},"192":{"position":[[129,11]]},"194":{"position":[[127,11]]},"196":{"position":[[34,11]]},"198":{"position":[[34,11]]},"202":{"position":[[1098,11]]},"204":{"position":[[34,11]]},"206":{"position":[[90,11]]},"212":{"position":[[172,11]]},"214":{"position":[[96,11]]},"216":{"position":[[162,11]]},"218":{"position":[[308,11]]},"220":{"position":[[182,11]]},"222":{"position":[[106,11]]},"238":{"position":[[2760,11],[5488,11]]},"246":{"position":[[2324,11]]},"252":{"position":[[71,11]]},"268":{"position":[[12,11]]},"276":{"position":[[821,11]]},"278":{"position":[[676,11]]},"280":{"position":[[549,11]]}}}],["deselect",{"_index":955,"t":{"238":{"position":[[2274,10]]}}}],["desir",{"_index":442,"t":{"192":{"position":[[574,7]]}}}],["detail",{"_index":139,"t":{"161":{"position":[[167,7],[457,6]]},"165":{"position":[[122,8],[336,7]]},"228":{"position":[[2273,8]]},"246":{"position":[[508,8]]},"268":{"position":[[12330,8]]},"276":{"position":[[1042,7],[1552,8]]},"280":{"position":[[751,7]]}}}],["determin",{"_index":435,"t":{"192":{"position":[[307,10]]},"218":{"position":[[145,9]]},"220":{"position":[[1981,10],[2270,10]]},"268":{"position":[[9212,9]]},"288":{"position":[[362,9]]}}}],["dev.yaml",{"_index":1026,"t":{"246":{"position":[[679,9],[878,8]]}}}],["develop",{"_index":1076,"t":{"246":{"position":[[3737,9]]},"248":{"position":[[315,9]]}}}],["dex",{"_index":1018,"t":{"246":{"position":[[178,3],[352,4],[392,4],[435,4],[802,4],[1521,4]]}}}],["differ",{"_index":496,"t":{"202":{"position":[[759,9]]},"208":{"position":[[77,9]]},"226":{"position":[[2685,9]]},"268":{"position":[[2110,9],[6474,6]]},"274":{"position":[[381,9]]},"276":{"position":[[546,9]]},"278":{"position":[[279,9]]},"280":{"position":[[313,9]]}}}],["digitalocean",{"_index":614,"t":{"208":{"position":[[152,12]]},"224":{"position":[[332,12]]}}}],["dir",{"_index":1276,"t":{"268":{"position":[[2284,3]]}}}],["dir\",th",{"_index":696,"t":{"220":{"position":[[1427,10]]}}}],["direct",{"_index":361,"t":{"178":{"position":[[67,7]]},"238":{"position":[[2253,6]]},"282":{"position":[[23,9]]},"302":{"position":[[1188,9]]}}}],["directli",{"_index":1374,"t":{"268":{"position":[[13575,8]]},"302":{"position":[[22,8]]}}}],["directori",{"_index":810,"t":{"228":{"position":[[72,10],[1356,9]]},"240":{"position":[[1201,9]]},"246":{"position":[[1244,9]]},"248":{"position":[[2480,9]]},"266":{"position":[[265,10]]},"270":{"position":[[595,9]]}}}],["directory/develop/v2",{"_index":855,"t":{"228":{"position":[[2201,20]]}}}],["disabl",{"_index":625,"t":{"214":{"position":[[209,8],[338,8]]},"238":{"position":[[5072,9]]},"268":{"position":[[1781,8],[2425,7],[3438,7],[3518,7],[5798,7],[6829,8],[12564,7]]},"274":{"position":[[483,8],[791,8]]},"302":{"position":[[608,8]]}}}],["disallow",{"_index":1633,"t":{"302":{"position":[[244,9]]}}}],["disclos",{"_index":168,"t":{"163":{"position":[[65,9],[298,9]]}}}],["disclosur",{"_index":122,"t":{"159":{"position":[[139,11]]},"161":{"position":[[194,11],[491,10]]},"163":{"position":[[129,10]]},"294":{"position":[[839,11]]}}}],["discov",{"_index":158,"t":{"161":{"position":[[590,10]]}}}],["discoveri",{"_index":528,"t":{"204":{"position":[[447,9],[888,9]]},"248":{"position":[[3252,10],[3298,9],[3485,9],[3711,9]]},"268":{"position":[[6816,9],[13390,9],[13426,10]]},"304":{"position":[[826,11]]}}}],["discret",{"_index":193,"t":{"163":{"position":[[695,10]]}}}],["discuss",{"_index":167,"t":{"163":{"position":[[47,7],[216,10]]}}}],["display",{"_index":274,"t":{"171":{"position":[[821,7]]},"206":{"position":[[1591,7]]},"246":{"position":[[979,7]]},"256":{"position":[[332,7]]},"268":{"position":[[2449,7],[2476,7],[8445,7]]}}}],["doc",{"_index":1244,"t":{"268":{"position":[[66,4]]}}}],["docker",{"_index":20,"t":{"155":{"position":[[215,6]]},"246":{"position":[[1490,6]]},"248":{"position":[[2318,6],[2556,6],[2574,6]]}}}],["document",{"_index":197,"t":{"165":{"position":[[26,13]]},"216":{"position":[[742,14]]},"238":{"position":[[306,13],[1487,14],[5580,14],[6717,13]]},"246":{"position":[[2470,13]]},"250":{"position":[[387,13]]},"268":{"position":[[14320,14]]}}}],["doesn't",{"_index":859,"t":{"228":{"position":[[2398,7]]},"230":{"position":[[545,7]]}}}],["domain",{"_index":485,"t":{"202":{"position":[[529,7],[655,7]]},"224":{"position":[[147,6]]},"226":{"position":[[648,6],[1058,7],[2364,6]]},"234":{"position":[[407,8]]},"238":{"position":[[277,6]]},"240":{"position":[[1263,6]]},"246":{"position":[[1194,6]]},"248":{"position":[[3874,6]]},"258":{"position":[[22,6],[221,9]]},"268":{"position":[[1036,6],[1073,7],[1138,6],[1210,6],[2560,6],[2620,6],[15114,6],[15143,7],[15196,6],[15910,6],[15929,6],[16004,6],[16263,7]]},"272":{"position":[[469,6]]},"282":{"position":[[548,8]]},"286":{"position":[[469,8],[694,8]]},"288":{"position":[[646,8],[929,8],[1174,8],[1380,8]]},"304":{"position":[[854,6],[964,6],[1064,6]]},"306":{"position":[[268,7]]}}}],["domain.com",{"_index":1441,"t":{"276":{"position":[[964,10]]},"278":{"position":[[819,10]]}}}],["domain.tld/gitlab",{"_index":999,"t":{"240":{"position":[[1217,19]]}}}],["domain.tld/gitlab/oauth",{"_index":1004,"t":{"240":{"position":[[1366,24]]}}}],["domain.tld/oauth",{"_index":1002,"t":{"240":{"position":[[1332,16]]}}}],["domain=\"yourcompany.com",{"_index":1605,"t":{"298":{"position":[[237,24]]},"300":{"position":[[1274,24]]}}}],["domain=/oauth2/callback",{"_index":1183,"t":{"252":{"position":[[611,24]]}}}],["headers.default",{"_index":441,"t":{"192":{"position":[[456,16]]}}}],["headers/pass_user_head",{"_index":258,"t":{"171":{"position":[[390,25]]}}}],["headers/skip_auth_strip_head",{"_index":268,"t":{"171":{"position":[[680,31]]}}}],["headershould",{"_index":436,"t":{"192":{"position":[[346,12]]}}}],["headervalu",{"_index":372,"t":{"182":{"position":[[13,12]]},"192":{"position":[[540,13]]},"194":{"position":[[21,11]]},"212":{"position":[[26,12]]}}}],["health",{"_index":1334,"t":{"268":{"position":[[8629,6],[8716,6],[8823,6]]},"302":{"position":[[384,6]]}}}],["helm",{"_index":32,"t":{"155":{"position":[[333,6]]}}}],["here",{"_index":1101,"t":{"248":{"position":[[344,5]]}}}],["hex",{"_index":1591,"t":{"294":{"position":[[406,3]]}}}],["histor",{"_index":1573,"t":{"292":{"position":[[103,13]]}}}],["hit",{"_index":752,"t":{"226":{"position":[[408,3]]},"228":{"position":[[658,3],[1276,7]]}}}],["hold",{"_index":562,"t":{"206":{"position":[[33,5],[546,5],[631,5],[710,5],[803,5],[892,5],[979,5],[1065,5],[1145,5],[1275,5]]}}}],["homepag",{"_index":1175,"t":{"252":{"position":[[57,9]]}}}],["host",{"_index":248,"t":{"171":{"position":[[162,4]]},"220":{"position":[[2301,4]]},"240":{"position":[[185,7],[1053,6],[1175,6]]},"252":{"position":[[606,4]]},"256":{"position":[[47,4],[495,4],[560,4],[630,4]]},"268":{"position":[[1168,4],[7889,4],[7923,4]]},"276":{"position":[[959,4],[992,4]]},"278":{"position":[[475,9],[814,4],[847,4]]},"282":{"position":[[370,4],[375,6],[708,4],[713,6]]},"300":{"position":[[1006,4],[1011,6]]}}}],["host(`a",{"_index":1535,"t":{"286":{"position":[[342,8],[537,8]]},"288":{"position":[[432,8],[726,8],[1013,8]]}}}],["host(`oauth.example.com",{"_index":1567,"t":{"288":{"position":[[1255,26]]}}}],["host>/api/v3",{"_index":897,"t":{"234":{"position":[[1953,13]]}}}],["host>/auth/realms//login/oauth/access_token",{"_index":896,"t":{"234":{"position":[[1878,31]]}}}],["host>/login/oauth/author",{"_index":895,"t":{"234":{"position":[[1808,28]]}}}],["host>/oauth2/callback",{"_index":1191,"t":{"256":{"position":[[144,21],[298,22]]}}}],["host_head",{"_index":1456,"t":{"278":{"position":[[143,13]]}}}],["hostnam",{"_index":1157,"t":{"248":{"position":[[3220,9]]},"252":{"position":[[228,8]]},"254":{"position":[[131,8]]}}}],["hosts.thi",{"_index":699,"t":{"220":{"position":[[1574,10]]}}}],["hour",{"_index":807,"t":{"226":{"position":[[3105,4]]}}}],["hst",{"_index":1622,"t":{"300":{"position":[[737,5]]}}}],["htaccess",{"_index":1332,"t":{"268":{"position":[[7784,8]]}}}],["html",{"_index":1277,"t":{"268":{"position":[[2310,4],[3405,6],[3485,6]]}}}],["htpasswd",{"_index":1280,"t":{"268":{"position":[[2457,8],[2521,8],[4826,8],[4883,8],[4927,8],[4963,8],[5034,8]]}}}],["http",{"_index":350,"t":{"176":{"position":[[1307,4],[1316,5],[1615,4],[1624,5]]},"220":{"position":[[1568,5]]},"256":{"position":[[26,9]]},"268":{"position":[[107,4],[656,4],[1943,6],[3252,5],[3271,5],[3346,4],[5051,4],[5128,4],[5231,5],[5293,5],[7500,4],[12216,4],[13708,5],[13824,5],[14513,4],[15524,4],[15697,4],[16153,5],[16167,6]]},"270":{"position":[[151,4],[160,5]]},"274":{"position":[[439,4]]},"278":{"position":[[0,4],[1257,4],[1404,4]]},"280":{"position":[[713,5]]},"286":{"position":[[310,5]]},"288":{"position":[[392,5]]},"290":{"position":[[70,4]]},"300":{"position":[[307,4],[340,4]]}}}],["http(",{"_index":346,"t":{"176":{"position":[[1239,7],[1561,7]]},"214":{"position":[[70,7]]},"220":{"position":[[1147,7]]},"270":{"position":[[91,7]]}}}],["http/1.0",{"_index":1442,"t":{"276":{"position":[[1080,8]]},"278":{"position":[[869,8]]}}}],["http/1.1",{"_index":1458,"t":{"278":{"position":[[186,8]]}}}],["http/1.1x",{"_index":1648,"t":{"304":{"position":[[623,9]]}}}],["http://0.0.0.0:8080\"]email_domain",{"_index":1088,"t":{"246":{"position":[[4524,35]]}}}],["http://127.0.0.1:4180",{"_index":1043,"t":{"246":{"position":[[1360,21]]},"282":{"position":[[330,22],[668,22]]},"300":{"position":[[966,22]]}}}],["http://127.0.0.1:4180/oauth2/callback",{"_index":1035,"t":{"246":{"position":[[1067,37]]},"248":{"position":[[3623,37]]}}}],["http://127.0.0.1:4180/oauth2/callback'nam",{"_index":1028,"t":{"246":{"position":[[722,44]]}}}],["http://127.0.0.1:4180/static",{"_index":1044,"t":{"246":{"position":[[1385,28]]}}}],["http://127.0.0.1:5556",{"_index":1162,"t":{"248":{"position":[[3678,21]]}}}],["http://127.0.0.1:5556/author",{"_index":1163,"t":{"248":{"position":[[3732,31]]}}}],["http://127.0.0.1:5556/dex",{"_index":1036,"t":{"246":{"position":[[1121,25]]}}}],["http://127.0.0.1:5556/key",{"_index":1165,"t":{"248":{"position":[[3819,26]]}}}],["http://127.0.0.1:5556/token",{"_index":1164,"t":{"248":{"position":[[3776,27]]}}}],["http://127.0.0.1:8080",{"_index":1404,"t":{"270":{"position":[[218,22]]}}}],["http://127.0.0.1:8080/some/path",{"_index":1405,"t":{"270":{"position":[[361,32]]}}}],["http://172.16.0.1:4180",{"_index":1544,"t":{"286":{"position":[[876,22]]},"288":{"position":[[1634,22]]}}}],["http://172.16.0.2:7555",{"_index":1543,"t":{"286":{"position":[[808,22]]},"288":{"position":[[1494,22]]}}}],["http://172.16.0.3:7555",{"_index":1568,"t":{"288":{"position":[[1566,22]]}}}],["http://[::1]:4180",{"_index":1306,"t":{"268":{"position":[[5194,17]]}}}],["http://[oauth2",{"_index":1408,"t":{"270":{"position":[[608,14],[963,14]]}}}],["http://]:::/sign_in",{"_index":1341,"t":{"268":{"position":[[9011,18]]}}}],["oauth2_proxy_",{"_index":1414,"t":{"272":{"position":[[93,14]]}}}],["oauth2_proxy_cookie_secret",{"_index":1417,"t":{"272":{"position":[[425,27]]}}}],["oauth2_proxy_email_domain",{"_index":1418,"t":{"272":{"position":[[489,27]]}}}],["oauth2_proxy_jwt_key",{"_index":1128,"t":{"248":{"position":[[1299,24]]}}}],["oauth2_proxy_jwt_key_file=/etc/ssl/private/jwt_signing_key.pem",{"_index":1151,"t":{"248":{"position":[[2672,62]]}}}],["oauth_proxi",{"_index":1262,"t":{"268":{"position":[[1500,11]]}}}],["obtain",{"_index":1396,"t":{"268":{"position":[[15664,9]]}}}],["occur",{"_index":1473,"t":{"280":{"position":[[187,5]]}}}],["oidc",{"_index":302,"t":{"171":{"position":[[1278,5]]},"196":{"position":[[229,4]]},"204":{"position":[[442,4],[883,4]]},"206":{"position":[[1174,4],[1208,4]]},"208":{"position":[[218,5],[259,5]]},"228":{"position":[[1560,4],[1868,4]]},"236":{"position":[[60,4]]},"238":{"position":[[20,4],[161,4],[1365,4],[1506,4],[1765,4],[1977,4],[3951,4],[4248,4],[5878,4]]},"240":{"position":[[1126,4]]},"246":{"position":[[244,6],[374,4],[965,4],[996,4],[1105,4],[1549,4]]},"248":{"position":[[16,4],[1673,4],[3247,4],[3293,4],[3480,4],[3559,4],[3662,4],[3706,4],[3805,4]]},"268":{"position":[[6298,4],[6410,4],[6455,4],[6574,4],[6614,4],[6649,4],[6740,4],[6761,4],[6811,4],[6840,4],[6870,4],[6917,4],[6948,4],[6995,4],[7028,4],[7069,4],[7409,4],[8163,4],[13385,4],[13412,4],[13469,4],[14997,4],[15875,4]]},"304":{"position":[[481,4],[667,4],[780,4],[889,4]]}}}],["oidc\"redirect_url",{"_index":1057,"t":{"246":{"position":[[3061,18],[4388,18]]}}}],["oidc_issuer_url",{"_index":850,"t":{"228":{"position":[[2036,16]]},"246":{"position":[[3372,15]]}}}],["oidcconfig",{"_index":584,"t":{"206":{"position":[[1111,10],[1134,10]]}}}],["oidcopt",{"_index":585,"t":{"206":{"position":[[1122,11]]}}}],["ok",{"_index":48,"t":{"155":{"position":[[571,2]]},"302":{"position":[[227,2],[340,2],[421,2]]}}}],["okta",{"_index":1019,"t":{"246":{"position":[[315,5],[1526,5],[1567,5],[1612,4],[2465,4],[3708,4],[3834,4],[4309,4],[4482,4]]}}}],["old",{"_index":1320,"t":{"268":{"position":[[5708,3],[5768,3]]}}}],["omit",{"_index":1401,"t":{"268":{"position":[[16195,4]]}}}],["on",{"_index":93,"t":{"157":{"position":[[354,3]]},"161":{"position":[[674,4]]},"202":{"position":[[95,3],[259,3],[614,3],[1458,3]]},"212":{"position":[[101,3]]},"248":{"position":[[2206,3]]},"254":{"position":[[683,3]]},"258":{"position":[[156,3]]},"264":{"position":[[39,3]]},"268":{"position":[[479,4],[9284,4],[13330,3]]},"276":{"position":[[313,3]]},"290":{"position":[[187,3]]}}}],["onc",{"_index":178,"t":{"163":{"position":[[421,4]]},"226":{"position":[[3097,4]]},"248":{"position":[[2843,4]]}}}],["onlyvalu",{"_index":513,"t":{"202":{"position":[[1436,10]]}}}],["open",{"_index":134,"t":{"161":{"position":[[113,4]]},"226":{"position":[[464,4]]},"230":{"position":[[0,4]]},"246":{"position":[[106,4]]}}}],["openid",{"_index":516,"t":{"204":{"position":[[80,6],[986,6]]},"224":{"position":[[297,6],[549,6]]},"238":{"position":[[901,7],[2066,7]]},"240":{"position":[[276,7]]},"246":{"position":[[0,6],[220,6],[2628,6]]},"248":{"position":[[862,6],[906,6]]},"268":{"position":[[6676,6]]}}}],["openssl",{"_index":1114,"t":{"248":{"position":[[1104,7]]},"264":{"position":[[78,7],[288,7]]}}}],["oppos",{"_index":1000,"t":{"240":{"position":[[1240,7]]}}}],["option",{"_index":58,"t":{"155":{"position":[[697,8]]},"165":{"position":[[164,7],[317,8],[373,7]]},"167":{"position":[[218,7],[263,7]]},"169":{"position":[[37,7],[256,7],[379,7],[437,7]]},"171":{"position":[[1233,8],[1251,6],[1369,7],[1480,7]]},"176":{"position":[[53,8],[77,7],[222,7]]},"182":{"position":[[246,8]]},"184":{"position":[[180,8]]},"192":{"position":[[416,6]]},"194":{"position":[[467,8]]},"200":{"position":[[186,6],[316,7]]},"202":{"position":[[1187,10],[1316,10]]},"208":{"position":[[101,7],[115,7]]},"216":{"position":[[102,8]]},"220":{"position":[[1585,6],[2039,6]]},"226":{"position":[[1066,11],[2071,7]]},"234":{"position":[[276,8],[362,7]]},"236":{"position":[[1050,8]]},"238":{"position":[[299,6],[356,9],[435,9],[499,9],[3965,7],[4782,7],[5127,7],[5440,6],[5896,6],[5945,6],[6051,6],[6308,8],[6546,6],[6651,6],[6974,8]]},"240":{"position":[[905,7]]},"246":{"position":[[1721,10],[2023,6],[2452,8]]},"248":{"position":[[1540,8],[2132,7],[3495,7]]},"252":{"position":[[407,8],[530,7],[706,7]]},"254":{"position":[[344,8],[584,7]]},"256":{"position":[[223,7]]},"262":{"position":[[48,8],[148,7]]},"266":{"position":[[169,6]]},"268":{"position":[[0,6],[52,9],[1057,8],[1652,8],[1883,11],[10776,6],[10871,7],[12680,7],[15437,10],[15740,6],[15917,7],[16362,7]]},"270":{"position":[[61,6]]},"284":{"position":[[5,6],[37,6]]},"288":{"position":[[175,7],[2326,6]]},"294":{"position":[[1575,6],[1670,7]]},"304":{"position":[[985,6]]}}}],["order",{"_index":1205,"t":{"262":{"position":[[109,5]]}}}],["org",{"_index":407,"t":{"186":{"position":[[46,3],[57,3],[478,3]]},"234":{"position":[[534,3],[635,7],[795,4],[1559,3]]},"268":{"position":[[3551,3],[4037,3]]}}}],["organ",{"_index":880,"t":{"234":{"position":[[259,12],[580,12],[713,12]]}}}],["organis",{"_index":408,"t":{"186":{"position":[[101,12]]},"234":{"position":[[678,12]]},"268":{"position":[[3597,12]]}}}],["organization'",{"_index":484,"t":{"202":{"position":[[514,14]]}}}],["organizationdefault",{"_index":474,"t":{"202":{"position":[[6,20]]}}}],["orgname/repo",{"_index":889,"t":{"234":{"position":[[1150,12]]},"268":{"position":[[3795,12]]}}}],["orgname/repo=accesslevel",{"_index":1295,"t":{"268":{"position":[[4302,25]]}}}],["origin",{"_index":760,"t":{"226":{"position":[[632,7]]},"246":{"position":[[146,10]]}}}],["os,base64",{"_index":1212,"t":{"264":{"position":[[125,10]]}}}],["otherwis",{"_index":473,"t":{"200":{"position":[[751,10]]},"204":{"position":[[631,10]]},"222":{"position":[[232,9]]},"246":{"position":[[1903,10]]},"304":{"position":[[992,9]]}}}],["out",{"_index":1053,"t":{"246":{"position":[[2125,3],[2318,3]]},"248":{"position":[[1156,3]]},"302":{"position":[[691,3]]},"304":{"position":[[17,4],[325,3]]}}}],["output",{"_index":1419,"t":{"274":{"position":[[34,6],[81,6]]},"276":{"position":[[142,6]]},"278":{"position":[[23,6]]},"280":{"position":[[80,6]]}}}],["outsid",{"_index":793,"t":{"226":{"position":[[2014,7]]},"272":{"position":[[326,7]]},"280":{"position":[[193,7]]}}}],["overrid",{"_index":648,"t":{"218":{"position":[[178,9]]},"244":{"position":[[183,8]]},"268":{"position":[[8465,8],[9938,8]]}}}],["overridden",{"_index":466,"t":{"200":{"position":[[371,10]]},"202":{"position":[[245,10],[388,11],[1279,11]]}}}],["override_speci",{"_index":1238,"t":{"264":{"position":[[711,16]]}}}],["overwrit",{"_index":1206,"t":{"262":{"position":[[161,9],[224,9]]}}}],["packag",{"_index":1202,"t":{"260":{"position":[[37,7]]}}}],["pad",{"_index":1593,"t":{"294":{"position":[[479,9]]}}}],["page",{"_index":195,"t":{"165":{"position":[[12,4],[143,4],[190,4],[331,4]]},"206":{"position":[[1654,5]]},"228":{"position":[[506,4],[1091,4],[1205,4]]},"268":{"position":[[2403,4],[3357,5],[8538,4],[12366,5],[13567,4]]},"302":{"position":[[656,5],[695,4],[1282,5]]},"304":{"position":[[329,4]]}}}],["pair",{"_index":1285,"t":{"268":{"position":[[2924,5]]},"294":{"position":[[533,4]]}}}],["pane",{"_index":745,"t":{"226":{"position":[[237,5],[284,5],[325,5],[432,5]]},"238":{"position":[[2659,4]]}}}],["parallel",{"_index":1274,"t":{"268":{"position":[[2173,8]]}}}],["paramet",{"_index":318,"t":{"174":{"position":[[83,9]]},"200":{"position":[[81,9],[280,10],[347,9],[476,9],[654,9]]},"202":{"position":[[36,9],[198,9],[366,9],[1159,10]]},"206":{"position":[[1965,10]]},"218":{"position":[[82,10],[202,9],[600,9]]},"238":{"position":[[6989,10]]},"270":{"position":[[258,10],[1096,10],[1121,9]]},"282":{"position":[[3773,10]]},"304":{"position":[[364,10]]},"306":{"position":[[123,10],[140,11]]}}}],["part",{"_index":323,"t":{"176":{"position":[[149,4]]},"282":{"position":[[1796,6],[2177,4],[2455,4]]}}}],["particularli",{"_index":1416,"t":{"272":{"position":[[286,12]]}}}],["pass",{"_index":67,"t":{"157":{"position":[[12,7]]},"171":{"position":[[157,4],[312,4],[344,4],[380,4],[416,4]]},"200":{"position":[[103,6],[253,6],[560,6],[677,6]]},"202":{"position":[[58,6],[216,6]]},"204":{"position":[[1593,4]]},"206":{"position":[[1988,6]]},"218":{"position":[[93,6],[212,6]]},"222":{"position":[[154,4]]},"226":{"position":[[2643,4]]},"228":{"position":[[2410,6]]},"230":{"position":[[557,6]]},"238":{"position":[[3008,4]]},"246":{"position":[[1795,6]]},"248":{"position":[[2283,4]]},"252":{"position":[[388,4]]},"254":{"position":[[325,4]]},"256":{"position":[[204,4]]},"268":{"position":[[644,7],[7145,4],[7170,4],[7193,4],[7373,4],[7404,4],[7474,4],[7495,4],[7698,7],[7836,4],[7858,4],[7884,4],[7906,4],[7954,4],[7977,4],[11992,4]]},"270":{"position":[[71,4]]},"282":{"position":[[990,4],[1301,4],[1330,4]]},"290":{"position":[[276,6]]}}}],["passhosthead",{"_index":719,"t":{"220":{"position":[[2235,14],[2255,14]]}}}],["password",{"_index":388,"t":{"182":{"position":[[529,8]]},"194":{"position":[[750,8]]},"268":{"position":[[603,8],[623,8],[2495,8],[9860,8],[9882,9],[9951,8],[10007,8],[10038,9],[10098,9],[10128,8]]}}}],["password/basic_auth_password",{"_index":266,"t":{"171":{"position":[[635,28]]}}}],["patch",{"_index":189,"t":{"163":{"position":[[601,7]]}}}],["path",{"_index":233,"t":{"167":{"position":[[123,4]]},"176":{"position":[[536,4]]},"190":{"position":[[251,4]]},"194":{"position":[[300,4]]},"198":{"position":[[150,4]]},"206":{"position":[[1698,5]]},"212":{"position":[[345,4]]},"220":{"position":[[140,4],[165,5],[296,4],[308,4],[407,5],[592,4],[622,4],[671,4],[721,4],[824,4],[877,4],[949,4],[1199,5],[1378,4]]},"222":{"position":[[171,4],[397,4],[422,5]]},"226":{"position":[[2888,4]]},"238":{"position":[[5939,5]]},"268":{"position":[[1007,4],[1637,4],[1668,4],[2295,4],[2354,4],[3037,4],[3073,5],[3131,5],[4632,4],[6070,4],[8291,5],[8572,4],[8766,4],[8961,4],[12805,5],[12943,5],[14022,4],[14357,4],[14559,5],[14653,4]]},"270":{"position":[[501,5],[703,4],[852,4],[1256,4]]},"278":{"position":[[177,8],[1166,4]]},"302":{"position":[[279,6]]}}}],["path.eg",{"_index":689,"t":{"220":{"position":[[1257,8]]}}}],["path/to/cert.key",{"_index":1627,"t":{"300":{"position":[[869,18]]}}}],["path/to/cert.pem",{"_index":1625,"t":{"300":{"position":[[830,18]]}}}],["path/to/existing/config.cfg",{"_index":237,"t":{"169":{"position":[[204,29],[558,29]]}}}],["path/to/new/config.yaml",{"_index":242,"t":{"169":{"position":[[523,25]]}}}],["path/to/sit",{"_index":1506,"t":{"282":{"position":[[2623,15]]}}}],["path_regex",{"_index":1246,"t":{"268":{"position":[[195,10],[13015,10],[13029,12]]}}}],["pathprefix",{"_index":1562,"t":{"288":{"position":[[491,16],[1285,16]]}}}],["pathprefix(`/no",{"_index":1564,"t":{"288":{"position":[[760,15]]}}}],["pathprefix(`/oauth2",{"_index":1541,"t":{"286":{"position":[[592,23]]},"288":{"position":[[1072,23]]}}}],["pattern",{"_index":487,"t":{"202":{"position":[[561,8],[978,8]]},"218":{"position":[[259,7],[379,7],[396,7]]},"220":{"position":[[449,7]]}}}],["pem",{"_index":455,"t":{"198":{"position":[[87,3],[182,3]]},"248":{"position":[[1023,4],[2383,3],[2528,3]]},"268":{"position":[[5925,3],[6102,3]]}}}],["per",{"_index":1201,"t":{"258":{"position":[[166,3]]},"268":{"position":[[484,3],[2079,3],[2133,3]]}}}],["perform",{"_index":961,"t":{"238":{"position":[[3757,7]]},"246":{"position":[[397,7],[1573,7]]}}}],["period",{"_index":392,"t":{"184":{"position":[[81,6]]},"220":{"position":[[2128,6]]},"268":{"position":[[3173,6]]}}}],["permiss",{"_index":804,"t":{"226":{"position":[[2778,11]]},"228":{"position":[[445,11],[494,11],[538,11],[598,12],[666,11],[775,10],[2222,11]]},"254":{"position":[[176,11]]}}}],["pick",{"_index":812,"t":{"228":{"position":[[144,4]]},"246":{"position":[[2235,4],[2660,4]]}}}],["pin",{"_index":1621,"t":{"300":{"position":[[713,3]]}}}],["ping",{"_index":1333,"t":{"268":{"position":[[8567,4],[8588,4],[8643,7],[8653,4],[12546,4],[12595,4]]},"274":{"position":[[716,5],[743,4],[815,4]]},"302":{"position":[[318,5]]}}}],["ping,/path2",{"_index":1289,"t":{"268":{"position":[[3109,14]]}}}],["pkce",{"_index":934,"t":{"238":{"position":[[569,4]]},"268":{"position":[[904,4]]}}}],["plain",{"_index":1251,"t":{"268":{"position":[[959,7]]},"282":{"position":[[2894,5]]}}}],["plan",{"_index":834,"t":{"228":{"position":[[1030,8]]}}}],["platform",{"_index":817,"t":{"228":{"position":[[270,8],[1660,8]]},"246":{"position":[[2603,8]]},"300":{"position":[[86,8],[276,8]]}}}],["pleas",{"_index":133,"t":{"161":{"position":[[99,6],[144,6],[346,6],[434,6]]},"165":{"position":[[260,6],[835,6]]},"224":{"position":[[430,6]]},"238":{"position":[[2113,6],[6688,6]]}}}],["plural",{"_index":1240,"t":{"266":{"position":[[186,6]]},"272":{"position":[[257,6]]}}}],["poc",{"_index":1266,"t":{"268":{"position":[[1699,6]]}}}],["point",{"_index":1003,"t":{"240":{"position":[[1349,8]]},"288":{"position":[[119,8]]}}}],["polici",{"_index":831,"t":{"228":{"position":[[884,8]]},"246":{"position":[[2351,8]]}}}],["popul",{"_index":920,"t":{"236":{"position":[[1276,8]]}}}],["port",{"_index":1023,"t":{"246":{"position":[[584,5]]},"268":{"position":[[16059,5],[16118,4],[16231,5],[16302,5]]},"300":{"position":[[390,4],[460,4]]},"304":{"position":[[1075,4]]}}}],["possibl",{"_index":124,"t":{"159":{"position":[[165,9]]},"161":{"position":[[467,9]]},"184":{"position":[[125,8]]},"236":{"position":[[82,9]]},"240":{"position":[[877,8]]},"268":{"position":[[2156,8]]}}}],["post",{"_index":138,"t":{"161":{"position":[[158,4]]}}}],["potenti",{"_index":159,"t":{"161":{"position":[[622,9]]},"220":{"position":[[1619,9]]}}}],["powershel",{"_index":1210,"t":{"264":{"position":[[86,10]]}}}],["pr",{"_index":136,"t":{"161":{"position":[[130,2]]},"163":{"position":[[373,3]]}}}],["practic",{"_index":947,"t":{"238":{"position":[[1434,10]]}}}],["pre",{"_index":963,"t":{"238":{"position":[[4122,3]]}}}],["prebuilt",{"_index":3,"t":{"155":{"position":[[34,8],[206,8],[340,8]]}}}],["preced",{"_index":664,"t":{"220":{"position":[[388,10]]},"262":{"position":[[118,11]]}}}],["prefer",{"_index":264,"t":{"171":{"position":[[582,6]]},"268":{"position":[[7569,9],[7619,6],[7645,6],[8054,9],[11902,9]]}}}],["preferred_usernam",{"_index":737,"t":{"224":{"position":[[489,18]]}}}],["prefix",{"_index":377,"t":{"182":{"position":[[219,6],[233,6],[255,6]]},"194":{"position":[[440,6],[454,6],[476,6]]},"220":{"position":[[627,8],[676,8]]},"268":{"position":[[1555,6],[8934,6],[15189,6],[15936,8]]},"272":{"position":[[75,9]]},"302":{"position":[[136,6],[175,6]]}}}],["preflight",{"_index":1367,"t":{"268":{"position":[[12636,9]]}}}],["prepend",{"_index":378,"t":{"182":{"position":[[275,9]]},"194":{"position":[[496,9]]}}}],["present",{"_index":163,"t":{"161":{"position":[[705,7]]},"268":{"position":[[8179,8],[13687,9],[13803,9]]},"290":{"position":[[237,7]]}}}],["preserv",{"_index":437,"t":{"192":{"position":[[362,9]]}}}],["preserverequestvalu",{"_index":434,"t":{"192":{"position":[[260,20],[286,20]]}}}],["pretti",{"_index":1167,"t":{"250":{"position":[[282,6]]}}}],["prevent",{"_index":522,"t":{"204":{"position":[[200,8]]},"292":{"position":[[460,7]]}}}],["preview",{"_index":979,"t":{"238":{"position":[[6818,7]]},"246":{"position":[[1682,7]]}}}],["previou",{"_index":192,"t":{"163":{"position":[[652,8]]}}}],["previous",{"_index":174,"t":{"163":{"position":[[287,10]]}}}],["primari",{"_index":324,"t":{"176":{"position":[[161,7]]}}}],["print",{"_index":239,"t":{"169":{"position":[[304,5]]},"268":{"position":[[15081,5]]}}}],["print(base64.urlsafe_b64encode(os.urandom(32)).decod",{"_index":1213,"t":{"264":{"position":[[136,57]]}}}],["prior",{"_index":210,"t":{"165":{"position":[[245,5]]},"240":{"position":[[119,5]]}}}],["privat",{"_index":143,"t":{"161":{"position":[[222,8]]},"163":{"position":[[37,9]]},"198":{"position":[[72,7],[162,7]]},"234":{"position":[[1048,7]]},"248":{"position":[[1065,7]]},"268":{"position":[[5910,7],[6082,7],[14365,7]]}}}],["process",{"_index":1150,"t":{"248":{"position":[[2587,7]]},"278":{"position":[[965,8]]},"282":{"position":[[2934,9],[2980,9]]}}}],["product",{"_index":751,"t":{"226":{"position":[[374,8]]},"248":{"position":[[294,10]]},"268":{"position":[[12437,11]]}}}],["profil",{"_index":282,"t":{"171":{"position":[[933,7]]},"206":{"position":[[2131,7]]},"236":{"position":[[727,7]]},"240":{"position":[[284,7]]},"248":{"position":[[1992,7]]},"268":{"position":[[8104,7],[8123,7]]}}}],["profileurl",{"_index":604,"t":{"206":{"position":[[2095,10],[2113,10]]}}}],["project",{"_index":114,"t":{"159":{"position":[[33,8],[74,7],[204,8]]},"188":{"position":[[113,8],[131,8],[184,8]]},"226":{"position":[[53,8],[123,7],[150,7],[184,7],[212,7]]},"234":{"position":[[13,8]]},"240":{"position":[[411,8]]},"242":{"position":[[55,8]]},"246":{"position":[[118,9]]},"268":{"position":[[4184,8],[4250,8]]}}}],["prometheu",{"_index":1338,"t":{"268":{"position":[[8883,10]]},"302":{"position":[[533,10]]}}}],["prompt",{"_index":287,"t":{"171":{"position":[[998,6]]},"268":{"position":[[217,6],[8149,6],[8168,7],[8197,6]]}}}],["prompt/approval_prompt",{"_index":289,"t":{"171":{"position":[[1014,22]]}}}],["promptallow",{"_index":476,"t":{"202":{"position":[[130,12]]}}}],["promptdefault",{"_index":479,"t":{"202":{"position":[[294,14]]}}}],["properli",{"_index":989,"t":{"240":{"position":[[551,9]]}}}],["propos",{"_index":172,"t":{"163":{"position":[[257,8]]}}}],["protect",{"_index":606,"t":{"206":{"position":[[2213,9]]},"228":{"position":[[315,7]]},"246":{"position":[[2189,11],[2279,8]]},"268":{"position":[[11310,9]]},"294":{"position":[[774,8]]}}}],["protectedresourc",{"_index":605,"t":{"206":{"position":[[2171,17]]}}}],["proto,host,uri",{"_index":1356,"t":{"268":{"position":[[11472,16]]}}}],["protocol",{"_index":940,"t":{"238":{"position":[[892,8]]},"248":{"position":[[842,9]]},"268":{"position":[[16136,8]]},"276":{"position":[[1071,8],[1101,9]]},"278":{"position":[[534,13],[860,8],[890,9]]}}}],["provid",{"_index":40,"t":{"155":{"position":[[455,8],[583,8],[633,8],[786,8]]},"157":{"position":[[309,8],[473,9],[740,8]]},"167":{"position":[[111,7]]},"171":{"position":[[803,8],[812,8],[856,8],[1215,8]]},"174":{"position":[[13,9]]},"176":{"position":[[1809,9],[1819,9],[1829,9],[1869,10]]},"178":{"position":[[13,9]]},"180":{"position":[[13,9]]},"186":{"position":[[13,9]]},"188":{"position":[[13,9]]},"190":{"position":[[13,9]]},"196":{"position":[[13,9],[234,9]]},"198":{"position":[[13,9]]},"200":{"position":[[13,9],[712,8]]},"204":{"position":[[13,9]]},"206":{"position":[[13,10],[24,8],[70,8],[212,10],[345,10],[584,9],[666,9],[744,9],[842,9],[929,9],[1015,9],[1101,9],[1190,9],[1313,9],[1414,10],[1425,8],[1504,9],[1581,9]]},"208":{"position":[[29,9],[87,8]]},"210":{"position":[[0,11],[47,9],[92,10]]},"224":{"position":[[54,8],[90,10],[195,9],[365,8],[400,8],[455,9],[564,9]]},"226":{"position":[[2747,8]]},"228":{"position":[[2308,8]]},"230":{"position":[[92,7],[455,8]]},"234":{"position":[[184,8],[1264,7]]},"236":{"position":[[24,8],[70,8],[1256,8]]},"238":{"position":[[3956,8]]},"240":{"position":[[10,8]]},"246":{"position":[[84,9],[133,8],[235,8],[297,9],[379,8],[553,8],[956,8],[970,8],[1001,9],[1554,8],[1918,8],[3050,8],[4377,8]]},"248":{"position":[[21,8],[1565,8],[1893,8],[3268,9],[3550,8]]},"250":{"position":[[14,8],[125,9],[528,8]]},"252":{"position":[[378,9]]},"254":{"position":[[315,9]]},"256":{"position":[[323,8]]},"260":{"position":[[27,9],[61,8],[151,9]]},"268":{"position":[[1811,9],[2538,8],[8220,8],[8242,8],[8260,8],[8359,9],[8436,8],[8555,9],[13528,8],[13714,9],[15002,9],[15820,9],[16344,8]]},"270":{"position":[[194,9],[353,7],[691,7],[1149,9]]},"288":{"position":[[34,8],[2252,8]]},"298":{"position":[[47,9],[418,12]]},"300":{"position":[[1384,12]]},"304":{"position":[[169,8],[785,8]]}}}],["provider'",{"_index":1160,"t":{"248":{"position":[[3422,10]]},"268":{"position":[[8478,10]]},"282":{"position":[[1699,10]]},"304":{"position":[[309,10]]}}}],["provider.example.com",{"_index":1653,"t":{"304":{"position":[[894,20]]}}}],["provider.example.com%2fsign_out_pag",{"_index":1647,"t":{"304":{"position":[[486,36]]}}}],["provider.if",{"_index":599,"t":{"206":{"position":[[1766,11]]}}}],["provider.thi",{"_index":592,"t":{"206":{"position":[[1374,13]]}}}],["provider/sign_out_pag",{"_index":1650,"t":{"304":{"position":[[672,25]]}}}],["provider=\"github",{"_index":1192,"t":{"256":{"position":[[247,17]]}}}],["provider=\"gitlab",{"_index":990,"t":{"240":{"position":[[605,17]]}}}],["provider=adf",{"_index":871,"t":{"230":{"position":[[333,13]]}}}],["provider=azur",{"_index":839,"t":{"228":{"position":[[1439,14],[1747,14]]}}}],["provider=bitbucket",{"_index":1186,"t":{"254":{"position":[[355,18]]}}}],["provider=digitalocean",{"_index":1179,"t":{"252":{"position":[[418,21]]}}}],["provider=keycloak",{"_index":903,"t":{"236":{"position":[[440,17]]},"238":{"position":[[2,17]]}}}],["providermust",{"_index":594,"t":{"206":{"position":[[1465,12]]}}}],["provideror",{"_index":586,"t":{"206":{"position":[[1179,10]]}}}],["providers.new",{"_index":1203,"t":{"260":{"position":[[98,15]]}}}],["providerthi",{"_index":564,"t":{"206":{"position":[[173,12],[306,12]]}}}],["providertyp",{"_index":593,"t":{"206":{"position":[[1434,12]]},"208":{"position":[[39,12]]}}}],["proxi",{"_index":23,"t":{"155":{"position":[[256,5],[546,5],[659,5]]},"157":{"position":[[32,5],[729,5]]},"159":{"position":[[12,5]]},"161":{"position":[[65,5],[339,6]]},"169":{"position":[[58,5],[163,5],[467,5],[502,5]]},"171":{"position":[[191,5],[1511,5]]},"176":{"position":[[204,6],[490,7],[973,5],[1045,5],[1262,5]]},"220":{"position":[[108,7],[1057,8],[1669,5],[2416,8]]},"222":{"position":[[365,7]]},"224":{"position":[[179,5]]},"226":{"position":[[1694,5],[2845,5],[2961,6]]},"228":{"position":[[1303,5]]},"230":{"position":[[320,5]]},"238":{"position":[[1697,5],[2985,5],[3621,5],[3746,5],[5434,5],[5679,5],[5913,6],[6068,6],[6413,5],[6540,5]]},"246":{"position":[[530,5],[789,5],[924,5],[1028,5],[1048,5],[3656,5],[3676,5],[4817,5],[4837,5]]},"248":{"position":[[393,5],[661,5],[1512,5],[1558,5],[2999,7],[3190,6],[3340,5],[3582,5],[3603,5]]},"252":{"position":[[206,5],[249,5]]},"254":{"position":[[108,6],[152,5]]},"256":{"position":[[238,6]]},"260":{"position":[[130,5]]},"262":{"position":[[7,5]]},"268":{"position":[[8928,5],[8976,5],[9042,5],[9082,8],[9268,5],[11346,5],[11389,6],[13177,5],[15427,5],[15549,5],[15718,5]]},"270":{"position":[[7,5],[623,5],[978,5]]},"274":{"position":[[19,5]]},"276":{"position":[[937,5]]},"278":{"position":[[792,5]]},"282":{"position":[[192,8],[1763,5]]},"284":{"position":[[31,5]]},"286":{"position":[[223,8]]},"288":{"position":[[138,5],[208,6],[1236,5]]},"290":{"position":[[109,5]]},"292":{"position":[[97,5],[396,5],[655,6]]},"296":{"position":[[52,5],[69,5]]},"298":{"position":[[38,5],[162,5],[221,5],[978,5]]},"300":{"position":[[133,5],[432,8],[451,5],[478,5],[1199,5],[1258,5]]},"302":{"position":[[7,5],[87,7],[169,5]]}}}],["proxiedto",{"_index":720,"t":{"220":{"position":[[2323,9]]}}}],["proxy'",{"_index":74,"t":{"157":{"position":[[96,7]]},"252":{"position":[[296,7]]},"282":{"position":[[86,7]]},"286":{"position":[[93,7]]},"304":{"position":[[91,7]]}}}],["proxy'secret",{"_index":1029,"t":{"246":{"position":[[775,13]]}}}],["proxy(e.g",{"_index":819,"t":{"228":{"position":[[337,10]]}}}],["proxy.cfg",{"_index":1241,"t":{"266":{"position":[[225,9],[326,9]]}}}],["proxy.thi",{"_index":339,"t":{"176":{"position":[[929,10]]}}}],["proxy/oauth2",{"_index":14,"t":{"155":{"position":[[123,12],[243,12]]}}}],["proxy/oauth2/callback",{"_index":1177,"t":{"252":{"position":[[163,22]]}}}],["proxy/v7@latest",{"_index":15,"t":{"155":{"position":[[136,15]]}}}],["proxy=tru",{"_index":1561,"t":{"288":{"position":[[306,11]]},"300":{"position":[[1409,10]]}}}],["proxy>/oauth2/callback",{"_index":1185,"t":{"254":{"position":[[63,23]]}}}],["proxy_buffer_s",{"_index":862,"t":{"228":{"position":[[2451,17]]},"230":{"position":[[598,17]]}}}],["proxy_connect_timeout",{"_index":1629,"t":{"300":{"position":[[1094,21]]}}}],["proxy_pass",{"_index":1479,"t":{"282":{"position":[[319,10],[657,10],[2584,10],[2948,10]]},"300":{"position":[[955,10]]}}}],["proxy_pass_request_bodi",{"_index":1485,"t":{"282":{"position":[[883,23]]}}}],["proxy_read_timeout",{"_index":1631,"t":{"300":{"position":[[1142,18]]}}}],["proxy_send_timeout",{"_index":1630,"t":{"300":{"position":[[1119,18]]}}}],["proxy_set_head",{"_index":1480,"t":{"282":{"position":[[353,16],[382,16],[423,16],[458,16],[559,16],[691,16],[720,16],[761,16],[847,16],[1218,16],[1249,16],[1428,16]]},"300":{"position":[[989,16],[1018,16],[1059,16]]}}}],["proxyrawpath",{"_index":729,"t":{"222":{"position":[[118,12],[136,12]]}}}],["proxyredirecturi",{"_index":1027,"t":{"246":{"position":[[702,18]]}}}],["proxyus",{"_index":1344,"t":{"268":{"position":[[9326,9]]}}}],["proxywebsocket",{"_index":722,"t":{"220":{"position":[[2371,15],[2392,15]]}}}],["pubjwk",{"_index":298,"t":{"171":{"position":[[1185,6]]},"248":{"position":[[1917,6]]},"268":{"position":[[9098,6]]}}}],["pubjwkurl",{"_index":457,"t":{"198":{"position":[[214,9],[231,9]]}}}],["pubkey",{"_index":459,"t":{"198":{"position":[[252,6]]},"268":{"position":[[9120,6]]}}}],["public",{"_index":888,"t":{"234":{"position":[[1011,6],[1229,6]]},"248":{"position":[[974,6]]}}}],["public_repo",{"_index":892,"t":{"234":{"position":[[1376,11]]}}}],["publicli",{"_index":140,"t":{"161":{"position":[[175,9]]}}}],["pull",{"_index":1448,"t":{"276":{"position":[[1173,6]]},"278":{"position":[[1036,6]]}}}],["push",{"_index":411,"t":{"186":{"position":[[341,4]]},"234":{"position":[[994,4]]},"268":{"position":[[3898,4]]}}}],["put",{"_index":16,"t":{"155":{"position":[[163,3]]}}}],["python",{"_index":1208,"t":{"264":{"position":[[66,6],[107,6]]}}}],["quay.io/oauth2",{"_index":22,"t":{"155":{"position":[[228,14]]}}}],["queri",{"_index":461,"t":{"200":{"position":[[75,5],[390,5]]},"202":{"position":[[1153,5],[1405,5]]},"218":{"position":[[76,5]]},"286":{"position":[[1287,6]]},"304":{"position":[[358,5]]},"306":{"position":[[117,5],[134,5]]}}}],["quick",{"_index":1113,"t":{"248":{"position":[[1080,5]]}}}],["quickli",{"_index":123,"t":{"159":{"position":[[154,7]]}}}],["quot",{"_index":499,"t":{"202":{"position":[[845,6]]}}}],["r_basicprofil",{"_index":1007,"t":{"242":{"position":[[168,14]]}}}],["r_emailaddress",{"_index":1008,"t":{"242":{"position":[[187,15]]}}}],["rand",{"_index":1223,"t":{"264":{"position":[[296,4]]}}}],["random",{"_index":534,"t":{"204":{"position":[[586,6]]},"276":{"position":[[1210,6]]},"278":{"position":[[1073,6]]},"294":{"position":[[391,6],[442,6]]}}}],["random_password",{"_index":1236,"t":{"264":{"position":[[663,17]]}}}],["rang",{"_index":1388,"t":{"268":{"position":[[15326,6]]}}}],["raw",{"_index":730,"t":{"222":{"position":[[163,3]]},"282":{"position":[[2229,3]]}}}],["rd",{"_index":1645,"t":{"304":{"position":[[355,2]]}}}],["re",{"_index":1584,"t":{"292":{"position":[[799,2]]},"304":{"position":[[200,2]]}}}],["reach",{"_index":1375,"t":{"268":{"position":[[13584,5]]}}}],["read",{"_index":805,"t":{"226":{"position":[[2862,4]]},"228":{"position":[[440,4]]},"234":{"position":[[1207,4]]},"238":{"position":[[5562,4]]},"254":{"position":[[240,4],[261,4]]}}}],["read_api",{"_index":988,"t":{"240":{"position":[[445,8]]}}}],["readi",{"_index":190,"t":{"163":{"position":[[613,6]]},"268":{"position":[[8760,5],[8782,5],[8837,8],[12602,5]]},"274":{"position":[[768,6]]},"302":{"position":[[398,6]]}}}],["real",{"_index":1155,"t":{"248":{"position":[[3070,4],[3215,4]]},"268":{"position":[[9168,4],[9226,4],[9312,4],[9342,4],[11428,4],[15450,4]]},"276":{"position":[[899,4]]},"278":{"position":[[754,4]]},"282":{"position":[[401,4],[739,4]]},"300":{"position":[[1037,4]]}}}],["realm",{"_index":899,"t":{"236":{"position":[[127,5]]},"238":{"position":[[219,6],[375,5],[846,5],[1871,5],[2006,5],[3902,5],[4081,5],[4359,5],[4382,5],[4420,6],[4707,6],[4906,5],[6959,5]]}}}],["realm>/protocol/openid",{"_index":909,"t":{"236":{"position":[[592,22],[687,22],[784,22],[885,22]]}}}],["reason",{"_index":801,"t":{"226":{"position":[[2537,6]]}}}],["recipi",{"_index":949,"t":{"238":{"position":[[1662,9],[3310,11]]}}}],["recommend",{"_index":767,"t":{"226":{"position":[[871,11],[1233,14],[1672,14]]},"238":{"position":[[1451,11]]},"268":{"position":[[977,13]]},"282":{"position":[[3574,11]]},"296":{"position":[[14,11]]}}}],["redeem",{"_index":280,"t":{"171":{"position":[[911,6]]},"204":{"position":[[686,6]]},"234":{"position":[[1837,6]]},"236":{"position":[[631,6]]},"248":{"position":[[3765,6]]},"250":{"position":[[686,6]]},"256":{"position":[[527,6]]},"268":{"position":[[9352,6],[13452,6]]}}}],["redeemurl",{"_index":602,"t":{"206":{"position":[[2035,9],[2052,9]]}}}],["redempt",{"_index":603,"t":{"206":{"position":[[2075,10]]},"268":{"position":[[9376,10]]}}}],["redi",{"_index":101,"t":{"157":{"position":[[552,6]]},"228":{"position":[[2498,5]]},"230":{"position":[[645,5]]},"268":{"position":[[9503,5],[9555,5],[9640,5],[9660,5],[9695,5],[9712,5],[9763,5],[9840,5],[9854,5],[9876,5],[9911,5],[9969,5],[9992,5],[10023,5],[10087,5],[10122,5],[10139,5],[10173,5],[10228,5],[10249,5],[10302,5],[10388,5],[10409,5],[10443,5],[10469,5],[10527,5],[10562,5],[10594,5],[10627,5],[10686,5],[10720,5],[10762,5],[10809,5],[10857,5],[10966,5],[11015,5],[11767,5]]},"290":{"position":[[326,5]]},"294":{"position":[[4,5],[57,6],[606,5],[711,5],[873,5],[936,5],[964,5],[1055,5],[1112,5],[1175,5],[1208,5],[1254,5],[1357,5],[1412,5],[1475,5],[1505,5],[1561,5],[1608,5],[1656,5],[1769,5],[1818,5]]},"302":{"position":[[474,5]]}}}],["redirect",{"_index":89,"t":{"157":{"position":[[276,10]]},"222":{"position":[[245,10]]},"224":{"position":[[123,8]]},"226":{"position":[[703,8]]},"228":{"position":[[232,8]]},"232":{"position":[[95,8]]},"236":{"position":[[174,8]]},"238":{"position":[[97,8],[928,8],[2343,8]]},"240":{"position":[[322,8],[625,8],[703,8],[1318,8]]},"242":{"position":[[217,8]]},"246":{"position":[[1054,8],[2720,8],[3969,8],[4029,8]]},"248":{"position":[[1379,8],[1619,8],[3610,8]]},"250":{"position":[[448,12]]},"252":{"position":[[315,8],[562,8],[680,8]]},"256":{"position":[[87,8],[267,8]]},"268":{"position":[[127,11],[2716,9],[3277,8],[3366,9],[9398,8],[9428,8],[11511,8],[15155,11],[16022,8]]},"282":{"position":[[490,8],[591,8]]},"288":{"position":[[0,8],[372,9],[561,8],[572,9],[781,11],[849,8],[1894,9],[2059,9]]},"302":{"position":[[816,8]]},"304":{"position":[[22,8],[269,8],[380,8],[550,8],[585,8],[646,9],[873,8],[1006,8]]}}}],["redis.conf",{"_index":1352,"t":{"268":{"position":[[10898,10]]},"294":{"position":[[1701,10]]}}}],["redis://host[:port",{"_index":1346,"t":{"268":{"position":[[9591,21],[9740,20],[10339,21]]}}}],["reduc",{"_index":970,"t":{"238":{"position":[[5311,6]]},"274":{"position":[[828,8]]}}}],["refer",{"_index":224,"t":{"165":{"position":[[552,9],[853,9]]},"167":{"position":[[94,9]]},"212":{"position":[[57,10]]},"238":{"position":[[5549,5],[6695,5]]},"248":{"position":[[930,5],[1284,8]]},"250":{"position":[[367,5]]}}}],["refresh",{"_index":768,"t":{"226":{"position":[[886,7],[940,7],[3079,9]]},"246":{"position":[[2830,7],[4138,7]]},"268":{"position":[[1719,7],[1736,7],[15847,8]]},"282":{"position":[[1494,8]]},"292":{"position":[[734,10]]}}}],["refresh/access/id",{"_index":1597,"t":{"294":{"position":[[787,17]]}}}],["refreshes.default",{"_index":539,"t":{"204":{"position":[[712,17]]}}}],["regardless",{"_index":1610,"t":{"298":{"position":[[679,10]]}}}],["regex",{"_index":72,"t":{"157":{"position":[[70,6]]},"268":{"position":[[12715,5]]}}}],["regist",{"_index":50,"t":{"155":{"position":[[596,8]]},"224":{"position":[[17,8]]},"228":{"position":[[404,9]]},"248":{"position":[[453,8],[765,8]]}}}],["registr",{"_index":738,"t":{"226":{"position":[[16,12]]},"228":{"position":[[94,13],[130,13],[469,13],[1147,12]]},"242":{"position":[[18,12]]}}}],["regular",{"_index":176,"t":{"163":{"position":[[365,7]]},"202":{"position":[[432,7],[814,7]]},"218":{"position":[[417,7]]},"220":{"position":[[534,7]]}}}],["releas",{"_index":6,"t":{"155":{"position":[[59,7],[473,7]]},"163":{"position":[[493,8],[661,9]]},"176":{"position":[[298,8]]},"204":{"position":[[764,8]]},"238":{"position":[[754,7]]}}}],["reload",{"_index":1571,"t":{"288":{"position":[[2336,6]]}}}],["remain",{"_index":674,"t":{"220":{"position":[[711,9]]},"238":{"position":[[2133,9]]},"242":{"position":[[300,9]]}}}],["remot",{"_index":1392,"t":{"268":{"position":[[15581,6]]}}}],["remote_addr",{"_index":1481,"t":{"282":{"position":[[409,13],[747,13]]},"300":{"position":[[1045,13]]}}}],["remote_address",{"_index":1425,"t":{"276":{"position":[[181,16]]},"278":{"position":[[62,16]]}}}],["remov",{"_index":206,"t":{"165":{"position":[[211,8]]},"167":{"position":[[255,7]]},"169":{"position":[[368,6],[429,7]]},"171":{"position":[[1467,6]]},"238":{"position":[[737,7]]},"304":{"position":[[76,7]]}}}],["renam",{"_index":207,"t":{"165":{"position":[[220,7]]}}}],["replac",{"_index":218,"t":{"165":{"position":[[479,7]]},"266":{"position":[[65,9]]},"272":{"position":[[129,9]]}}}],["replace(\"/\",\"_",{"_index":1230,"t":{"264":{"position":[[550,19]]}}}],["repo",{"_index":409,"t":{"186":{"position":[[176,4],[188,4]]},"234":{"position":[[1076,8]]},"248":{"position":[[2497,4]]},"268":{"position":[[3718,4]]}}}],["report",{"_index":1454,"t":{"276":{"position":[[1381,8]]},"278":{"position":[[1453,8]]}}}],["repositori",{"_index":371,"t":{"180":{"position":[[108,10],[126,10],[186,10]]},"186":{"position":[[239,10],[304,10],[360,10]]},"234":{"position":[[329,11],[953,11],[1018,10],[1056,11],[1126,10],[1236,10],[1320,11],[1445,10]]},"254":{"position":[[245,12],[696,10]]},"268":{"position":[[3771,10],[3862,10],[3917,11]]}}}],["repository=/index.php/apps/oauth2/api/v1/token",{"_index":1172,"t":{"250":{"position":[[714,40]]}}}],["url>/index.php/apps/oauth2/author",{"_index":1171,"t":{"250":{"position":[[647,37]]}}}],["url>/ocs/v2.php/cloud/user?format=json",{"_index":1173,"t":{"250":{"position":[[786,39]]}}}],["url]/stat",{"_index":1413,"t":{"270":{"position":[[984,13]]}}}],["url]/var/www/stat",{"_index":1409,"t":{"270":{"position":[[629,21]]}}}],["urldefault",{"_index":529,"t":{"204":{"position":[[457,10]]}}}],["urleg",{"_index":519,"t":{"204":{"position":[[102,6],[1006,6]]}}}],["urlparameterrul",{"_index":511,"t":{"202":{"position":[[1297,18]]},"218":{"position":[[32,16]]}}}],["us",{"_index":19,"t":{"155":{"position":[[196,5],[305,5],[665,5]]},"157":{"position":[[761,6]]},"161":{"position":[[550,4]]},"163":{"position":[[3,3],[361,3]]},"165":{"position":[[293,3],[659,5]]},"167":{"position":[[3,3],[141,5],[182,5]]},"169":{"position":[[64,5],[473,5]]},"171":{"position":[[100,5],[1352,3]]},"176":{"position":[[394,4],[626,4],[861,4],[953,4],[963,5],[1217,4],[1433,3],[1539,4],[1741,3],[1842,4]]},"178":{"position":[[233,4]]},"182":{"position":[[517,4]]},"186":{"position":[[285,3]]},"190":{"position":[[391,3]]},"192":{"position":[[183,4]]},"194":{"position":[[738,4]]},"196":{"position":[[210,5]]},"198":{"position":[[98,4],[193,4]]},"200":{"position":[[542,4]]},"202":{"position":[[941,3]]},"204":{"position":[[902,3],[1478,4]]},"206":{"position":[[467,4],[1738,4],[1826,4]]},"208":{"position":[[55,4]]},"220":{"position":[[316,4],[462,4],[528,5],[730,3],[2058,4]]},"224":{"position":[[390,5]]},"226":{"position":[[1144,5],[1577,5],[1709,3],[1812,3]]},"228":{"position":[[1042,3],[1947,5],[2287,5]]},"230":{"position":[[435,5]]},"234":{"position":[[1426,3],[1686,5]]},"236":{"position":[[47,3],[1135,4],[1440,5]]},"238":{"position":[[1377,5],[1842,3],[1883,5],[3126,3],[3932,5],[4239,5],[4739,5],[4828,5],[5249,6],[5417,5]]},"240":{"position":[[160,5],[1042,5]]},"244":{"position":[[175,4]]},"246":{"position":[[194,3],[263,4],[566,5],[1484,5],[1617,5],[4707,3]]},"248":{"position":[[2172,3],[3211,3]]},"250":{"position":[[105,5],[276,5]]},"252":{"position":[[370,3],[670,3]]},"254":{"position":[[43,3],[307,3],[555,3],[707,3]]},"258":{"position":[[29,3],[105,3],[209,3]]},"260":{"position":[[139,3]]},"264":{"position":[[35,3]]},"266":{"position":[[286,4]]},"268":{"position":[[900,3],[1181,4],[1542,3],[2414,3],[2658,3],[3427,3],[3507,3],[3843,3],[4686,3],[4727,3],[5448,5],[5571,3],[5936,4],[6113,4],[7271,4],[7655,3],[7741,3],[7809,4],[8331,4],[8420,4],[8517,4],[8614,4],[8701,4],[8809,4],[9204,4],[9613,4],[9646,3],[10048,4],[10116,3],[10201,4],[10234,3],[10361,4],[10394,3],[10415,3],[10502,3],[10533,3],[10661,3],[10932,5],[11095,3],[11503,4],[11938,7],[11980,4],[12148,7],[12256,7],[12430,3],[13702,5],[13818,5],[14108,4],[14255,5],[15731,3],[15890,5],[16308,3]]},"270":{"position":[[830,4],[1214,4]]},"272":{"position":[[299,6]]},"274":{"position":[[111,5],[735,5]]},"276":{"position":[[889,3]]},"278":{"position":[[744,3]]},"282":{"position":[[1651,5],[2677,3],[2719,3],[3589,3]]},"288":{"position":[[55,3],[330,3],[2299,3]]},"290":{"position":[[115,4]]},"292":{"position":[[78,4],[287,5]]},"294":{"position":[[863,5],[1102,3],[1118,3],[1363,3],[1481,3],[1511,3],[1735,5]]},"298":{"position":[[752,4],[942,4],[992,5]]},"300":{"position":[[218,5],[301,3],[670,3]]},"302":{"position":[[375,3],[751,4],[877,4],[1007,4],[1156,3],[1252,4]]},"304":{"position":[[345,5]]},"306":{"position":[[97,5]]}}}],["us/azure/act",{"_index":854,"t":{"228":{"position":[[2185,15]]}}}],["usag",{"_index":322,"t":{"176":{"position":[[62,5]]},"294":{"position":[[851,6]]}}}],["use.typ",{"_index":632,"t":{"216":{"position":[[218,13],[314,13]]}}}],["useapplicationdefaultcredenti",{"_index":425,"t":{"190":{"position":[[296,32],[334,32]]}}}],["used.list",{"_index":646,"t":{"216":{"position":[[678,9]]}}}],["user",{"_index":86,"t":{"157":{"position":[[248,4],[643,4]]},"171":{"position":[[385,4],[1059,4]]},"176":{"position":[[92,5],[436,4]]},"180":{"position":[[161,4]]},"186":{"position":[[371,5],[386,5],[399,5]]},"196":{"position":[[173,5]]},"204":{"position":[[1120,4],[1220,4],[1321,4]]},"206":{"position":[[1635,5]]},"220":{"position":[[795,5]]},"226":{"position":[[397,6],[2710,4],[2978,4]]},"234":{"position":[[436,4],[463,5],[971,5],[1196,5],[1286,4],[1481,4],[1619,8]]},"238":{"position":[[288,6],[3575,4],[3800,5],[4198,4],[4592,4],[4597,5],[5188,5],[5263,4],[6511,4],[6828,5],[6965,4]]},"242":{"position":[[119,4]]},"246":{"position":[[2949,5]]},"250":{"position":[[58,5]]},"254":{"position":[[659,5]]},"268":{"position":[[3938,4],[3966,5],[4972,4],[5043,5],[6972,4],[7529,5],[7635,4],[7863,4],[7959,4],[7994,5],[8658,4],[8678,4],[8746,4],[11833,5],[14916,5]]},"274":{"position":[[748,4]]},"276":{"position":[[94,4],[356,4],[425,4],[1367,4]]},"278":{"position":[[1439,4]]},"282":{"position":[[1013,4],[1115,5],[1237,4],[1242,6]]},"290":{"position":[[138,4]]},"292":{"position":[[790,5]]},"294":{"position":[[184,4]]},"302":{"position":[[258,4]]},"304":{"position":[[12,4],[121,4],[282,4],[393,4]]}}}],["user'",{"_index":335,"t":{"176":{"position":[[760,6],[1148,6]]},"238":{"position":[[3864,6],[5218,6]]},"268":{"position":[[6894,6]]},"290":{"position":[[17,6]]},"302":{"position":[[1022,6]]}}}],["user/prefer_email_to_us",{"_index":265,"t":{"171":{"position":[[598,25]]}}}],["user/settings/appl",{"_index":1189,"t":{"256":{"position":[[52,28]]}}}],["user@domain.com",{"_index":1426,"t":{"276":{"position":[[215,17]]},"278":{"position":[[96,17]]}}}],["user_ag",{"_index":1459,"t":{"278":{"position":[[195,14]]}}}],["userag",{"_index":1453,"t":{"276":{"position":[[1346,9]]},"278":{"position":[[548,14],[1418,9]]}}}],["useridclaim",{"_index":553,"t":{"204":{"position":[[1255,11],[1274,11]]}}}],["userinfo",{"_index":922,"t":{"236":{"position":[[1376,8]]}}}],["usernam",{"_index":386,"t":{"182":{"position":[[475,8]]},"186":{"position":[[416,9]]},"194":{"position":[[696,8]]},"234":{"position":[[1506,8],[1644,9]]},"238":{"position":[[4606,8]]},"268":{"position":[[2484,8],[3984,8],[7579,8],[7684,8],[7745,8],[8064,8],[11912,8]]},"276":{"position":[[63,8],[708,13],[1416,8],[1457,8]]},"278":{"position":[[444,13],[1488,8],[1529,8]]}}}],["username@email.com",{"_index":1455,"t":{"276":{"position":[[1425,18]]},"278":{"position":[[1497,18]]}}}],["usptream",{"_index":703,"t":{"220":{"position":[[1683,8]]}}}],["utc",{"_index":1316,"t":{"268":{"position":[[5631,3]]}}}],["util",{"_index":587,"t":{"206":{"position":[[1200,7]]}}}],["uuid",{"_index":1449,"t":{"276":{"position":[[1217,4]]},"278":{"position":[[1080,4]]}}}],["v1",{"_index":837,"t":{"228":{"position":[[1319,2]]}}}],["v19.0.0",{"_index":942,"t":{"238":{"position":[[1305,8]]}}}],["v2",{"_index":845,"t":{"228":{"position":[[1617,2]]},"286":{"position":[[12,2]]},"288":{"position":[[93,2]]}}}],["v2.0",{"_index":835,"t":{"228":{"position":[[1046,4],[1953,4]]}}}],["v3.0.0",{"_index":44,"t":{"155":{"position":[[503,7]]}}}],["v7.5.0",{"_index":7,"t":{"155":{"position":[[70,7]]}}}],["valid",{"_index":33,"t":{"155":{"position":[[365,9]]},"163":{"position":[[231,8]]},"171":{"position":[[966,8]]},"184":{"position":[[254,5]]},"206":{"position":[[2299,10]]},"208":{"position":[[109,5]]},"216":{"position":[[691,5]]},"218":{"position":[[172,5]]},"224":{"position":[[189,5]]},"226":{"position":[[962,9]]},"232":{"position":[[83,5]]},"234":{"position":[[1910,8]]},"236":{"position":[[168,5],[827,8]]},"238":{"position":[[262,8],[922,5],[2337,5],[3794,5]]},"250":{"position":[[756,8],[849,8]]},"256":{"position":[[595,8]]},"264":{"position":[[572,5]]},"268":{"position":[[180,6],[13660,10],[13776,10],[14269,5],[15014,8],[15047,10],[16016,5]]},"298":{"position":[[1017,5]]}}}],["validateurl",{"_index":607,"t":{"206":{"position":[[2248,11],[2267,11]]}}}],["valu",{"_index":320,"t":{"174":{"position":[[117,5]]},"176":{"position":[[723,6],[798,6],[1111,6],[1186,6]]},"178":{"position":[[143,5],[296,5]]},"182":{"position":[[62,5],[191,5],[292,5],[433,5],[538,6]]},"192":{"position":[[330,6],[533,6],[554,6],[582,6]]},"194":{"position":[[60,5],[110,5],[139,5],[152,5],[190,6],[337,6],[412,5],[513,5],[654,5],[759,6]]},"200":{"position":[[215,5],[224,6],[521,5],[732,5]]},"202":{"position":[[117,6],[144,6],[158,6],[174,6],[281,6],[326,6],[342,6],[412,6],[1226,5],[1235,6]]},"206":{"position":[[186,5],[319,5],[1388,5]]},"212":{"position":[[89,6],[184,5],[197,5],[235,6],[382,6]]},"218":{"position":[[250,5],[320,5],[335,5],[373,5],[481,6],[560,6],[610,5]]},"220":{"position":[[259,5]]},"224":{"position":[[423,6]]},"228":{"position":[[1264,5]]},"236":{"position":[[1539,5]]},"238":{"position":[[1731,6]]},"268":{"position":[[38,6],[4353,5]]},"270":{"position":[[795,5]]},"276":{"position":[[979,5]]},"278":{"position":[[834,5]]},"294":{"position":[[203,5]]}}}],["values.nam",{"_index":432,"t":{"192":{"position":[[204,12]]}}}],["values/acr_valu",{"_index":291,"t":{"171":{"position":[[1041,17]]}}}],["var/www/stat",{"_index":1412,"t":{"270":{"position":[[933,16]]}}}],["variabl",{"_index":60,"t":{"155":{"position":[[721,9]]},"171":{"position":[[61,9]]},"194":{"position":[[255,9]]},"212":{"position":[[300,9]]},"248":{"position":[[2157,10],[2303,9],[2366,9],[2747,9]]},"250":{"position":[[192,9]]},"262":{"position":[[69,9],[183,9],[209,9]]},"272":{"position":[[63,8],[238,8]]},"274":{"position":[[613,10]]},"276":{"position":[[776,9],[804,8]]},"278":{"position":[[628,9],[659,8]]},"280":{"position":[[500,9],[532,8]]},"282":{"position":[[2202,9],[2838,9],[3826,8]]},"302":{"position":[[189,9]]}}}],["verif",{"_index":527,"t":{"204":{"position":[[364,12],[1487,13],[1598,12]]},"220":{"position":[[1543,12]]},"268":{"position":[[6427,12],[6785,13],[7150,12],[9808,12]]}}}],["verifi",{"_index":36,"t":{"155":{"position":[[402,9]]},"186":{"position":[[294,9]]},"204":{"position":[[530,9],[1424,8]]},"234":{"position":[[1435,9]]},"238":{"position":[[3715,9]]},"268":{"position":[[3852,9],[6384,8],[6600,9],[9787,6],[13247,8],[13643,6],[13759,6]]}}}],["verifieddefault",{"_index":525,"t":{"204":{"position":[[260,15]]}}}],["verify/ssl_upstream_insecure_skip_verifi",{"_index":252,"t":{"171":{"position":[[252,40]]}}}],["version",{"_index":43,"t":{"155":{"position":[[495,7]]},"161":{"position":[[679,8]]},"216":{"position":[[123,7],[404,7],[466,7]]},"238":{"position":[[628,7],[765,7]]},"240":{"position":[[50,7],[111,7]]},"268":{"position":[[14392,7],[14419,7],[15069,7],[15087,7]]},"298":{"position":[[581,7],[670,8],[705,7],[772,8],[950,7]]}}}],["version=tls1.3",{"_index":1609,"t":{"298":{"position":[[615,15]]}}}],["via",{"_index":309,"t":{"171":{"position":[[1377,3],[1390,3]]},"200":{"position":[[382,3]]},"202":{"position":[[1397,3]]},"248":{"position":[[3308,3]]},"250":{"position":[[161,3]]},"262":{"position":[[31,3]]},"268":{"position":[[470,3],[7229,3],[7434,3],[10568,3]]},"276":{"position":[[1027,3]]},"282":{"position":[[71,3],[1007,3],[2944,3],[3755,3]]},"286":{"position":[[78,3]]},"294":{"position":[[717,3],[958,3]]},"300":{"position":[[733,3]]}}}],["visit",{"_index":1042,"t":{"246":{"position":[[1351,8]]}}}],["volum",{"_index":1423,"t":{"274":{"position":[[841,7]]}}}],["vulner",{"_index":131,"t":{"161":{"position":[[37,13],[606,13]]},"163":{"position":[[75,16],[308,15]]}}}],["wait",{"_index":727,"t":{"220":{"position":[[2541,4]]},"268":{"position":[[14725,4]]}}}],["want",{"_index":656,"t":{"218":{"position":[[574,4]]},"228":{"position":[[307,4]]},"238":{"position":[[5303,4]]},"246":{"position":[[1739,4]]},"248":{"position":[[580,4]]},"270":{"position":[[677,5]]},"294":{"position":[[1094,4]]},"304":{"position":[[865,4]]}}}],["warn",{"_index":211,"t":{"165":{"position":[[251,8]]},"268":{"position":[[12372,9],[15597,8]]}}}],["way",{"_index":465,"t":{"200":{"position":[[328,4]]},"234":{"position":[[217,4]]},"248":{"position":[[1086,3]]}}}],["web",{"_index":756,"t":{"226":{"position":[[533,4]]},"228":{"position":[[266,3]]},"246":{"position":[[1259,3],[2591,3],[3802,3],[3921,3]]}}}],["websocket",{"_index":723,"t":{"220":{"position":[[2428,10]]},"268":{"position":[[9048,10],[9072,9]]}}}],["websockets/proxy_websocket",{"_index":250,"t":{"171":{"position":[[197,27]]}}}],["well",{"_index":629,"t":{"216":{"position":[[91,4]]},"268":{"position":[[2958,5],[2996,5]]},"294":{"position":[[924,4],[1145,4],[1308,5]]}}}],["whenstream",{"_index":715,"t":{"220":{"position":[[2172,13]]}}}],["whether",{"_index":427,"t":{"190":{"position":[[380,7]]},"192":{"position":[[318,7]]},"218":{"position":[[155,7]]},"220":{"position":[[2281,7]]},"240":{"position":[[144,7]]},"250":{"position":[[241,7]]},"268":{"position":[[11405,7]]}}}],["whitelist",{"_index":1385,"t":{"268":{"position":[[15104,9],[15900,9],[16251,11]]},"304":{"position":[[954,9]]}}}],["whole",{"_index":658,"t":{"218":{"position":[[594,5]]},"286":{"position":[[236,5]]}}}],["whose",{"_index":301,"t":{"171":{"position":[[1258,5]]}}}],["wide_authority_to_your_service_account",{"_index":782,"t":{"226":{"position":[[1475,38]]}}}],["window",{"_index":867,"t":{"230":{"position":[[45,7]]}}}],["wish",{"_index":1051,"t":{"246":{"position":[[1839,4],[2271,4],[2364,4],[2969,4]]},"252":{"position":[[95,5]]}}}],["within",{"_index":132,"t":{"161":{"position":[[51,6]]},"165":{"position":[[131,6]]},"176":{"position":[[230,6]]},"182":{"position":[[81,6]]},"192":{"position":[[234,6]]},"212":{"position":[[112,6]]},"220":{"position":[[912,6]]},"226":{"position":[[1763,6]]},"234":{"position":[[703,6]]},"246":{"position":[[4737,6]]},"292":{"position":[[568,6]]}}}],["without",{"_index":209,"t":{"165":{"position":[[237,7]]},"176":{"position":[[307,7]]},"282":{"position":[[184,7]]},"286":{"position":[[215,7]]},"288":{"position":[[43,7]]}}}],["wizard",{"_index":870,"t":{"230":{"position":[[221,6]]}}}],["wo",{"_index":1566,"t":{"288":{"position":[[846,2],[2056,2]]}}}],["won't",{"_index":832,"t":{"228":{"position":[[897,5]]}}}],["work",{"_index":116,"t":{"159":{"position":[[61,4]]},"240":{"position":[[102,4],[546,4]]},"246":{"position":[[1236,7],[1940,5],[2437,4]]},"248":{"position":[[210,4]]},"268":{"position":[[14973,5]]},"282":{"position":[[1528,4]]}}}],["workload",{"_index":774,"t":{"226":{"position":[[1184,8],[1204,8],[1623,8],[1643,8],[1930,8],[1981,8],[2030,8]]},"268":{"position":[[4805,8]]}}}],["write",{"_index":891,"t":{"234":{"position":[[1300,5]]}}}],["x",{"_index":921,"t":{"236":{"position":[[1289,1]]},"268":{"position":[[7233,1],[7314,1],[7517,1],[7535,1],[7557,1],[7982,1],[8000,1],[8020,1],[8042,1],[9293,1],[9310,1],[9324,1],[9340,1],[11128,1],[11426,1],[11460,1],[11818,1],[11839,1],[11862,1],[11887,1],[12011,1],[13080,1]]},"276":{"position":[[897,1]]},"278":{"position":[[752,1]]},"282":{"position":[[399,1],[440,1],[475,1],[576,1],[737,1],[778,1],[1011,1],[1022,1],[1235,1],[1266,1],[1445,1]]},"288":{"position":[[337,1],[2001,1],[2177,1]]},"300":{"position":[[1035,1],[1076,1]]},"304":{"position":[[570,1]]}}}],["x.y.z.linux",{"_index":47,"t":{"155":{"position":[[552,11]]}}}],["x509",{"_index":1116,"t":{"248":{"position":[[1117,4]]}}}],["xauthrequest",{"_index":1329,"t":{"268":{"position":[[7287,12],[11796,12]]},"282":{"position":[[1080,12]]}}}],["xauthrequest/set_xauthrequest",{"_index":262,"t":{"171":{"position":[[502,29]]}}}],["xxx\"client_secret",{"_index":1089,"t":{"246":{"position":[[4580,18]]}}}],["xxxxx\"client_secret",{"_index":1062,"t":{"246":{"position":[[3263,20]]}}}],["yaml",{"_index":217,"t":{"165":{"position":[[464,4]]},"167":{"position":[[47,4]]},"169":{"position":[[295,4]]},"202":{"position":[[677,4]]},"286":{"position":[[288,6]]}}}],["you'd",{"_index":890,"t":{"234":{"position":[[1166,5]]}}}],["you'r",{"_index":773,"t":{"226":{"position":[[1133,6]]},"228":{"position":[[997,6]]}}}],["yourcompany.com",{"_index":960,"t":{"238":{"position":[[3680,17]]},"268":{"position":[[1107,18]]}}}],["yourself",{"_index":660,"t":{"218":{"position":[[635,8]]}}}],["yyy\"pass_access_token",{"_index":1090,"t":{"246":{"position":[[4601,22]]}}}],["yyyyy\"pass_access_token",{"_index":1063,"t":{"246":{"position":[[3286,24]]}}}],["zero",{"_index":1349,"t":{"268":{"position":[[10797,5]]},"294":{"position":[[1596,5]]}}}],["zzz\"cookie_secur",{"_index":1091,"t":{"246":{"position":[[4646,18]]}}}],["zzzzz\"skip_provider_button",{"_index":1065,"t":{"246":{"position":[[3333,27]]}}}]],"pipeline":["stemmer"]}}] \ No newline at end of file +[{"documents":[{"i":154,"t":"Installation","u":"/oauth2-proxy/docs/","b":["Docs"]},{"i":156,"t":"Behaviour","u":"/oauth2-proxy/docs/behaviour","b":["Docs"]},{"i":158,"t":"Security","u":"/oauth2-proxy/docs/community/security","b":["Docs","Community"]},{"i":164,"t":"Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","b":["Docs","Configuration"]},{"i":223,"t":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/configuration/oauth_provider","b":["Docs","Configuration"]},{"i":261,"t":"Overview","u":"/oauth2-proxy/docs/configuration/overview","b":["Docs","Configuration"]},{"i":289,"t":"Session Storage","u":"/oauth2-proxy/docs/configuration/session_storage","b":["Docs","Configuration"]},{"i":295,"t":"TLS Configuration","u":"/oauth2-proxy/docs/configuration/tls","b":["Docs","Configuration"]},{"i":301,"t":"Endpoints","u":"/oauth2-proxy/docs/features/endpoints","b":["Docs","Features"]}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/154",[0,2.222]],["t/156",[1,2.222]],["t/158",[2,2.222]],["t/164",[3,1.699,4,0.94]],["t/223",[4,0.761,5,1.375,6,1.375]],["t/261",[7,2.222]],["t/289",[8,1.699,9,1.699]],["t/295",[4,0.94,10,1.699]],["t/301",[11,2.222]]],"invertedIndex":[["alpha",{"_index":3,"t":{"164":{"position":[[0,5]]}}}],["behaviour",{"_index":1,"t":{"156":{"position":[[0,9]]}}}],["configur",{"_index":4,"t":{"164":{"position":[[6,13]]},"223":{"position":[[15,13]]},"295":{"position":[[4,13]]}}}],["endpoint",{"_index":11,"t":{"301":{"position":[[0,9]]}}}],["instal",{"_index":0,"t":{"154":{"position":[[0,12]]}}}],["oauth",{"_index":5,"t":{"223":{"position":[[0,5]]}}}],["overview",{"_index":7,"t":{"261":{"position":[[0,8]]}}}],["provid",{"_index":6,"t":{"223":{"position":[[6,8]]}}}],["secur",{"_index":2,"t":{"158":{"position":[[0,8]]}}}],["session",{"_index":8,"t":{"289":{"position":[[0,7]]}}}],["storag",{"_index":9,"t":{"289":{"position":[[8,7]]}}}],["tl",{"_index":10,"t":{"295":{"position":[[0,3]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":160,"t":"Security Disclosures","u":"/oauth2-proxy/docs/community/security","h":"#security-disclosures","p":158},{"i":162,"t":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/community/security","h":"#how-will-we-respond-to-disclosures","p":158},{"i":166,"t":"Using Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#using-alpha-configuration","p":164},{"i":168,"t":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":164},{"i":170,"t":"Removed options","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#removed-options","p":164},{"i":172,"t":"Configuration Reference","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#configuration-reference","p":164},{"i":173,"t":"ADFSOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#adfsoptions","p":164},{"i":175,"t":"AlphaOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#alphaoptions","p":164},{"i":177,"t":"AzureOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#azureoptions","p":164},{"i":179,"t":"BitbucketOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#bitbucketoptions","p":164},{"i":181,"t":"ClaimSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#claimsource","p":164},{"i":183,"t":"Duration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#duration","p":164},{"i":185,"t":"GitHubOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#githuboptions","p":164},{"i":187,"t":"GitLabOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#gitlaboptions","p":164},{"i":189,"t":"GoogleOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#googleoptions","p":164},{"i":191,"t":"Header","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#header","p":164},{"i":193,"t":"HeaderValue","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#headervalue","p":164},{"i":195,"t":"KeycloakOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#keycloakoptions","p":164},{"i":197,"t":"LoginGovOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#logingovoptions","p":164},{"i":199,"t":"LoginURLParameter","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#loginurlparameter","p":164},{"i":201,"t":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"","p":164},{"i":203,"t":"OIDCOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#oidcoptions","p":164},{"i":205,"t":"Provider","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#provider","p":164},{"i":207,"t":"ProviderType","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providertype","p":164},{"i":209,"t":"Providers","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providers","p":164},{"i":211,"t":"SecretSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#secretsource","p":164},{"i":213,"t":"Server","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#server","p":164},{"i":215,"t":"TLS","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#tls","p":164},{"i":217,"t":"URLParameterRule","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#urlparameterrule","p":164},{"i":219,"t":"Upstream","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstream","p":164},{"i":221,"t":"UpstreamConfig","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstreamconfig","p":164},{"i":225,"t":"Google Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#google-auth-provider","p":223},{"i":227,"t":"Azure Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#azure-auth-provider","p":223},{"i":229,"t":"ADFS Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adfs-auth-provider","p":223},{"i":231,"t":"Facebook Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#facebook-auth-provider","p":223},{"i":233,"t":"GitHub Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#github-auth-provider","p":223},{"i":235,"t":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-auth-provider","p":223},{"i":237,"t":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":223},{"i":239,"t":"GitLab Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitlab-auth-provider","p":223},{"i":241,"t":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#linkedin-auth-provider","p":223},{"i":243,"t":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":223},{"i":245,"t":"OpenID Connect Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#openid-connect-provider","p":223},{"i":247,"t":"login.gov Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#logingov-provider","p":223},{"i":249,"t":"Nextcloud Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#nextcloud-provider","p":223},{"i":251,"t":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":223},{"i":253,"t":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":223},{"i":255,"t":"Gitea Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitea-auth-provider","p":223},{"i":257,"t":"Email Authentication","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#email-authentication","p":223},{"i":259,"t":"Adding a new Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adding-a-new-provider","p":223},{"i":263,"t":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/configuration/overview","h":"#generating-a-cookie-secret","p":261},{"i":265,"t":"Config File","u":"/oauth2-proxy/docs/configuration/overview","h":"#config-file","p":261},{"i":267,"t":"Command Line Options","u":"/oauth2-proxy/docs/configuration/overview","h":"#command-line-options","p":261},{"i":269,"t":"Upstreams Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#upstreams-configuration","p":261},{"i":271,"t":"Environment variables","u":"/oauth2-proxy/docs/configuration/overview","h":"#environment-variables","p":261},{"i":273,"t":"Logging Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#logging-configuration","p":261},{"i":275,"t":"Auth Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#auth-log-format","p":261},{"i":277,"t":"Request Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#request-log-format","p":261},{"i":279,"t":"Standard Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#standard-log-format","p":261},{"i":281,"t":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":261},{"i":283,"t":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":261},{"i":285,"t":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":261},{"i":287,"t":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":261},{"i":291,"t":"Cookie Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#cookie-storage","p":289},{"i":293,"t":"Redis Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#redis-storage","p":289},{"i":297,"t":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":295},{"i":299,"t":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":295},{"i":303,"t":"Sign out","u":"/oauth2-proxy/docs/features/endpoints","h":"#sign-out","p":301},{"i":305,"t":"Auth","u":"/oauth2-proxy/docs/features/endpoints","h":"#auth","p":301}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/160",[0,4.031,1,3.493]],["t/162",[1,3.493,2,4.031]],["t/166",[3,2.64,4,3.39,5,1.854]],["t/168",[5,1.6,6,2.925,7,2.535,8,2.925]],["t/170",[9,4.031,10,3.493]],["t/172",[5,2.205,11,4.031]],["t/173",[12,4.97]],["t/175",[13,4.97]],["t/177",[14,4.97]],["t/179",[15,4.97]],["t/181",[16,4.97]],["t/183",[17,4.97]],["t/185",[18,4.97]],["t/187",[19,4.97]],["t/189",[20,4.97]],["t/191",[21,4.97]],["t/193",[22,4.97]],["t/195",[23,4.97]],["t/197",[24,4.97]],["t/199",[25,4.97]],["t/201",[26,2.925,27,2.925,28,2.925,29,2.925]],["t/203",[30,4.97]],["t/205",[31,1.64]],["t/207",[32,4.97]],["t/209",[31,1.64]],["t/211",[33,4.97]],["t/213",[34,4.97]],["t/215",[35,3.87]],["t/217",[36,4.97]],["t/219",[37,3.87]],["t/221",[38,4.97]],["t/225",[31,1.119,39,3.39,40,1.381]],["t/227",[31,1.119,40,1.381,41,2.938]],["t/229",[31,1.119,40,1.381,42,3.39]],["t/231",[31,1.119,40,1.381,43,3.39]],["t/233",[31,1.119,40,1.381,44,3.39]],["t/235",[31,1.119,40,1.381,45,2.938]],["t/237",[31,0.966,40,1.192,45,2.535,46,2.925]],["t/239",[31,1.119,40,1.381,47,3.39]],["t/241",[31,1.119,40,1.381,48,3.39]],["t/243",[31,0.966,41,2.535,49,2.925,50,2.535]],["t/245",[31,1.119,51,3.39,52,3.39]],["t/247",[31,1.33,53,4.031]],["t/249",[31,1.33,54,4.031]],["t/251",[31,1.119,40,1.381,55,3.39]],["t/253",[31,1.119,40,1.381,56,3.39]],["t/255",[31,1.119,40,1.381,57,3.39]],["t/257",[58,4.031,59,4.031]],["t/259",[7,2.938,31,1.119,50,2.938]],["t/263",[60,3.39,61,2.938,62,3.39]],["t/265",[63,4.031,64,4.031]],["t/267",[10,2.938,65,3.39,66,3.39]],["t/269",[5,2.205,37,3.139]],["t/271",[67,4.031,68,4.031]],["t/273",[5,2.205,69,2.874]],["t/275",[40,1.381,69,2.417,70,2.64]],["t/277",[69,2.417,70,2.64,71,3.39]],["t/279",[69,2.417,70,2.64,72,3.39]],["t/281",[3,2.003,5,1.407,73,2.229,74,2.573,75,2.573]],["t/283",[3,1.788,5,1.256,76,2.296,77,2.296,78,1.788,79,1.989]],["t/285",[78,2.278,79,2.535,80,2.925,81,2.925]],["t/287",[5,1.6,37,2.278,78,2.278,82,2.925]],["t/291",[61,3.493,83,3.493]],["t/293",[83,3.493,84,4.031]],["t/297",[35,2.278,85,2.535,86,2.925,87,2.535]],["t/299",[35,1.788,73,1.989,85,1.989,87,1.989,88,2.296,89,2.296]],["t/303",[90,4.031,91,4.031]],["t/305",[40,2.025]]],"invertedIndex":[["401",{"_index":80,"t":{"285":{"position":[[17,3]]}}}],["ad",{"_index":50,"t":{"243":{"position":[[16,2]]},"259":{"position":[[0,6]]}}}],["adf",{"_index":42,"t":{"229":{"position":[[0,4]]}}}],["adfsopt",{"_index":12,"t":{"173":{"position":[[0,11]]}}}],["alpha",{"_index":4,"t":{"166":{"position":[[6,5]]}}}],["alphaopt",{"_index":13,"t":{"175":{"position":[[0,12]]}}}],["auth",{"_index":40,"t":{"225":{"position":[[7,4]]},"227":{"position":[[6,4]]},"229":{"position":[[5,4]]},"231":{"position":[[9,4]]},"233":{"position":[[7,4]]},"235":{"position":[[9,4]]},"237":{"position":[[14,4]]},"239":{"position":[[7,4]]},"241":{"position":[[9,4]]},"251":{"position":[[13,4]]},"253":{"position":[[10,4]]},"255":{"position":[[6,4]]},"275":{"position":[[0,4]]},"305":{"position":[[0,4]]}}}],["auth_request",{"_index":74,"t":{"281":{"position":[[35,12]]}}}],["authent",{"_index":59,"t":{"257":{"position":[[6,14]]}}}],["azur",{"_index":41,"t":{"227":{"position":[[0,5]]},"243":{"position":[[10,5]]}}}],["azureopt",{"_index":14,"t":{"177":{"position":[[0,12]]}}}],["bitbucket",{"_index":56,"t":{"253":{"position":[[0,9]]}}}],["bitbucketopt",{"_index":15,"t":{"179":{"position":[[0,16]]}}}],["claimsourc",{"_index":16,"t":{"181":{"position":[[0,11]]}}}],["command",{"_index":65,"t":{"267":{"position":[[0,7]]}}}],["config",{"_index":63,"t":{"265":{"position":[[0,6]]}}}],["configur",{"_index":5,"t":{"166":{"position":[[12,13]]},"168":{"position":[[11,13]]},"172":{"position":[[0,13]]},"269":{"position":[[10,13]]},"273":{"position":[[8,13]]},"281":{"position":[[0,11]]},"283":{"position":[[0,11]]},"287":{"position":[[34,13]]}}}],["connect",{"_index":52,"t":{"245":{"position":[[7,7]]}}}],["convert",{"_index":6,"t":{"168":{"position":[[0,10]]}}}],["cooki",{"_index":61,"t":{"263":{"position":[[13,6]]},"291":{"position":[[0,6]]}}}],["digitalocean",{"_index":55,"t":{"251":{"position":[[0,12]]}}}],["direct",{"_index":75,"t":{"281":{"position":[[48,9]]}}}],["disclosur",{"_index":1,"t":{"160":{"position":[[9,11]]},"162":{"position":[[23,12]]}}}],["durat",{"_index":17,"t":{"183":{"position":[[0,8]]}}}],["e.g",{"_index":89,"t":{"299":{"position":[[32,4]]}}}],["email",{"_index":58,"t":{"257":{"position":[[0,5]]}}}],["environ",{"_index":67,"t":{"271":{"position":[[0,11]]}}}],["error",{"_index":81,"t":{"285":{"position":[[21,6]]}}}],["facebook",{"_index":43,"t":{"231":{"position":[[0,8]]}}}],["file",{"_index":64,"t":{"265":{"position":[[7,4]]}}}],["fix",{"_index":29,"t":{"201":{"position":[[27,5]]}}}],["format",{"_index":70,"t":{"275":{"position":[[9,6]]},"277":{"position":[[12,6]]},"279":{"position":[[13,6]]}}}],["forwardauth",{"_index":78,"t":{"283":{"position":[[42,11]]},"285":{"position":[[0,11]]},"287":{"position":[[0,11]]}}}],["gener",{"_index":60,"t":{"263":{"position":[[0,10]]}}}],["gitea",{"_index":57,"t":{"255":{"position":[[0,5]]}}}],["github",{"_index":44,"t":{"233":{"position":[[0,6]]}}}],["githubopt",{"_index":18,"t":{"185":{"position":[[0,13]]}}}],["gitlab",{"_index":47,"t":{"239":{"position":[[0,6]]}}}],["gitlabopt",{"_index":19,"t":{"187":{"position":[[0,13]]}}}],["googl",{"_index":39,"t":{"225":{"position":[[0,6]]}}}],["googleopt",{"_index":20,"t":{"189":{"position":[[0,13]]}}}],["header",{"_index":21,"t":{"191":{"position":[[0,6]]}}}],["headervalu",{"_index":22,"t":{"193":{"position":[[0,11]]}}}],["keycloak",{"_index":45,"t":{"235":{"position":[[0,8]]},"237":{"position":[[0,8]]}}}],["keycloakopt",{"_index":23,"t":{"195":{"position":[[0,15]]}}}],["line",{"_index":66,"t":{"267":{"position":[[8,4]]}}}],["linkedin",{"_index":48,"t":{"241":{"position":[[0,8]]}}}],["log",{"_index":69,"t":{"273":{"position":[[0,7]]},"275":{"position":[[5,3]]},"277":{"position":[[8,3]]},"279":{"position":[[9,3]]}}}],["login.gov",{"_index":53,"t":{"247":{"position":[[0,9]]}}}],["logingovopt",{"_index":24,"t":{"197":{"position":[[0,15]]}}}],["loginurlparamet",{"_index":25,"t":{"199":{"position":[[0,17]]}}}],["microsoft",{"_index":49,"t":{"243":{"position":[[0,9]]}}}],["middlewar",{"_index":79,"t":{"283":{"position":[[54,10]]},"285":{"position":[[28,10]]}}}],["new",{"_index":7,"t":{"168":{"position":[[32,3]]},"259":{"position":[[9,3]]}}}],["nextcloud",{"_index":54,"t":{"249":{"position":[[0,9]]}}}],["nginx",{"_index":73,"t":{"281":{"position":[[29,5]]},"299":{"position":[[37,5]]}}}],["oauth2",{"_index":86,"t":{"297":{"position":[[17,6]]}}}],["oidc",{"_index":46,"t":{"237":{"position":[[9,4]]}}}],["oidcopt",{"_index":30,"t":{"203":{"position":[[0,11]]}}}],["openid",{"_index":51,"t":{"245":{"position":[[0,6]]}}}],["option",{"_index":10,"t":{"170":{"position":[[8,7]]},"267":{"position":[[13,7]]}}}],["out",{"_index":91,"t":{"303":{"position":[[5,3]]}}}],["paramet",{"_index":26,"t":{"201":{"position":[[2,9]]}}}],["provid",{"_index":31,"t":{"205":{"position":[[0,8]]},"209":{"position":[[0,9]]},"225":{"position":[[12,8]]},"227":{"position":[[11,8]]},"229":{"position":[[10,8]]},"231":{"position":[[14,8]]},"233":{"position":[[12,8]]},"235":{"position":[[14,8]]},"237":{"position":[[19,8]]},"239":{"position":[[12,8]]},"241":{"position":[[14,8]]},"243":{"position":[[19,8]]},"245":{"position":[[15,8]]},"247":{"position":[[10,8]]},"249":{"position":[[10,8]]},"251":{"position":[[18,8]]},"253":{"position":[[15,8]]},"255":{"position":[[11,8]]},"259":{"position":[[13,8]]}}}],["providertyp",{"_index":32,"t":{"207":{"position":[[0,12]]}}}],["proxi",{"_index":87,"t":{"297":{"position":[[24,5]]},"299":{"position":[[25,6]]}}}],["redi",{"_index":84,"t":{"293":{"position":[[0,5]]}}}],["refer",{"_index":11,"t":{"172":{"position":[[14,9]]}}}],["remov",{"_index":9,"t":{"170":{"position":[[0,7]]}}}],["request",{"_index":71,"t":{"277":{"position":[[0,7]]}}}],["respond",{"_index":2,"t":{"162":{"position":[[12,7]]}}}],["revers",{"_index":88,"t":{"299":{"position":[[17,7]]}}}],["secret",{"_index":62,"t":{"263":{"position":[[20,6]]}}}],["secretsourc",{"_index":33,"t":{"211":{"position":[[0,12]]}}}],["secur",{"_index":0,"t":{"160":{"position":[[0,8]]}}}],["server",{"_index":34,"t":{"213":{"position":[[0,6]]}}}],["sign",{"_index":90,"t":{"303":{"position":[[0,4]]}}}],["standard",{"_index":72,"t":{"279":{"position":[[0,8]]}}}],["static",{"_index":82,"t":{"287":{"position":[[17,6]]}}}],["storag",{"_index":83,"t":{"291":{"position":[[7,7]]},"293":{"position":[[6,7]]}}}],["structur",{"_index":8,"t":{"168":{"position":[[36,9]]}}}],["termin",{"_index":85,"t":{"297":{"position":[[0,9]]},"299":{"position":[[0,9]]}}}],["tl",{"_index":35,"t":{"215":{"position":[[0,3]]},"297":{"position":[[10,3]]},"299":{"position":[[10,3]]}}}],["traefik",{"_index":76,"t":{"283":{"position":[[29,7]]}}}],["upstream",{"_index":37,"t":{"219":{"position":[[0,8]]},"269":{"position":[[0,9]]},"287":{"position":[[24,9]]}}}],["upstreamconfig",{"_index":38,"t":{"221":{"position":[[0,14]]}}}],["urlparameterrul",{"_index":36,"t":{"217":{"position":[[0,16]]}}}],["us",{"_index":3,"t":{"166":{"position":[[0,5]]},"281":{"position":[[16,3]]},"283":{"position":[[16,3]]}}}],["v2",{"_index":77,"t":{"283":{"position":[[37,4]]}}}],["valu",{"_index":28,"t":{"201":{"position":[[18,5]]}}}],["variabl",{"_index":68,"t":{"271":{"position":[[12,9]]}}}],["whose",{"_index":27,"t":{"201":{"position":[[12,5]]}}}]],"pipeline":["stemmer"]}},{"documents":[{"i":155,"t":"Choose how to deploy: a. Download Prebuilt Binary (current release is v7.5.0) b. Build with $ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest which will put the binary in $GOPATH/bin c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 tags available) d. Using a Kubernetes manifest (Helm) Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0. $ sha256sum -c sha256sum.txtoauth2-proxy-x.y.z.linux-amd64: OK Select a Provider and Register an OAuth Application with a Provider Configure OAuth2 Proxy using config file, command line options, or environment variables Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)","s":"Installation","u":"/oauth2-proxy/docs/","h":"","p":154},{"i":157,"t":"Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens). If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned) After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) Notice that the proxy also provides a number of useful endpoints.","s":"Behaviour","u":"/oauth2-proxy/docs/behaviour","h":"","p":156},{"i":159,"t":"note OAuth2 Proxy is a community project. Maintainers do not work on this project full time, and as such, while we endeavour to respond to disclosures as quickly as possible, this may take longer than in projects with corporate sponsorship.","s":"Security","u":"/oauth2-proxy/docs/community/security","h":"","p":158},{"i":161,"t":"info If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly. Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintenance team for OAuth2 Proxy, please compose an email and send it to the list of maintainers in our MAINTAINERS file. Please include as much detail as possible. Ideally, your disclosure should include: A reproducible case that can be used to demonstrate the exploit How you discovered this vulnerability A potential fix for the issue (if you have thought of one) Versions affected (if not present in master) Your GitHub ID","s":"Security Disclosures","u":"/oauth2-proxy/docs/community/security","h":"#security-disclosures","p":158},{"i":163,"t":"We use GitHub Security Advisories to privately discuss fixes for disclosed vulnerabilities. If you include a GitHub ID with your disclosure we will add you as a collaborator for the advisory so that you can join the discussion and validate any fixes we may propose. For minor issues and previously disclosed vulnerabilities (typically for dependencies), we may use regular PRs for fixes and forego the security advisory. Once a fix has been agreed upon, we will merge the fix and create a new release. If we have multiple security issues in flight simultaneously, we may delay merging fixes until all patches are ready. We may also backport the fix to previous releases, but this will be at the discretion of the maintainers.","s":"How will we respond to disclosures?","u":"/oauth2-proxy/docs/community/security","h":"#how-will-we-respond-to-disclosures","p":158},{"i":165,"t":"danger This page contains documentation for alpha features. We reserve the right to make breaking changes to the features detailed within this page with no notice. Options described in this page may be changed, removed, renamed or moved without prior warning. Please beware of this before you use alpha configuration options. This page details a set of alpha configuration options in a new format. Going forward we are intending to add structured configuration in YAML format to replace the existing TOML based configuration file and flags. Below is a reference for the structure of the configuration, with AlphaOptions as the root of the configuration. When using alpha configuration, your config file will look something like below: upstreams: - id: ... ...injectRequestHeaders: - name: ... ...injectResponseHeaders: - name: ... ... Please browse the reference below for the structure of the new configuration format.","s":"Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"","p":164},{"i":167,"t":"To use the new alpha configuration, generate a YAML file based on the format described in the reference below. Provide the path to this file using the --alpha-config flag. note When using the --alpha-config flag, some options are no longer available. See removed options below for more information.","s":"Using Alpha Configuration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#using-alpha-configuration","p":164},{"i":169,"t":"Before adding the new --alpha-config option, start OAuth2 Proxy using the convert-config-to-alpha flag to convert existing configuration to the new format. oauth2-proxy --convert-config-to-alpha --config ./path/to/existing/config.cfg This will convert any options supported by the new format to YAML and print the new configuration to STDOUT. Copy this to a new file, remove any options from your existing configuration noted in removed options and then start OAuth2 Proxy using the new config. oauth2-proxy --alpha-config ./path/to/new/config.yaml --config ./path/to/existing/config.cfg","s":"Converting configuration to the new structure","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#converting-configuration-to-the-new-structure","p":164},{"i":171,"t":"The following flags/options and their respective environment variables are no longer available when using alpha configuration: flush-interval/flush_interval pass-host-header/pass_host_header proxy-websockets/proxy_websockets ssl-upstream-insecure-skip-verify/ssl_upstream_insecure_skip_verify upstream/upstreams pass-basic-auth/pass_basic_auth pass-access-token/pass_access_token pass-user-headers/pass_user_headers pass-authorization-header/pass_authorization_header set-basic-auth/set_basic_auth set-xauthrequest/set_xauthrequest set-authorization-header/set_authorization_header prefer-email-to-user/prefer_email_to_user basic-auth-password/basic_auth_password skip-auth-strip-headers/skip_auth_strip_headers client-id/client_id client-secret/client_secret, and client-secret-file/client_secret_file provider provider-display-name/provider_display_name provider-ca-file/provider_ca_files login-url/login_url redeem-url/redeem_url profile-url/profile_url resource validate-url/validate_url scope prompt approval-prompt/approval_prompt acr-values/acr_values user-id-claim/user_id_claim allowed-group/allowed_groups allowed-role/allowed_roles jwt-key/jwt_key jwt-key-file/jwt_key_file pubjwk-url/pubjwk_url and all provider-specific options, i.e. any option whose name includes oidc, azure, bitbucket, github, gitlab, google or keycloak. Attempting to use any of these options via flags or via config when --alpha-config is set will result in an error. info You must remove these options before starting OAuth2 Proxy with --alpha-config","s":"Removed options","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#removed-options","p":164},{"i":174,"t":"(Appears on: Provider) Field Type Description skipScope bool Skip adding the scope parameter in login requestDefault value is 'false'","s":"ADFSOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#adfsoptions","p":164},{"i":176,"t":"AlphaOptions contains alpha structured configuration options. Usage of these options allows users to access alpha features that are not available as part of the primary configuration structure for OAuth2 Proxy. danger The options within this structure are considered alpha. They may change between releases without notice. Field Type Description upstreamConfig UpstreamConfig UpstreamConfig is used to configure upstream servers.Once a user is authenticated, requests to the server will be proxied tothese upstream servers based on the path mappings defined in this list. injectRequestHeaders []Header InjectRequestHeaders is used to configure headers that should be addedto requests to upstream servers.Headers may source values from either the authenticated user's sessionor from a static secret value. injectResponseHeaders []Header InjectResponseHeaders is used to configure headers that should be addedto responses from the proxy.This is typically used when using the proxy as an external authenticationprovider in conjunction with another proxy such as NGINX and itsauth_request module.Headers may source values from either the authenticated user's sessionor from a static secret value. server Server Server is used to configure the HTTP(S) server for the proxy application.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. metricsServer Server MetricsServer is used to configure the HTTP(S) server for metrics.You may choose to run both HTTP and HTTPS servers simultaneously.This can be done by setting the BindAddress and the SecureBindAddress simultaneously.To use the secure server you must configure a TLS certificate and key. providers Providers Providers is used to configure multiple providers.","s":"AlphaOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#alphaoptions","p":164},{"i":178,"t":"(Appears on: Provider) Field Type Description tenant string Tenant directs to a tenant-specific or common (tenant-independent) endpointDefault value is 'common' graphGroupField string GraphGroupField configures the group field to be used when building the groups list from Microsoft GraphDefault value is 'id'","s":"AzureOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#azureoptions","p":164},{"i":180,"t":"(Appears on: Provider) Field Type Description team string Team sets restrict logins to members of this team repository string Repository sets restrict logins to user with access to this repository","s":"BitbucketOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#bitbucketoptions","p":164},{"i":182,"t":"(Appears on: HeaderValue) ClaimSource allows loading a header value from a claim within the session Field Type Description claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"ClaimSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#claimsource","p":164},{"i":184,"t":"(string alias)​ (Appears on: Upstream) Duration is as string representation of a period of time. A duration string is a is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".","s":"Duration","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#duration","p":164},{"i":186,"t":"(Appears on: Provider) Field Type Description org string Org sets restrict logins to members of this organisation team string Team sets restrict logins to members of this team repo string Repo sets restrict logins to collaborators of this repository token string Token is the token to use when verifying repository collaboratorsit must have push access to the repository users []string Users allows users with these usernames to logineven if they do not belong to the specified org and team or collaborators","s":"GitHubOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#githuboptions","p":164},{"i":188,"t":"(Appears on: Provider) Field Type Description group []string Group sets restrict logins to members of this group projects []string Projects restricts logins to members of any of these projects","s":"GitLabOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#gitlaboptions","p":164},{"i":190,"t":"(Appears on: Provider) Field Type Description group []string Groups sets restrict logins to members of this google group adminEmail string AdminEmail is the google admin to impersonate for api calls serviceAccountJson string ServiceAccountJSON is the path to the service account json credentials useApplicationDefaultCredentials bool UseApplicationDefaultCredentials is a boolean whether to use Application Default Credentials instead of a ServiceAccountJSON","s":"GoogleOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#googleoptions","p":164},{"i":192,"t":"(Appears on: AlphaOptions) Header represents an individual header that will be added to a request or response header. Field Type Description name string Name is the header name to be used for this set of values.Names should be unique within a list of Headers. preserveRequestValue bool PreserveRequestValue determines whether any values for this headershould be preserved for the request to the upstream server.This option only applies to injected request headers.Defaults to false (headers that match this header will be stripped). values []HeaderValue Values contains the desired values for this header","s":"Header","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#header","p":164},{"i":194,"t":"(Appears on: Header) HeaderValue represents a single header value and the sources that can make up the header value Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value. claim string Claim is the name of the claim in the session that the value should beloaded from. prefix string Prefix is an optional prefix that will be prepended to the value of theclaim if it is non-empty. basicAuthPassword SecretSource BasicAuthPassword converts this claim into a basic auth header.Note the value of claim will become the basic auth username and thebasicAuthPassword will be used as the password value.","s":"HeaderValue","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#headervalue","p":164},{"i":196,"t":"(Appears on: Provider) Field Type Description groups []string Group enables to restrict login to members of indicated group roles []string Role enables to restrict login to users with role (only available when using the keycloak-oidc provider)","s":"KeycloakOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#keycloakoptions","p":164},{"i":198,"t":"(Appears on: Provider) Field Type Description jwtKey string JWTKey is a private key in PEM format used to sign JWT, jwtKeyFile string JWTKeyFile is a path to the private key file in PEM format used to sign the JWT pubjwkURL string PubJWKURL is the JWK pubkey access endpoint","s":"LoginGovOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#logingovoptions","p":164},{"i":200,"t":"(Appears on: Provider) LoginURLParameter is the configuration for a single query parameter that can be passed through from the /oauth2/start endpoint to the IdP login URL. The \"default\" option specifies the default value or values (if any) that will be passed to the IdP for this parameter, and \"allow\" is a list of options for ways in which this parameter can be set or overridden via the query string to /oauth2/start. If only a default is specified and no \"allow\" then the parameter is effectively fixed - the default value will always be used and anything passed to the start URL will be ignored. If only \"allow\" is specified but no default then the parameter will only be passed on to the IdP if the caller provides it, and no value will be sent otherwise. Examples:","s":"LoginURLParameter","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#loginurlparameter","p":164},{"i":202,"t":"name: organizationdefault:- myorg A parameter that is not passed by default, but may be set to one of a fixed set of values name: promptallow:- value: login- value: consent- value: select_account A parameter that is passed by default but may be overridden by one of a fixed set of values name: promptdefault: [\"login\"]allow:- value: consent- value: select_account A parameter that may be overridden, but only by values that match a regular expression. For example to restrict login_hint to email addresses in your organization's domain: name: login_hintallow:- pattern: '^[^@]*@example\\.com$'# this allows at most one \"@\" sign, and requires \"example.com\" domain. Note that the YAML rules around exactly which characters are allowed and/or require escaping in different types of string literals are convoluted. For regular expressions the single quoted form is simplest as backslash is not considered to be an escape character. Alternatively use the \"chomped block\" format |-: - pattern: |- ^[^@]*@example\\.com$ The hyphen is important, a | block would have a trailing newline character. Field Type Description name string Name specifies the name of the query parameter. default []string (Optional) Default specifies a default value or values that will bepassed to the IdP if not overridden. allow []URLParameterRule (Optional) Allow specifies rules about how the default (if any) may beoverridden via the query string to /oauth2/start. Onlyvalues that match one or more of the allow rules will beforwarded to the IdP.","s":"A parameter whose value is fixed","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"","p":164},{"i":204,"t":"(Appears on: Provider) Field Type Description issuerURL string IssuerURL is the OpenID Connect issuer URLeg: https://accounts.google.com insecureAllowUnverifiedEmail bool InsecureAllowUnverifiedEmail prevents failures if an email address in an id_token is not verifieddefault set to 'false' insecureSkipIssuerVerification bool InsecureSkipIssuerVerification skips verification of ID token issuers. When false, ID Token Issuers must match the OIDC discovery URLdefault set to 'false' insecureSkipNonce bool InsecureSkipNonce skips verifying the ID Token's nonce claim that must matchthe random nonce sent in the initial OAuth flow. Otherwise, the nonce is checkedafter the initial OAuth redeem & subsequent token refreshes.default set to 'true'Warning: In a future release, this will change to 'false' by default for enhanced security. skipDiscovery bool SkipDiscovery allows to skip OIDC discovery and use manually supplied Endpointsdefault set to 'false' jwksURL string JwksURL is the OpenID Connect JWKS URLeg: https://www.googleapis.com/oauth2/v3/certs emailClaim string EmailClaim indicates which claim contains the user email,default set to 'email' groupsClaim string GroupsClaim indicates which claim contains the user groupsdefault set to 'groups' userIDClaim string UserIDClaim indicates which claim contains the user IDdefault set to 'email' audienceClaims []string AudienceClaim allows to define any claim that is verified against the client idBy default aud claim is used for verification. extraAudiences []string ExtraAudiences is a list of additional audiences that are allowedto pass verification in addition to the client id.","s":"OIDCOptions","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#oidcoptions","p":164},{"i":206,"t":"(Appears on: Providers) Provider holds all configuration for a single provider Field Type Description clientID string ClientID is the OAuth Client ID that is defined in the providerThis value is required for all providers. clientSecret string ClientSecret is the OAuth Client Secret that is defined in the providerThis value is required for all providers. clientSecretFile string ClientSecretFile is the name of the filecontaining the OAuth Client Secret, it will be used if ClientSecret is not set. keycloakConfig KeycloakOptions KeycloakConfig holds all configurations for Keycloak provider. azureConfig AzureOptions AzureConfig holds all configurations for Azure provider. ADFSConfig ADFSOptions ADFSConfig holds all configurations for ADFS provider. bitbucketConfig BitbucketOptions BitbucketConfig holds all configurations for Bitbucket provider. githubConfig GitHubOptions GitHubConfig holds all configurations for GitHubC provider. gitlabConfig GitLabOptions GitLabConfig holds all configurations for GitLab provider. googleConfig GoogleOptions GoogleConfig holds all configurations for Google provider. oidcConfig OIDCOptions OIDCConfig holds all configurations for OIDC provideror providers utilize OIDC configurations. loginGovConfig LoginGovOptions LoginGovConfig holds all configurations for LoginGov provider. id string ID should be a unique identifier for the provider.This value is required for all providers. provider ProviderType Type is the OAuth providermust be set from the supported providers group,otherwise 'Google' is set as default name string Name is the providers display nameif set, it will be shown to the users in the login page. caFiles []string CAFiles is a list of paths to CA certificates that should be used when connecting to the provider.If not specified, the default Go trust sources are used instead loginURL string LoginURL is the authentication endpoint loginURLParameters []LoginURLParameter LoginURLParameters defines the parameters that can be passed from the start URL to the IdP login URL redeemURL string RedeemURL is the token redemption endpoint profileURL string ProfileURL is the profile access endpoint resource string ProtectedResource is the resource that is protected (Azure AD and ADFS only) validateURL string ValidateURL is the access token validation endpoint scope string Scope is the OAuth scope specification allowedGroups []string AllowedGroups is a list of restrict logins to members of this group code_challenge_method string The code challenge method","s":"Provider","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#provider","p":164},{"i":208,"t":"(string alias)​ (Appears on: Provider) ProviderType is used to enumerate the different provider type options Valid options are: adfs, azure, bitbucket, digitalocean facebook, github, gitlab, google, keycloak, keycloak-oidc, linkedin, login.gov, nextcloud and oidc.","s":"ProviderType","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providertype","p":164},{"i":210,"t":"([]Provider alias)​ (Appears on: AlphaOptions) Providers is a collection of definitions for providers.","s":"Providers","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#providers","p":164},{"i":212,"t":"(Appears on: ClaimSource, HeaderValue, TLS) SecretSource references an individual secret value. Only one source within the struct should be defined at any time. Field Type Description value []byte Value expects a base64 encoded string value. fromEnv string FromEnv expects the name of an environment variable. fromFile string FromFile expects a path to a file containing the secret value.","s":"SecretSource","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#secretsource","p":164},{"i":214,"t":"(Appears on: AlphaOptions) Server represents the configuration for an HTTP(S) server Field Type Description BindAddress string BindAddress is the address on which to serve traffic.Leave blank or set to \"-\" to disable. SecureBindAddress string SecureBindAddress is the address on which to serve secure traffic.Leave blank or set to \"-\" to disable. TLS TLS TLS contains the information for loading the certificate and key for thesecure traffic and further configuration for the TLS server.","s":"Server","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#server","p":164},{"i":216,"t":"(Appears on: Server) TLS contains the information for loading a TLS certificate and key as well as an optional minimal TLS version that is acceptable. Field Type Description Key SecretSource Key is the TLS key data to use.Typically this will come from a file. Cert SecretSource Cert is the TLS certificate data to use.Typically this will come from a file. MinVersion string MinVersion is the minimal TLS version that is acceptable.E.g. Set to \"TLS1.3\" to select TLS version 1.3 CipherSuites []string CipherSuites is a list of TLS cipher suites that are allowed.E.g.:- TLS_RSA_WITH_RC4_128_SHA- TLS_RSA_WITH_AES_256_GCM_SHA384If not specified, the default Go safe cipher list is used.List of valid cipher suites can be found in the crypto/tls documentation.","s":"TLS","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#tls","p":164},{"i":218,"t":"(Appears on: LoginURLParameter) URLParameterRule represents a rule by which query parameters passed to the /oauth2/start endpoint are checked to determine whether they are valid overrides for the given parameter passed to the IdP's login URL. Either Value or Pattern should be supplied, not both. Field Type Description value string A Value rule matches just this specific value pattern string A Pattern rule gives a regular expression that must be matched bysome substring of the value. The expression is not automaticallyanchored to the start and end of the value, if you want to restrictthe whole parameter value you must anchor it yourself with ^ and $.","s":"URLParameterRule","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#urlparameterrule","p":164},{"i":220,"t":"(Appears on: UpstreamConfig) Upstream represents the configuration for an upstream server. Requests will be proxied to this upstream if the path matches the request path. Field Type Description id string ID should be a unique identifier for the upstream.This value is required for all upstreams. path string Path is used to map requests to the upstream server.The closest match will take precedence and all Paths must be unique.Path can also take a pattern when used with RewriteTarget.Path segments can be captured and matched using regular experessions.Eg:- ^/foo$: Match only the explicit path /foo- ^/bar/$: Match any path prefixed with /bar/- ^/baz/(.*)$: Match any path prefixed with /baz and capture the remaining path for use with RewriteTarget rewriteTarget string RewriteTarget allows users to rewrite the request path before it is sent tothe upstream server.Use the Path to capture segments for reuse within the rewrite target.Eg: With a Path of ^/baz/(.*), a RewriteTarget of /foo/$1 would rewritethe request /baz/abc/123 to /foo/abc/123 before proxying to theupstream server. uri string The URI of the upstream server. This may be an HTTP(S) server of a Filebased URL. It may include a path, in which case all requests will be servedunder that path.Eg:- http://localhost:8080- https://service.localhost- https://service.localhost/path- file://host/pathIf the URI's path is \"/base\" and the incoming request was for \"/dir\",the upstream request will be for \"/base/dir\". insecureSkipTLSVerify bool InsecureSkipTLSVerify will skip TLS verification of upstream HTTPS hosts.This option is insecure and will allow potential Man-In-The-Middle attacksbetweem OAuth2 Proxy and the usptream server.Defaults to false. static bool Static will make all requests to this upstream have a static response.The response will have a body of \"Authenticated\" and a response codematching StaticCode.If StaticCode is not set, the response will return a 200 response. staticCode int StaticCode determines the response code for the Static response.This option can only be used with Static enabled. flushInterval Duration FlushInterval is the period between flushing the response buffer whenstreaming response from the upstream.Defaults to 1 second. passHostHeader bool PassHostHeader determines whether the request host header should be proxiedto the upstream server.Defaults to true. proxyWebSockets bool ProxyWebSockets enables proxying of websockets to upstream serversDefaults to true. timeout Duration Timeout is the maximum duration the server will wait for a response from the upstream server.Defaults to 30 seconds.","s":"Upstream","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstream","p":164},{"i":222,"t":"(Appears on: AlphaOptions) UpstreamConfig is a collection of definitions for upstream servers. Field Type Description proxyRawPath bool ProxyRawPath will pass the raw url path to upstream allowing for url'slike: \"/%2F/\" which would otherwise be redirected to \"/\" upstreams []Upstream Upstreams represents the configuration for the upstream servers.Requests will be proxied to this upstream if the path matches the request path.","s":"UpstreamConfig","u":"/oauth2-proxy/docs/configuration/alpha-config","h":"#upstreamconfig","p":164},{"i":224,"t":"You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on. Valid providers are : Google default Azure ADFS Facebook GitHub Keycloak GitLab LinkedIn Microsoft Azure AD OpenID Connect login.gov Nextcloud DigitalOcean Bitbucket Gitea The provider can be selected using the provider configuration value. Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.","s":"OAuth Provider Configuration","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"","p":223},{"i":226,"t":"For Google, the registration steps are: Create a new project: https://console.developers.google.com/project Choose the new project from the top right project dropdown (only if another project is selected) In the project Dashboard center pane, choose \"APIs & Services\" In the left Nav pane, choose \"Credentials\" In the center pane, choose \"OAuth consent screen\" tab. Fill in \"Product name shown to users\" and hit save. In the center pane, choose \"Credentials\" tab. Open the \"New credentials\" drop down Choose \"OAuth client ID\" Choose \"Web application\" Application name is freeform, choose something appropriate Authorized JavaScript origins is your domain ex: https://internal.yourcompany.com Authorized redirect URIs is the location of oauth2/callback ex: https://internal.yourcompany.com/oauth2/callback Choose \"Create\" Take note of the Client ID and Client Secret It's recommended to refresh sessions on a short interval (1h) with cookie-refresh setting which validates that the account is still authorized. Restrict auth to specific Google groups on your domain. (optional)​ Create a service account and download the json file if you're not using Application Default Credentials / Workload Identity / Workload Identity Federation (recommended). Make note of the Client ID for a future step. Under \"APIs & Auth\", choose APIs. Click on Admin SDK and then Enable API. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account and give the client id from step 2 the following oauth scopes: Using Application Default Credentials (ADC) / Workload Identity / Workload Identity Federation (recommended)​ oauth2-proxy can make use of Application Default Credentials. When deployed within GCP, this means that it can automatically use the service account attached to the resource. When deployed to GKE, ADC can be leveraged through a feature called Workload Identity. Follow Google's guide to set up Workload Identity. When deployed outside of GCP, Workload Identity Federation might be an option. https://www.googleapis.com/auth/admin.directory.group.readonlyhttps://www.googleapis.com/auth/admin.directory.user.readonly Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access. Create or choose an existing administrative email address on the Gmail domain to assign to the google-admin-email flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. Create or choose an existing email group and set that email to the google-group flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the google-service-account-json flag. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).","s":"Google Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#google-auth-provider","p":223},{"i":228,"t":"Add an application: go to https://portal.azure.com, choose Azure Active Directory, select App registrations and then click on New registration. Pick a name, check the supported account type(single-tenant, multi-tenant, etc). In the Redirect URI section create a new Web platform entry for each app that you want to protect by the oauth2 proxy(e.g. https://internal.yourcompanycom/oauth2/callback). Click Register. Next we need to add group read permissions for the app registration, on the API Permissions page of the app, click on Add a permission, select Microsoft Graph, then select Application permissions, then click on Group and select Group.Read.All. Hit Add permissions and then on Grant admin consent (you might need an admin to do this).**IMPORTANT**: Even if this permission is listed with **\"Admin consent required=No\"** the consent might actually be required, due to AAD policies you won't be able to see. If you get a **\"Need admin approval\"** during login, most likely this is what you're missing! Next, if you are planning to use v2.0 Azure Auth endpoint, go to the Manifest page and set \"accessTokenAcceptedVersion\": 2 in the App registration manifest file. On the Certificates & secrets page of the app, add a new client secret and note down the value after hitting Add. Configure the proxy with: for V1 Azure Auth endpoint (Azure Active Directory Endpoints - https://login.microsoftonline.com/common/oauth2/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://sts.windows.net/{tenant-id}/ for V2 Azure Auth endpoint (Microsoft Identity Platform Endpoints - https://login.microsoftonline.com/common/oauth2/v2.0/authorize) --provider=azure --client-id= --client-secret= --azure-tenant={tenant-id} --oidc-issuer-url=https://login.microsoftonline.com/{tenant-id}/v2.0 Notes: When using v2.0 Azure Auth endpoint (https://login.microsoftonline.com/{tenant-id}/v2.0) as --oidc_issuer_url, in conjunction with --resource flag, be sure to append /.default at the end of the resource name. See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope for more details. When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"Azure Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#azure-auth-provider","p":223},{"i":230,"t":"Open the ADFS administration console on your Windows Server and add a new Application Group Provide a name for the integration, select Server Application from the Standalone applications section and click Next Follow the wizard to get the client-id, client-secret and configure the application credentials Configure the proxy with --provider=adfs --client-id= --client-secret= Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.","s":"ADFS Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adfs-auth-provider","p":223},{"i":232,"t":"Create a new FB App from https://developers.facebook.com/ Under FB Login, set your Valid OAuth redirect URIs to https://internal.yourcompany.com/oauth2/callback","s":"Facebook Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#facebook-auth-provider","p":223},{"i":234,"t":"Create a new project: https://github.com/settings/developers Under Authorization callback URL enter the correct url ie https://internal.yourcompany.com/oauth2/callback The GitHub auth provider supports two additional ways to restrict authentication to either organization and optional team level access, or to collaborators of a repository. Restricting by these options is normally accompanied with --email-domain=* NOTE: When --github-user is set, the specified users are allowed to login even if they do not belong to the specified org and team or collaborators. To restrict by organization only, include the following flag: -github-org=\"\": restrict logins to members of this organisation To restrict within an organization to specific teams, include the following flag in addition to -github-org: -github-team=\"\": restrict logins to members of any of these teams (slug), separated by a comma If you would rather restrict access to collaborators of a repository, those users must either have push access to a public repository or any access to a private repository: -github-repo=\"\": restrict logins to collaborators of this repository formatted as orgname/repo If you'd like to allow access to users with read only access to a public repository you will need to provide a token for a user that has write access to the repository. The token must be created with at least the public_repo scope: -github-token=\"\": the token to use when verifying repository collaborators To allow a user to login with their username even if they do not belong to the specified org and team or collaborators, separated by a comma -github-user=\"\": allow logins by username, separated by a comma If you are using GitHub enterprise, make sure you set the following to the appropriate url: -login-url=\"http(s):///login/oauth/authorize\"-redeem-url=\"http(s):///login/oauth/access_token\"-validate-url=\"http(s):///api/v3\"","s":"GitHub Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#github-auth-provider","p":223},{"i":236,"t":"note This is the legacy provider for Keycloak, use Keycloak OIDC Auth Provider if possible. Create new client in your Keycloak realm with Access Type 'confidental' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Make sure you set the following to the appropriate url: --provider=keycloak --client-id= --client-secret= --login-url=\"http(s):///auth/realms//protocol/openid-connect/auth\" --redeem-url=\"http(s):///auth/realms//protocol/openid-connect/token\" --profile-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --validate-url=\"http(s):///auth/realms//protocol/openid-connect/userinfo\" --keycloak-group= --keycloak-group= For group based authorization, the optional --keycloak-group (legacy) or --allowed-group (global standard) flags can be used to specify which groups to limit access to. If these are unset but a groups mapper is set up above in step (3), the provider will still populate the X-Forwarded-Groups header to your upstream server with the groups data in the Keycloak userinfo endpoint response. The group management in keycloak is using a tree. If you create a group named admin in keycloak you should define the 'keycloak-group' value to /admin.","s":"Keycloak Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-auth-provider","p":223},{"i":238,"t":"--provider=keycloak-oidc --client-id= --client-secret= --redirect-url=https://internal.yourcompany.com/oauth2/callback --oidc-issuer-url=https:///auth/realms/ --email-domain= // Validate email domain for users, see option documentation --allowed-role= // Optional, required realm role --allowed-role=: // Optional, required client role --allowed-group= // Optional, requires group client scope --code-challenge-method=S256 // PKCE note Keycloak has updated its admin console and as of version 19.0.0, the new admin console is enabled by default. The legacy admin console has been announced for removal with the release of version 21.0.0. Keycloak legacy admin console Create new client in your Keycloak realm with Access Type 'confidential', Client protocol 'openid-connect' and Valid Redirect URIs 'https://internal.yourcompany.com/oauth2/callback' Take note of the Secret in the credential tab of the client Create a mapper with Mapper Type 'Group Membership' and Token Claim Name 'groups'. Create a mapper with Mapper Type 'Audience' and Included Client Audience and Included Custom Audience set to your client name. Keycloak new admin console (default as of v19.0.0) The following example shows how to create a simple OIDC client using the new Keycloak admin2 console. However, for best practices, it is recommended to consult the Keycloak documentation. The OIDC client must be configured with an audience mapper to include the client's name in the aud claim of the JWT token. The aud claim specifies the intended recipient of the token, and OAuth2 Proxy expects a match against the values of either --client-id or --oidc-extra-audience. In Keycloak, claims are added to JWT tokens through the use of mappers at either the realm level using \"client scopes\" or through \"dedicated\" client mappers. Creating the client Create a new OIDC client in your Keycloak realm by navigating to:Clients -> Create client Client Type 'OpenID Connect' Client ID , please complete the remaining fields as appropriate and click Next. Client authentication 'On' Authentication flow Standard flow 'selected' Direct access grants 'deselect' Save the configuration. Settings / Access settings: Valid redirect URIs https://internal.yourcompany.com/oauth2/callback Save the configuration. Under the Credentials tab you will now be able to locate . Configure a dedicated audience mapper for your client by navigating to Clients -> -> Client scopes. Access the dedicated mappers pane by clicking -dedicated, located under Assigned client scope.(It should have a description of \"Dedicated scope and mappers for this client\") Click Configure a new mapper and select Audience Name 'aud-mapper-' Included Client Audience select from the dropdown. OAuth2 proxy can be set up to pass both the access and ID JWT tokens to your upstream services. If you require additional audience entries, you can use the Included Custom Audience field in addition to the \"Included Client Audience\" dropdown. Note that the \"aud\" claim of a JWT token should be limited and only specify its intended recipients. Add to ID token 'On' Add to access token 'On' - #1916 Save the configuration. Any subsequent dedicated client mappers can be defined by clicking Dedicated scopes -> Add mapper -> By configuration -> Select mapper You should now be able to create a test user in Keycloak and get access to the OAuth2 Proxy instance, make sure to set an email address matching and select Email verified. Authorization OAuth2 Proxy will perform authorization by requiring a valid user, this authorization can be extended to take into account a user's membership in Keycloak groups, realm roles, and client roles using the keycloak-oidc provider options--allowed-role or --allowed-group Roles A standard Keycloak installation comes with the required mappers for realm roles and client roles through the pre-defined client scope \"roles\". This ensures that any roles assigned to a user are included in the JWT tokens when using an OIDC client that has the \"Full scope allowed\" feature activated, the feature is enabled by default. Creating a realm role Navigate to Realm roles -> Create role Role name, -> save Creating a client role Navigate to Clients -> -> Roles -> Create role Role name, -> save Assign a role to a user Users -> Username -> Role mapping -> Assign role -> filter by roles or clients and select -> Assign. Keycloak \"realm roles\" can be authorized using the --allowed-role= option, while \"client roles\" can be evaluated using --allowed-role=:. You may limit the realm roles included in the JWT tokens for any given client by navigating to: Clients -> -> Client scopes -> -dedicated -> Scope Disabling Full scope allowed activates the Assign role option, allowing you to select which roles, if assigned to a user, will be included in the user's JWT tokens. This can be useful when a user has many associated roles, and you want to reduce the size and impact of the JWT token. Groups You may also do authorization on group memberships by using the OAuth2 Proxy option --allowed-group. We will only do a brief description of creating the required client scope groups and refer you to read the Keycloak documentation. To summarize, the steps required to authorize Keycloak group membership with OAuth2 Proxy are as follows: Create a new Client Scope with the name groups in Keycloak. Include a mapper of type Group Membership. Set the \"Token Claim Name\" to groups or customize by matching it to the --oidc-groups-claim option of OAuth2 Proxy. If the \"Full group path\" option is selected, you need to include a \"/\" separator in the group names defined in the --allowed-group option of OAuth2 Proxy. Example: \"/groupname\" or \"/groupname/childgroup\". After creating the Client Scope named groups you will need to attach it to your client. Clients -> -> Client scopes -> Add client scope -> Select groups and choose Optional and you should now have a client that maps group memberships into the JWT tokens so that Oauth2 Proxy may evaluate them. Create a group by navigating to Groups -> Create group and add your test user as a member. The OAuth2 Proxy option --allowed-group=/groupname will now allow you to filter on group membership Keycloak also has the option of attaching roles to groups, please refer to the Keycloak documentation for more information. Tip To check if roles or groups are added to JWT tokens, you can preview a users token in the Keycloak console by following these steps: Clients -> -> Client scopes -> Evaluate. Select a realm user and optional scope parameters such as groups, and generate the JSON representation of an access or id token to examine its contents.","s":"Keycloak OIDC Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#keycloak-oidc-auth-provider","p":223},{"i":240,"t":"This auth provider has been tested against Gitlab version 12.X. Due to Gitlab API changes, it may not work for version prior to 12.X (see 994). Whether you are using GitLab.com or self-hosting GitLab, follow these steps to add an application. Make sure to enable at least the openid, profile and email scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. If you need projects filtering, add the extra read_api scope to your application. The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow these steps --provider=\"gitlab\" --redirect-url=\"https://myapp.com/oauth2/callback\" // Should be the same as the redirect url for the application in gitlab --client-id=GITLAB_CLIENT_ID --client-secret=GITLAB_CLIENT_SECRET --cookie-secret=COOKIE_SECRET Restricting by group membership is possible with the following option: --gitlab-group=\"mygroup,myothergroup\": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: --oidc-issuer-url=\"\" If your self-hosted GitLab is on a sub-directory (e.g. domain.tld/gitlab), as opposed to its own sub-domain (e.g. gitlab.domain.tld), you may need to add a redirect from domain.tld/oauth pointing at e.g. domain.tld/gitlab/oauth.","s":"GitLab Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitlab-auth-provider","p":223},{"i":242,"t":"For LinkedIn, the registration steps are: Create a new project: https://www.linkedin.com/secure/developer In the OAuth User Agreement section: In default scope, select r_basicprofile and r_emailaddress. In \"OAuth 2.0 Redirect URLs\", enter https://internal.yourcompany.com/oauth2/callback Fill in the remaining required fields and Save. Take note of the Consumer Key / API Key and Consumer Secret / Secret Key","s":"LinkedIn Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#linkedin-auth-provider","p":223},{"i":244,"t":"For adding an application to the Microsoft Azure AD follow these steps to add an application. Take note of your TenantId if applicable for your situation. The TenantId can be used to override the default common authorization server with a tenant specific server.","s":"Microsoft Azure AD Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#microsoft-azure-ad-provider","p":223},{"i":246,"t":"OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. The OpenID Connect Provider (OIDC) can also be used to connect to other Identity Providers such as Okta, an example can be found below. Dex​ To configure the OIDC provider for Dex, perform the following steps: Download Dex: go get github.com/dexidp/dex See the getting started guide for more details. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. Add a configuration block to the staticClients section of examples/config-dev.yaml: - id: oauth2-proxyredirectURIs:- 'http://127.0.0.1:4180/oauth2/callback'name: 'oauth2-proxy'secret: proxy Launch Dex: from $GOPATH/github.com/dexidp/dex, run: bin/dex serve examples/config-dev.yaml In a second terminal, run the oauth2-proxy with the following args: -provider oidc-provider-display-name \"My OIDC Provider\"-client-id oauth2-proxy-client-secret proxy-redirect-url http://127.0.0.1:4180/oauth2/callback-oidc-issuer-url http://127.0.0.1:5556/dex-cookie-secure=false-cookie-secret=secret-email-domain kilgore.trout To serve the current working directory as a web site under the /static endpoint, add: -upstream file://$PWD/#/static/ Test the setup by visiting http://127.0.0.1:4180 or http://127.0.0.1:4180/static . See also our local testing environment for a self-contained example using Docker and etcd as storage for Dex. Okta​ To configure the OIDC provider for Okta, perform the following steps: Log in to Okta using an administrative account. It is suggested you try this in preview first, example.oktapreview.com (OPTIONAL) If you want to configure authorization scopes and claims to be passed on to multiple applications, you may wish to configure an authorization server for each application. Otherwise, the provided default will work. Navigate to Security then select API Click Add Authorization Server, if this option is not available you may require an additional license for a custom authorization server. Fill out the Name with something to describe the application you are protecting. e.g. 'Example App'. For Audience, pick the URL of the application you wish to protect: https://example.corp.com Fill out a Description Add any Access Policies you wish to configure to limit application access. The default settings will work for other options. See Okta documentation for more information on Authorization Servers Navigate to Applications then select Add Application. Select Web for the Platform setting. Select OpenID Connect and click Create Pick an Application Name such as Example App. Set the Login redirect URI to https://example.corp.com. Under General set the Allowed grant types to Authorization Code and Refresh Token. Leave the rest as default, taking note of the Client ID and Client Secret. Under Assignments select the users or groups you wish to access your application. Create a configuration file like the following: provider = \"oidc\"redirect_url = \"https://example.corp.com/oauth2/callback\"oidc_issuer_url = \"https://corp.okta.com/oauth2/abCd1234\"upstreams = [ \"https://example.corp.com\"]email_domains = [ \"corp.com\"]client_id = \"XXXXX\"client_secret = \"YYYYY\"pass_access_token = truecookie_secret = \"ZZZZZ\"skip_provider_button = true The oidc_issuer_url is based on URL from your Authorization Server's Issuer field in step 2, or simply https://corp.okta.com . The client_id and client_secret are configured in the application settings. Generate a unique cookie_secret to encrypt the cookie. Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/example.cfg Okta - localhost​ Signup for developer account: https://developer.okta.com/signup/ Create New Web Application: https://${your-okta-domain}/dev/console/apps/new Example Application Settings for localhost: Name: My Web App Base URIs: http://localhost:4180/ Login redirect URIs: http://localhost:4180/oauth2/callback Logout redirect URIs: http://localhost:4180/ Group assignments: Everyone Grant type allowed: Authorization Code and Refresh Token Make note of the Client ID and Client secret, they are needed in a future step Make note of the default Authorization Server Issuer URI from: https://${your-okta-domain}/admin/oauth2/as Example config file /etc/localhost.cfg provider = \"oidc\"redirect_url = \"http://localhost:4180/oauth2/callback\"oidc_issuer_url = \"https://${your-okta-domain}/oauth2/default\"upstreams = [ \"http://0.0.0.0:8080\"]email_domains = [ \"*\"]client_id = \"XXX\"client_secret = \"YYY\"pass_access_token = truecookie_secret = \"ZZZ\"cookie_secure = falseskip_provider_button = true# Note: use the following for testing within a container# http_address = \"0.0.0.0:4180\" Then you can start the oauth2-proxy with ./oauth2-proxy --config /etc/localhost.cfg","s":"OpenID Connect Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#openid-connect-provider","p":223},{"i":248,"t":"login.gov is an OIDC provider for the US Government. If you are a US Government agency, you can contact the login.gov team through the contact information that you can find on https://login.gov/developers/ and work with them to understand how to get login.gov accounts for integration/test and production access. A developer guide is available here: https://developers.login.gov/, though this proxy handles everything but the data you need to create to register your application in the login.gov dashboard. As a demo, we will assume that you are running your application that you want to secure locally on http://localhost:3000/, that you will be starting your proxy up on http://localhost:4180/, and that you have an agency integration account for testing. First, register your application in the dashboard. The important bits are: Identity protocol: make this Openid connect Issuer: do what they say for OpenID Connect. We will refer to this string as ${LOGINGOV_ISSUER}. Public key: This is a self-signed certificate in .pem format generated from a 2048 bit RSA private key. A quick way to do this is openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/C=US/ST=Washington/L=DC/O=GSA/OU=18F/CN=localhost', The contents of the key.pem shall be referred to as ${OAUTH2_PROXY_JWT_KEY}. Return to App URL: Make this be http://localhost:4180/ Redirect URIs: Make this be http://localhost:4180/oauth2/callback. Attribute Bundle: Make sure that email is selected. Now start the proxy up with the following options: ./oauth2-proxy -provider login.gov \\ -client-id=${LOGINGOV_ISSUER} \\ -redirect-url=http://localhost:4180/oauth2/callback \\ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \\ -cookie-secure=false \\ -email-domain=gsa.gov \\ -upstream=http://localhost:3000/ \\ -cookie-secret=somerandomstring12341234567890AB \\ -cookie-domain=localhost \\ -skip-provider-button=true \\ -pubjwk-url=https://idp.int.identitysandbox.gov/api/openid_connect/certs \\ -profile-url=https://idp.int.identitysandbox.gov/api/openid_connect/userinfo \\ -jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\" You can also set all these options with environment variables, for use in cloud/docker environments. One tricky thing that you may encounter is that some cloud environments will pass in environment variables in a docker env-file, which does not allow multiline variables like a PEM file. If you encounter this, then you can create a jwt_signing_key.pem file in the top level directory of the repo which contains the key in PEM format and then do your docker build. The docker build process will copy that file into your image which you can then access by setting the OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem environment variable, or by setting --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem on the commandline. Once it is running, you should be able to go to http://localhost:4180/ in your browser, get authenticated by the login.gov integration server, and then get proxied on to your application running on http://localhost:3000/. In a real deployment, you would secure your application with a firewall or something so that it was only accessible from the proxy, and you would use real hostnames everywhere. Skip OIDC discovery​ Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the --skip-oidc-discovery option, and supply those required endpoints manually: -provider oidc -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 -skip-oidc-discovery -login-url http://127.0.0.1:5556/authorize -redeem-url http://127.0.0.1:5556/token -oidc-jwks-url http://127.0.0.1:5556/keys -cookie-secure=false -email-domain example.com","s":"login.gov Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#logingov-provider","p":223},{"i":250,"t":"The Nextcloud provider allows you to authenticate against users in your Nextcloud instance. When you are using the Nextcloud provider, you must specify the urls via configuration, environment variable, or command line argument. Depending on whether your Nextcloud instance is using pretty urls your urls may be of the form /index.php/apps/oauth2/* or /apps/oauth2/*. Refer to the OAuth2 documentation to setup the client id and client secret. Your \"Redirection URI\" will be https://internalapp.yourcompany.com/oauth2/callback. -provider nextcloud -client-id -client-secret -login-url=\"/index.php/apps/oauth2/authorize\" -redeem-url=\"/index.php/apps/oauth2/api/v1/token\" -validate-url=\"/ocs/v2.php/cloud/user?format=json\" Note: in all cases the validate-url will not have the index.php.","s":"Nextcloud Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#nextcloud-provider","p":223},{"i":252,"t":"Create a new OAuth application You can fill in the name, homepage, and description however you wish. In the \"Application callback URL\" field, enter: https://oauth-proxy/oauth2/callback, substituting oauth2-proxy with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=digitalocean --client-id= --client-secret= Alternatively, set the equivalent options in the config file. The redirect URL defaults to https:///oauth2/callback. If you need to change it, you can use the --redirect-url command-line option.","s":"DigitalOcean Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#digitalocean-auth-provider","p":223},{"i":254,"t":"Add a new OAuth consumer In \"Callback URL\" use https:///oauth2/callback, substituting with the actual hostname that oauth2-proxy is running on. In Permissions section select: Account -> Email Team membership -> Read Repositories -> Read Note the Client ID and Client Secret. To use the provider, pass the following options: --provider=bitbucket --client-id= --client-secret= The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: --bitbucket-team=. To restrict the access to only these users who has access to one selected repository use --bitbucket-repository=.","s":"Bitbucket Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#bitbucket-auth-provider","p":223},{"i":256,"t":"Create a new application: https://< your gitea host >/user/settings/applications Under Redirect URI enter the correct URL i.e. https:///oauth2/callback Note the Client ID and Client Secret. Pass the following options to the proxy: --provider=\"github\" --redirect-url=\"https:///oauth2/callback\" --provider-display-name=\"Gitea\" --client-id=\"< client_id as generated by Gitea >\" --client-secret=\"< client_secret as generated by Gitea >\" --login-url=\"https://< your gitea host >/login/oauth/authorize\" --redeem-url=\"https://< your gitea host >/login/oauth/access_token\" --validate-url=\"https://< your gitea host >/api/v1\"","s":"Gitea Auth Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#gitea-auth-provider","p":223},{"i":258,"t":"To authorize by email domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.","s":"Email Authentication","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#email-authentication","p":223},{"i":260,"t":"Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.","s":"Adding a new Provider","u":"/oauth2-proxy/docs/configuration/oauth_provider","h":"#adding-a-new-provider","p":223},{"i":262,"t":"oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).","s":"Overview","u":"/oauth2-proxy/docs/configuration/overview","h":"","p":261},{"i":264,"t":"To generate a strong cookie secret use one of the below commands: Python Bash OpenSSL PowerShell Terraform python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\\n' | tr -- '+/' '-_'; echo openssl rand -base64 32 | tr -- '+/' '-_' # Add System.Web assembly to session, just in caseAdd-Type -AssemblyName System.Web[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes([System.Web.Security.Membership]::GeneratePassword(32,4))).Replace(\"+\",\"-\").Replace(\"/\",\"_\") # Valid 32 Byte Base64 URL encoding set that will decode to 24 []byte AES-192 secretresource \"random_password\" \"cookie_secret\" { length = 32 override_special = \"-_\"}","s":"Generating a Cookie Secret","u":"/oauth2-proxy/docs/configuration/overview","h":"#generating-a-cookie-secret","p":261},{"i":266,"t":"Every command line argument can be specified in a config file by replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the config option should be plural (trailing s). An example oauth2-proxy.cfg config file is in the contrib directory. It can be used by specifying --config=/etc/oauth2-proxy.cfg","s":"Config File","u":"/oauth2-proxy/docs/configuration/overview","h":"#config-file","p":261},{"i":268,"t":"Option Type Description Default --acr-values string optional, see docs \"\" --api-route string | list return HTTP 401 instead of redirecting to authentication server if token is not valid. Format: path_regex --approval-prompt string OAuth approval_prompt \"force\" --auth-logging bool Log authentication attempts true --auth-logging-format string Template for authentication log lines see Logging Configuration --authenticated-emails-file string authenticate against emails via file (one per line) --azure-tenant string go to a tenant-specific or common (tenant-independent) endpoint. \"common\" --basic-auth-password string the password to set when passing the HTTP Basic Auth header --client-id string the OAuth Client ID, e.g. \"123456.apps.googleusercontent.com\" --client-secret string the OAuth Client Secret --client-secret-file string the file with OAuth Client Secret --code-challenge-method string use PKCE code challenges with the specified method. Either 'plain' or 'S256' (recommended) --config string path to config file --cookie-domain string | list Optional cookie domains to force cookies to (e.g. .yourcompany.com). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). --cookie-expire duration expire timeframe for cookie. If set to 0, cookie becomes a session-cookie which will expire when the browser is closed. 168h0m0s --cookie-httponly bool set HttpOnly cookie flag true --cookie-name string the name of the cookie that the oauth_proxy creates. Should be changed to use a cookie prefix (__Host- or __Secure-) if --cookie-secure is set. \"_oauth2_proxy\" --cookie-path string an optional cookie path to force cookies to (e.g. /poc/) \"/\" --cookie-refresh duration refresh the cookie after this duration; 0 to disable; not supported by all providers [1] --cookie-secret string the seed string for secure cookies (optionally base64 encoded) --cookie-secure bool set secure (HTTPS only) cookie flag true --cookie-samesite string set SameSite cookie attribute (\"lax\", \"strict\", \"none\", or \"\"). \"\" --cookie-csrf-per-request bool Enable having different CSRF cookies per request, making it possible to have parallel requests. false --cookie-csrf-expire duration expire timeframe for CSRF cookie 15m --custom-templates-dir string path to custom html templates --custom-sign-in-logo string path or a URL to an custom image for the sign_in page logo. Use \"-\" to disable default logo. --display-htpasswd-form bool display username / password login form if an htpasswd file is provided true --email-domain string | list authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email --errors-to-info-log bool redirects error-level logging to default log channel instead of stderr false --extra-jwt-issuers string if --skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience (see a token's iss, aud fields) pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json) --exclude-logging-path string comma separated list of paths to exclude from logging, e.g. \"/ping,/path2\" \"\" (no paths excluded) --flush-interval duration period between flushing response buffers when streaming responses \"1s\" --force-https bool enforce https redirect false --force-json-errors bool force JSON errors instead of HTTP error pages or redirects false --banner string custom (html) banner string. Use \"-\" to disable default banner. --footer string custom (html) footer string. Use \"-\" to disable default footer. --github-org string restrict logins to members of this organisation --github-team string restrict logins to members of any of these teams (slug), separated by a comma --github-repo string restrict logins to collaborators of this repository formatted as orgname/repo --github-token string the token to use when verifying repository collaborators (must have push access to the repository) --github-user string | list To allow users to login by username even if they do not belong to the specified org and team or collaborators --gitlab-group string | list restrict logins to members of any of these groups (slug), separated by a comma --gitlab-projects string | list restrict logins to members of any of these projects (may be given multiple times) formatted as orgname/repo=accesslevel. Access level should be a value matching Gitlab access levels, defaulted to 20 if absent --google-admin-email string the google admin to impersonate for api calls --google-group string restrict logins to members of this google group (may be given multiple times). --google-service-account-json string the path to the service account json credentials --google-use-application-default-credentials bool use application default credentials instead of service account json (i.e. GKE Workload Identity) --htpasswd-file string additionally authenticate against a htpasswd file. Entries must be created with htpasswd -B for bcrypt encryption --htpasswd-user-group string | list the groups to be set on sessions for htpasswd users --http-address string [http://]: or unix:// to listen on for HTTP clients. Square brackets are required for ipv6 address, e.g. http://[::1]:4180 \"127.0.0.1:4180\" --https-address string [https://]: to listen on for HTTPS clients. Square brackets are required for ipv6 address, e.g. https://[::1]:443 \":443\" --logging-compress bool Should rotated log files be compressed using gzip false --logging-filename string File to log requests to, empty for stdout \"\" (stdout) --logging-local-time bool Use local time in log files and backup filenames instead of UTC true (local time) --logging-max-age int Maximum number of days to retain old log files 7 --logging-max-backups int Maximum number of old log files to retain; 0 to disable 0 --logging-max-size int Maximum size in megabytes of the log file before rotation 100 --jwt-key string private key in PEM format used to sign JWT, so that you can say something like --jwt-key=\"${OAUTH2_PROXY_JWT_KEY}\": required by login.gov --jwt-key-file string path to the private key file in PEM format used to sign the JWT so that you can say something like --jwt-key-file=/etc/ssl/private/jwt_signing_key.pem: required by login.gov --login-url string Authentication endpoint --insecure-oidc-allow-unverified-email bool don't fail if an email address in an id_token is not verified false --insecure-oidc-skip-issuer-verification bool allow the OIDC issuer URL to differ from the expected (currently required for Azure multi-tenant compatibility) false --insecure-oidc-skip-nonce bool skip verifying the OIDC ID Token's nonce claim true --oidc-issuer-url string the OpenID Connect issuer URL, e.g. \"https://accounts.google.com\" --oidc-jwks-url string OIDC JWKS URI for token verification; required if OIDC discovery is disabled --oidc-email-claim string which OIDC claim contains the user's email \"email\" --oidc-groups-claim string which OIDC claim contains the user groups \"groups\" --oidc-audience-claim string which OIDC claim contains the audience \"aud\" --oidc-extra-audience string | list additional audiences which are allowed to pass verification \"[]\" --pass-access-token bool pass OAuth access_token to upstream via X-Forwarded-Access-Token header. When used with --set-xauthrequest this adds the X-Auth-Request-Access-Token header to the response false --pass-authorization-header bool pass OIDC IDToken to upstream via Authorization Bearer header false --pass-basic-auth bool pass HTTP Basic Auth, X-Forwarded-User, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --prefer-email-to-user bool Prefer to use the Email address as the Username when passing information to upstream. Will only use Username if Email is unavailable, e.g. htaccess authentication. Used in conjunction with --pass-basic-auth and --pass-user-headers false --pass-host-header bool pass the request Host Header to upstream true --pass-user-headers bool pass X-Forwarded-User, X-Forwarded-Groups, X-Forwarded-Email and X-Forwarded-Preferred-Username information to upstream true --profile-url string Profile access endpoint --prompt string OIDC prompt; if present, approval-prompt is ignored \"\" --provider string OAuth provider google --provider-ca-file string | list Paths to CA certificates that should be used when connecting to the provider. If not specified, the default Go trust sources are used instead. --provider-display-name string Override the provider's name with the given string; used for the sign-in page (depends on provider) --ping-path string the ping endpoint that can be used for basic health checks \"/ping\" --ping-user-agent string a User-Agent that can be used for basic health checks \"\" (don't check user agent) --ready-path string the ready endpoint that can be used for deep health checks \"/ready\" --metrics-address string the address prometheus metrics will be scraped from \"\" --proxy-prefix string the url root path that this proxy should be nested under (e.g. //sign_in) \"/oauth2\" --proxy-websockets bool enables WebSocket proxying true --pubjwk-url string JWK pubkey access endpoint: required by login.gov --real-client-ip-header string Header used to determine the real IP of the client, requires --reverse-proxy to be set (one of: X-Forwarded-For, X-Real-IP, or X-ProxyUser-IP) X-Real-IP --redeem-url string Token redemption endpoint --redirect-url string the OAuth Redirect URL, e.g. \"https://internalapp.yourcompany.com/oauth2/callback\" --redis-cluster-connection-urls string | list List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-cluster --redis-connection-url string URL of redis server for redis session storage (e.g. redis://HOST[:PORT]) --redis-insecure-skip-tls-verify bool skip TLS verification when connecting to Redis false --redis-password string Redis password. Applicable for all Redis configurations. Will override any password set in --redis-connection-url --redis-sentinel-password string Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use --redis-password --redis-sentinel-master-name string Redis sentinel master name. Used in conjunction with --redis-use-sentinel --redis-sentinel-connection-urls string | list List of Redis sentinel connection URLs (e.g. redis://HOST[:PORT]). Used in conjunction with --redis-use-sentinel --redis-use-cluster bool Connect to redis cluster. Must set --redis-cluster-connection-urls to use this feature false --redis-use-sentinel bool Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature false --redis-connection-idle-timeout int Redis connection idle timeout seconds. If Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. Exmpale: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14 0 --request-id-header string Request header to use as the request ID in logging X-Request-Id --request-logging bool Log requests true --request-logging-format string Template for request log lines see Logging Configuration --resource string The resource that is protected (Azure AD only) --reverse-proxy bool are we running behind a reverse proxy, controls whether headers like X-Real-IP are accepted and allows X-Forwarded-{Proto,Host,Uri} headers to be used on redirect selection false --scope string OAuth scope specification --session-cookie-minimal bool strip OAuth tokens from cookie session stores if they aren't needed (cookie session store only) false --session-store-type string Session data storage backend; redis or cookie cookie --set-xauthrequest bool set X-Auth-Request-User, X-Auth-Request-Groups, X-Auth-Request-Email and X-Auth-Request-Preferred-Username response headers (useful in Nginx auth_request mode). When used with --pass-access-token, X-Auth-Request-Access-Token is added to response headers. false --set-authorization-header bool set Authorization Bearer response header (useful in Nginx auth_request mode) false --set-basic-auth bool set HTTP Basic Auth information in response (useful in Nginx auth_request mode) false --show-debug-on-error bool show detailed error information on error pages (WARNING: this may contain sensitive information - do not use in production) false --signature-key string GAP-Signature request signature key (algorithm:secretkey) --silence-ping-logging bool disable logging of requests to ping & ready endpoints false --skip-auth-preflight bool will skip authentication for OPTIONS requests false --skip-auth-regex string | list (DEPRECATED for --skip-auth-route) bypass authentication for requests paths that match (may be given multiple times) --skip-auth-route string | list bypass authentication for requests that match the method & path. Format: method=path_regex OR method!=path_regex. For all methods: path_regex OR !=path_regex --skip-auth-strip-headers bool strips X-Forwarded-* style authentication headers & Authorization header if they would be set by oauth2-proxy true --skip-jwt-bearer-tokens bool will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers) false --skip-oidc-discovery bool bypass OIDC endpoint discovery. --login-url, --redeem-url and --oidc-jwks-url must be configured in this case false --skip-provider-button bool will skip sign-in-page to directly reach the next step: oauth/start false --ssl-insecure-skip-verify bool skip validation of certificates presented when using HTTPS providers false --ssl-upstream-insecure-skip-verify bool skip validation of certificates presented when using HTTPS upstreams false --standard-logging bool Log standard runtime information true --standard-logging-format string Template for standard log lines see Logging Configuration --tls-cert-file string path to certificate file --tls-cipher-suite string | list Restricts TLS cipher suites used by server to those listed (e.g. TLS_RSA_WITH_RC4_128_SHA) (may be given multiple times). If not specified, the default Go safe cipher list is used. List of valid cipher suites can be found in the crypto/tls documentation. --tls-key-file string path to private key file --tls-min-version string minimum TLS version that is acceptable, either \"TLS1.2\" or \"TLS1.3\" \"TLS1.2\" --upstream string | list the http url(s) of the upstream endpoint, file:// paths for static files or static:// for static response. Routing is based on the path --upstream-timeout duration maximum amount of time the server will wait for a response from the upstream 30s --allowed-group string | list restrict logins to members of this group (may be given multiple times) --allowed-role string | list restrict logins to users with this role (may be given multiple times). Only works with the keycloak-oidc provider. --validate-url string Access token validation endpoint --version n/a print version string --whitelist-domain string | list allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains (e.g. .example.com, *.example.com) [2] --trusted-ip string | list list of IPs or CIDR ranges to allow to bypass authentication (may be given multiple times). When combined with --reverse-proxy and optionally --real-client-ip-header this will evaluate the trust of the IP stored in an HTTP header by a reverse proxy rather than the layer-3/4 remote address. WARNING: trusting IPs has inherent security flaws, especially when obtaining the IP address from an HTTP header (reverse-proxy mode). Use this option only if you understand the risks and how to manage them. [1]: Only these providers support --cookie-refresh: GitLab, Google and OIDC [2]: When using the whitelist-domain option, any domain prefixed with a . or a *. will allow any subdomain of the specified domain as a valid redirect URL. By default, only empty ports are allowed. This translates to allowing the default port of the URL's protocol (80 for HTTP, 443 for HTTPS, etc.) since browsers omit them. To allow only a specific port, add it to the whitelisted domain: example.com:8080. To allow any port, use *: example.com:*. See below for provider specific options","s":"Command Line Options","u":"/oauth2-proxy/docs/configuration/overview","h":"#command-line-options","p":261},{"i":270,"t":"oauth2-proxy supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as http://127.0.0.1:8080/ for the upstream parameter. This will forward all authenticated requests to the upstream server. If you instead provide http://127.0.0.1:8080/some/path/ then it will only be requests that start with /some/path/ which are forwarded to the upstream. Static file paths are configured as a file:// URL. file:///var/www/static/ will serve the files from that directory at http://[oauth2-proxy url]/var/www/static/, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at, e.g. file:///var/www/static/#/static/ will make /var/www/static/ available at http://[oauth2-proxy url]/static/. Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file. When multiple upstreams are used routing to them will be based on the path they are set up with.","s":"Upstreams Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#upstreams-configuration","p":261},{"i":272,"t":"Every command line argument can be specified as an environment variable by prefixing it with OAUTH2_PROXY_, capitalising it, and replacing hyphens (-) with underscores (_). If the argument can be specified multiple times, the environment variable should be plural (trailing S). This is particularly useful for storing secrets outside of a configuration file or the command line. For example, the --cookie-secret flag becomes OAUTH2_PROXY_COOKIE_SECRET, and the --email-domain flag becomes OAUTH2_PROXY_EMAIL_DOMAINS.","s":"Environment variables","u":"/oauth2-proxy/docs/configuration/overview","h":"#environment-variables","p":261},{"i":274,"t":"By default, OAuth2 Proxy logs all output to stdout. Logging can be configured to output to a rotating log file using the --logging-filename command. If logging to a file you can also configure the maximum file size (--logging-max-size), age (--logging-max-age), max backup logs (--logging-max-backups), and if backup logs should be compressed (--logging-compress). There are three different types of logging: standard, authentication, and HTTP requests. These can each be enabled or disabled with --standard-logging, --auth-logging, and --request-logging. Each type of logging has its own configurable format and variables. By default these formats are similar to the Apache Combined Log. Logging of requests to the /ping endpoint (or using --ping-user-agent) and the /ready endpoint can be disabled with --silence-ping-logging reducing log volume.","s":"Logging Configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#logging-configuration","p":261},{"i":276,"t":"Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] [] The status block will contain one of the below strings: AuthSuccess If a user has authenticated successfully by any method AuthFailure If the user failed to authenticate explicitly AuthError If there was an unexpected error during authentication If you require a different format than that, you can configure it with the --auth-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}} Available variables for auth logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Message Authenticated via OAuth2 The details of the auth attempt. Protocol HTTP/1.0 The request protocol. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request. Status AuthSuccess The status of the auth request. See above for details.","s":"Auth Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#auth-log-format","p":261},{"i":278,"t":"HTTP request logs will output by default in the below format: - - [19/Mar/2015:17:20:19 -0400] GET \"/path/\" HTTP/1.1 \"\" If you require a different format than that, you can configure it with the --request-logging-format flag. The default format is configured as follows: {{.Client}} - {{.RequestID}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}} Available variables for request logging: Variable Example Description Client 74.125.224.72 The client/remote IP address. Will use the X-Real-IP header it if exists & reverse-proxy is set to true. Host domain.com The value of the Host header. Protocol HTTP/1.0 The request protocol. RequestDuration 0.001 The time in seconds that a request took to process. RequestID 00010203-0405-4607-8809-0a0b0c0d0e0f The request ID pulled from the --request-id-header. Random UUID if empty RequestMethod GET The request method. RequestURI \"/oauth2/auth\" The URI path of the request. ResponseSize 12 The size in bytes of the response. StatusCode 200 The HTTP status code of the response. Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. Upstream - The upstream data of the HTTP request. UserAgent - The full user agent as reported by the requesting client. Username username@email.com The email or username of the auth request.","s":"Request Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#request-log-format","p":261},{"i":280,"t":"All other logging that is not covered by the above two types of logging will be output in this standard logging format. This includes configuration information at startup and errors that occur outside of a session. The default format is below: [19/Mar/2015:17:20:19 -0400] [main.go:40] If you require a different format than that, you can configure it with the --standard-logging-format flag. The default format is configured as follows: [{{.Timestamp}}] [{{.File}}] {{.Message}} Available variables for standard logging: Variable Example Description Timestamp 19/Mar/2015:17:20:19 -0400 The date and time of the logging event. File main.go:40 The file and line number of the logging statement. Message HTTP: listening on 127.0.0.1:4180 The details of the log statement.","s":"Standard Log Format","u":"/oauth2-proxy/docs/configuration/overview","h":"#standard-log-format","p":261},{"i":282,"t":"The Nginx auth_request directive allows Nginx to authenticate requests via the oauth2-proxy's /auth endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: server { listen 443 ssl; server_name ...; include ssl/ssl.conf; location /oauth2/ { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; # or, if you are handling multiple domains: # proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; } location = /oauth2/auth { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # nginx auth_request includes headers but not body proxy_set_header Content-Length \"\"; proxy_pass_request_body off; } location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; # pass information via X-User and X-Email headers to backend, # requires running with --set-xauthrequest flag auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; # if you enabled --pass-access-token, this will pass the token to the backend auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb # limit and so the OAuth2 Proxy splits these into multiple parts. # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; # Extract the Cookie attributes from the first Set-Cookie header and append them # to the second part ($upstream_cookie_* variables only contain the raw cookie content) if ($auth_cookie ~* \"(; .*)\") { set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_1 \"auth_cookie_name_1=$auth_cookie_name_upstream_1$1\"; } # Send both Set-Cookie headers now if there was a second part if ($auth_cookie_name_upstream_1) { add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_1; } proxy_pass http://backend/; # or \"root /path/to/site;\" or \"fastcgi_pass ...\" etc }} When you use ingress-nginx in Kubernetes, you MUST use kubernetes/ingress-nginx (which includes the Lua module) and the following configuration snippet for your Ingress. Variables set with auth_request_set are not set-able in plain nginx config when the location is processed via proxy_pass and then may only be processed by Lua. Note that nginxinc/kubernetes-ingress does not include the Lua module. nginx.ingress.kubernetes.io/auth-response-headers: Authorizationnginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uringinx.ingress.kubernetes.io/auth-url: https://$host/oauth2/authnginx.ingress.kubernetes.io/configuration-snippet: | auth_request_set $name_upstream_1 $upstream_cookie_name_1; access_by_lua_block { if ngx.var.name_upstream_1 ~= \"\" then ngx.header[\"Set-Cookie\"] = \"name_1=\" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match(\"(; .*)\") end } It is recommended to use --session-store-type=redis when expecting large sessions/OIDC tokens (e.g. with MS Azure). You have to substitute name with the actual cookie name you configured via --cookie-name parameter. If you don't set a custom cookie name the variable should be \"$upstream_cookie__oauth2_proxy_1\" instead of \"$upstream_cookie_name_1\" and the new cookie-name should be \"_oauth2_proxy_1=\" instead of \"name_1=\".","s":"Configuring for use with the Nginx auth_request directive","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-nginx-auth_request-directive","p":261},{"i":284,"t":"This option requires --reverse-proxy option to be set.","s":"Configuring for use with the Traefik (v2) ForwardAuth middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#configuring-for-use-with-the-traefik-v2-forwardauth-middleware","p":261},{"i":286,"t":"The Traefik v2 ForwardAuth middleware allows Traefik to authenticate requests via the oauth2-proxy's /oauth2/auth endpoint on every request, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the whole request through. For example, on Dynamic File (YAML) Configuration: http: routers: a-service: rule: \"Host(`a-service.example.com`)\" service: a-service-backend middlewares: - oauth-errors - oauth-auth tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth: rule: \"Host(`a-service.example.com`, `oauth.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true oauth-errors: errors: status: - \"401-403\" service: oauth-backend query: \"/oauth2/sign_in\"","s":"ForwardAuth with 401 errors middleware","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-401-errors-middleware","p":261},{"i":288,"t":"Redirect to sign_in functionality provided without the use of errors middleware with Traefik v2 ForwardAuth middleware pointing to oauth2-proxy service's / endpoint Following options need to be set on oauth2-proxy: --upstream=static://202: Configures a static response for authenticated sessions --reverse-proxy=true: Enables the use of X-Forwarded-* headers to determine redirects correctly http: routers: a-service-route-1: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/`)\" service: a-service-backend middlewares: - oauth-auth-redirect # redirects all unauthenticated to oauth2 signin tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" a-service-route-2: rule: \"Host(`a-service.example.com`) && PathPrefix(`/no-auto-redirect`)\" service: a-service-backend middlewares: - oauth-auth-wo-redirect # unauthenticated session will return a 401 tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services-oauth2-route: rule: \"Host(`a-service.example.com`, `b-service.example.com`) && PathPrefix(`/oauth2/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" oauth2-proxy-route: rule: \"Host(`oauth.example.com`) && PathPrefix(`/`)\" middlewares: - auth-headers service: oauth-backend tls: certResolver: default domains: - main: \"example.com\" sans: - \"*.example.com\" services: a-service-backend: loadBalancer: servers: - url: http://172.16.0.2:7555 b-service-backend: loadBalancer: servers: - url: http://172.16.0.3:7555 oauth-backend: loadBalancer: servers: - url: http://172.16.0.1:4180 middlewares: auth-headers: headers: sslRedirect: true stsSeconds: 315360000 browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true sslHost: example.com stsIncludeSubdomains: true stsPreload: true frameDeny: true oauth-auth-redirect: forwardAuth: address: https://oauth.example.com/ trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization oauth-auth-wo-redirect: forwardAuth: address: https://oauth.example.com/oauth2/auth trustForwardHeader: true authResponseHeaders: - X-Auth-Request-Access-Token - Authorization note If you set up your OAuth2 provider to rotate your client secret, you can use the client-secret-file option to reload the secret when it is updated.","s":"ForwardAuth with static upstreams configuration","u":"/oauth2-proxy/docs/configuration/overview","h":"#forwardauth-with-static-upstreams-configuration","p":261},{"i":290,"t":"Sessions allow a user's authentication to be tracked between multiple HTTP requests to a service. The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type): cookie (default) redis","s":"Session Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"","p":289},{"i":292,"t":"The Cookie storage backend is the default backend implementation and has been used in the OAuth2 Proxy historically. With the Cookie storage backend, all session information is stored in client side cookies and transferred with each and every request. The following should be known when using this implementation: Since all state is stored client side, this storage backend means that the OAuth2 Proxy is completely stateless Cookies are signed server side to prevent modification client-side It is mandatory to set a cookie-secret which will ensure data is encrypted within the cookie data. Since multiple requests can be made concurrently to the OAuth2 Proxy, this session implementation cannot lock sessions and while updating and refreshing sessions, there can be conflicts which force users to re-authenticate","s":"Cookie Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#cookie-storage","p":289},{"i":294,"t":"The Redis Storage backend stores sessions, encrypted, in redis. Instead sending all the information back the client for storage, as in the Cookie storage, a ticket is sent back to the user as the cookie value instead. A ticket is composed as the following: {CookieName}-{ticketID}.{secret} Where: The CookieName is the OAuth2 cookie name (_oauth2_proxy by default) The ticketID is a 128 bit random number, hex-encoded The secret is a 128 bit random number, base64url encoded (no padding). The secret is unique for every session. The pair of {CookieName}-{ticketID} comprises a ticket handle, and thus, the redis key to which the session is stored. The encoded session is encrypted with the secret and stored in redis via the SETEX command. Encrypting every session uniquely protects the refresh/access/id tokens stored in the session from disclosure. Additionally the browser only has to send a short Cookie with every request and not the whole JWT, which can get quite big. Two settings are used to configure the OAuth2 Proxy cookie lifetime: --cookie-refresh duration refresh the cookie after this duration; 0 to disable--cookie-expire duration expire timeframe for cookie 168h0m0s The \"cookie-expire\" value should be equal to the lifetime of the Refresh-Token that is issued by the OAuth2 authorization server. If it expires earlier and is deleted by the browser, OAuth2 Proxy cannot find the stored Refresh-Tokens in Redis and thus cannot start the refresh flow to get new Access-Tokens. If it is longer, it might be that the old Refresh-Token will be found in Redis but has already expired. The \"cookie-refresh\" value controls when OAuth2 Proxy tries to refresh an Access-Token. If it is set to \"0\", the Access-Token will never be refreshed, even it is already expired and there would be a valid Refresh-Token in the available. If set, OAuth2 Proxy will refresh the Access-Token after this many seconds even if it is still valid. Of course, it will also be refreshed after it has expired, as long as a Refresh Token is available. Caveat: It can happen that the Access-Token is valid for e.g. \"1m\" and a request happens after exactly \"59s\". It would pass OAuth2 Proxy and be forwarded to the backend but is just expired when the backend tries to validate it. This is especially relevant if the backend uses the JWT to make requests to other backends. For this reason, it's advised to set the cookie-refresh a couple of seconds less than the Access-Token lifespan. Recommended settings: cookie_refresh := Access-Token lifespan - 1m cookie_expire := Refresh-Token lifespan (i.e. Keycloak's client_session_idle) Usage​ When using the redis store, specify --session-store-type=redis as well as the Redis connection URL, via --redis-connection-url=redis://host[:port][/db-number]. You may also configure the store for Redis Sentinel. In this case, you will want to use the --redis-use-sentinel=true flag, as well as configure the flags --redis-sentinel-master-name and --redis-sentinel-connection-urls appropriately. Redis Cluster is available to be the backend store as well. To leverage it, you will need to set the --redis-use-cluster=true flag, and configure the flags --redis-cluster-connection-urls appropriately. Note that flags --redis-use-sentinel=true and --redis-use-cluster=true are mutually exclusive. Note, if Redis timeout option is set to non-zero, the --redis-connection-idle-timeout must be less than Redis timeout option. For example: if either redis.conf includes timeout 15 or using CONFIG SET timeout 15 the --redis-connection-idle-timeout must be at least --redis-connection-idle-timeout=14","s":"Redis Storage","u":"/oauth2-proxy/docs/configuration/session_storage","h":"#redis-storage","p":289},{"i":296,"t":"There are two recommended configurations: At OAuth2 Proxy At Reverse Proxy","s":"TLS Configuration","u":"/oauth2-proxy/docs/configuration/tls","h":"","p":295},{"i":298,"t":"Configure SSL Termination with OAuth2 Proxy by providing a --tls-cert-file=/path/to/cert.pem and --tls-key-file=/path/to/cert.key. The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --tls-cert-file=/path/to/cert.pem \\ --tls-key-file=/path/to/cert.key \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --client-id=... \\ --client-secret=... With this configuration approach the customization of the TLS settings is limited. The minimal acceptable TLS version can be set with --tls-min-version=TLS1.3. The defaults set TLS1.2 as the minimal version. Regardless of the minimum version configured, TLS1.3 is currently always used as the maximal version. TLS server side cipher suites can be specified with --tls-cipher-suite=TLS_RSA_WITH_RC4_128_SHA. If not specified, the defaults from crypto/tls of the currently used go version for building oauth2-proxy will be used. A complete list of valid TLS cipher suite names can be found in crypto/tls.","s":"Terminate TLS at OAuth2 Proxy","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-oauth2-proxy","p":295},{"i":300,"t":"Configure SSL Termination with Nginx (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or ... Because oauth2-proxy listens on 127.0.0.1:4180 by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use --http-address=\"0.0.0.0:4180\" or --http-address=\"http://:4180\". Nginx will listen on port 443 and handle SSL connections while proxying to oauth2-proxy on port 4180. oauth2-proxy will then authenticate requests for an upstream application. The external endpoint for this example would be https://internal.yourcompany.com/. An example Nginx config follows. Note the use of Strict-Transport-Security header to pin requests to SSL via HSTS: server { listen 443 default ssl; server_name internal.yourcompany.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/cert.key; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_connect_timeout 1; proxy_send_timeout 30; proxy_read_timeout 30; }} The command line to run oauth2-proxy in this configuration would look like this: ./oauth2-proxy \\ --email-domain=\"yourcompany.com\" \\ --upstream=http://127.0.0.1:8080/ \\ --cookie-secret=... \\ --cookie-secure=true \\ --provider=... \\ --reverse-proxy=true \\ --client-id=... \\ --client-secret=...","s":"Terminate TLS at Reverse Proxy, e.g. Nginx","u":"/oauth2-proxy/docs/configuration/tls","h":"#terminate-tls-at-reverse-proxy-eg-nginx","p":295},{"i":302,"t":"OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable. /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see robotstxt.org for more info /ping - returns a 200 OK response, which is intended for use with health checks /ready - returns a 200 OK response if all the underlying connections (e.g., Redis store) are connected /metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by --metrics-address, disabled by default /oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies) /oauth2/sign_out - this URL is used to clear the session cookie /oauth2/start - a URL that will redirect to start the OAuth cycle /oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url. /oauth2/userinfo - the URL is used to return user's email from the session in JSON format. /oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the Nginx auth_request directive /oauth2/static/* - stylesheets and other dependencies used in the sign_in and error pages","s":"Endpoints","u":"/oauth2-proxy/docs/features/endpoints","h":"","p":301},{"i":304,"t":"To sign the user out, redirect them to /oauth2/sign_out. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the rd query parameter, i.e. redirect the user to something like (notice the url-encoding!): /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page Alternatively, include the redirect URL in the X-Auth-Request-Redirect header: GET /oauth2/sign_out HTTP/1.1X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page... (The \"sign_out_page\" should be the end_session_endpoint from the metadata if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (my-oidc-provider.example.com in the example) must be added to the --whitelist-domain configuration option otherwise the redirect will be ignored. Make sure to include the actual domain and port (if needed) and not the URL (e.g \"localhost:8081\" instead of \"http://localhost:8081\").","s":"Sign out","u":"/oauth2-proxy/docs/features/endpoints","h":"#sign-out","p":301},{"i":306,"t":"This endpoint returns 202 Accepted response or a 401 Unauthorized response. It can be configured using the following query parameters query parameters: allowed_groups: comma separated list of allowed groups allowed_email_domains: comma separated list of allowed email domains allowed_emails: comma separated list of allowed emails","s":"Auth","u":"/oauth2-proxy/docs/features/endpoints","h":"#auth","p":301}],"index":{"version":"2.3.9","fields":["t"],"fieldVectors":[["t/155",[0,3.013,1,4.647,2,3.53,3,6.62,4,6.62,5,3.013,6,3.968,7,4.497,8,3.53,9,3.243,10,1.297,11,2.389,12,3.914,13,4.497,14,5.921,15,4.497,16,4.497,17,4.497,18,5.153,19,0.491,20,3.53,21,3.53,22,4.497,23,1.209,24,5.921,25,4.497,26,4.497,27,4.497,28,4.497,29,4.497,30,1.988,31,3.914,32,3.914,33,3.914,34,4.497,35,1.511,36,3.914,37,1.995,38,2.823,39,2.516,40,4.497,41,4.497,42,1.192,43,2.823,44,2.171,45,2.659,46,4.497,47,4.497,48,4.497,49,4.497,50,3.914,51,2.076,52,3.243,53,1.759,54,1.83,55,1.004,56,0.917,57,1.759,58,2.171,59,2.171,60,0.95,61,2.389,62,1.907,63,3.716,64,3.914,65,1.568,66,1.759,67,2.516]],["t/157",[10,1.345,19,0.353,23,1.122,42,1.153,53,1.861,55,1.041,65,1.659,68,2.463,69,1.486,70,2.528,71,2.407,72,3.632,73,1.723,74,4.141,75,2.814,76,3.188,77,2.403,78,2.603,79,1.541,80,1.434,81,3.632,82,2.884,83,2.407,84,4.141,85,2.166,86,1.937,87,4.141,88,1.664,89,4.758,90,2.662,91,1.599,92,4.758,93,4.758,94,2.814,95,2.297,96,2.662,97,4.758,98,2.662,99,2.814,100,3.188,101,3.264,102,3.108,103,2.814,104,0.837,105,2.814,106,1.861,107,1.599,108,2.297,109,3.188,110,1.937,111,2.986,112,3.431,113,3.188]],["t/159",[23,1.093,56,1.22,114,1.869,115,5.984,116,4.218,117,4.697,118,3.756,119,4.315,120,2.889,121,3.756,122,5.984,123,5.208,124,4.315,125,5.984,126,3.756,127,3.349,128,4.315,129,5.984,130,5.984]],["t/161",[19,0.368,23,1.154,37,1.497,45,2.938,56,1.288,95,2.399,98,2.781,109,3.33,111,3.119,117,4.957,124,4.554,126,3.119,131,4.969,132,3.964,133,5.497,134,2.399,135,5.268,136,3.583,137,5.45,138,4.325,139,3.735,140,4.969,141,3.735,142,4.969,143,2.64,144,4.325,145,3.119,146,4.969,147,4.969,148,4.969,149,2.938,150,4.325,151,1.61,152,3.9,153,2.107,154,3.049,155,4.969,156,4.969,157,4.969,158,4.969,159,4.969,160,4.969,161,4.325,162,3.583,163,4.969,164,4.969,165,3.9,166,3.9,167,1.497]],["t/163",[6,4.254,19,0.471,35,1.683,111,3.144,117,3.932,124,3.612,133,5.525,137,4.983,138,4.36,139,3.754,143,3.703,145,3.144,154,2.419,162,5.658,167,1.51,168,6.97,169,6.349,170,6.349,171,2.313,172,3.612,173,5.01,174,5.01,175,5.01,176,5.01,177,4.36,178,3.612,179,5.01,180,3.932,181,5.01,182,5.01,183,6.349,184,2.215,185,1.747,186,2.419,187,5.01,188,5.01,189,5.01,190,5.01,191,5.01,192,3.612,193,5.01,194,5.01,195,5.01]],["t/165",[10,1.541,11,2.389,19,0.439,37,1.784,55,1.316,57,1.759,60,1.399,79,1.918,104,0.791,105,2.659,106,1.759,112,3.243,134,2.171,135,4.269,141,3.501,167,1.355,171,2.076,185,2.065,196,3.914,197,4.415,198,1.988,199,2.823,200,4.714,201,3.968,202,4.497,203,3.914,204,1.907,205,4.497,206,3.501,207,3.53,208,2.823,209,4.497,210,4.497,211,3.013,212,3.914,213,3.914,214,3.914,215,3.013,216,2.926,217,3.243,218,5.761,219,3.013,220,3.53,221,3.013,222,4.497,223,2.516,224,1.83,225,3.517,226,3.716,227,2.823,228,3.53,229,3.53,230,2.823,231,3.914,232,3.914,233,4.497]],["t/167",[19,0.546,30,2.5,37,2.062,42,0.958,55,0.958,57,2.677,60,1.446,83,2.861,114,1.766,128,4.077,185,1.972,200,4.931,207,4.438,208,3.549,216,2.5,219,3.789,223,3.164,224,2.785,225,3.636,226,3.549,234,3.549,235,2.301,236,3.549,237,2.73]],["t/169",[19,0.473,23,1.343,37,1.522,44,3.081,55,1.186,56,1.498,57,3.075,60,1.553,108,2.439,114,1.578,185,2.7,200,4.925,208,4.006,215,3.385,216,2.821,219,3.385,221,4.276,224,2.056,238,5.769,239,6.382,240,2.684,241,4.396,242,3.964,243,3.964,244,5.051]],["t/171",[19,0.398,23,0.98,30,1.718,35,1.306,42,1.123,44,1.876,55,0.659,56,0.792,57,2.404,60,1.401,61,2.065,62,1.648,63,2.439,69,2.172,72,3.173,73,1.943,79,1.259,80,1.617,81,3.173,88,1.453,94,2.298,104,1.166,106,1.52,109,2.604,128,2.802,139,2.298,151,1.259,154,1.876,167,1.171,200,4.118,208,2.439,215,2.604,224,1.582,245,1.13,246,3.886,247,3.886,248,3.05,249,3.886,250,1.966,251,3.886,252,3.886,253,3.05,254,3.886,255,3.886,256,4.431,257,3.886,258,1.407,259,3.886,260,3.886,261,2.372,262,3.886,263,3.886,264,3.886,265,3.886,266,3.382,267,3.886,268,3.886,269,3.05,270,3.886,271,1.852,272,3.886,273,3.886,274,1.053,275,3.886,276,2.604,277,3.886,278,3.05,279,3.886,280,1.171,281,3.886,282,2.175,283,3.886,284,2.439,285,3.886,286,2.604,287,3.886,288,1.876,289,3.382,290,3.05,291,3.886,292,3.382,293,3.886,294,3.886,295,3.886,296,3.886,297,3.886,298,1.966,299,3.886,300,3.05,301,3.886,302,2.175,303,3.886,304,1.718,305,2.175,306,2.604,307,2.439,308,2.175,309,2.175,310,3.05,311,2.477,312,3.886,313,2.298]],["t/174",[42,1.045,72,3.645,108,2.976,280,1.858,288,2.976,314,1.858,315,1.669,316,1.449,317,1.556,318,6.164,319,3.645,320,3.118,321,6.164,322,1.997,323,4.131]],["t/176",[0,3.361,6,2.365,19,0.561,23,1.226,30,1.56,42,1.077,55,1.282,56,0.72,60,1.233,67,1.975,68,1.816,80,1.064,85,1.758,88,1.358,104,0.883,106,2.282,107,2.597,110,2.586,112,2.545,121,2.215,134,1.704,143,2.665,144,4.365,153,1.496,177,3.072,186,1.704,196,3.072,198,1.56,200,3.91,201,2.365,206,2.087,211,2.365,218,5.078,223,1.975,227,2.215,231,4.365,232,4.365,235,1.437,258,1.278,274,1.358,298,2.538,315,0.956,316,0.83,317,0.891,322,2.058,324,3.072,325,3.072,326,3.53,327,3.072,328,2.545,329,4.58,330,3.53,331,3.53,332,2.77,333,2.087,334,5.016,335,3.53,336,3.148,337,3.361,338,5.016,339,3.148,340,1.704,341,3.53,342,3.072,343,3.53,344,2.77,345,2.77,346,3.53,347,3.53,348,3.617,349,3.53,350,2.538,351,3.617,352,2.933,353,5.016,354,4.365,355,4.365,356,5.016,357,2.665,358,2.966,359,5.016,360,3.53]],["t/178",[9,4.115,19,0.423,42,0.967,55,0.967,153,2.419,167,1.72,302,3.193,314,1.72,315,1.864,316,1.342,317,1.44,322,2.229,361,5.531,362,2.001,363,4.115,364,5.401,365,4.966,366,5.707,367,6.881,368,2.801,369,4.115,370,5.707]],["t/180",[42,1.009,88,1.613,104,1.242,149,4.449,258,2.156,280,2.127,314,1.795,315,1.613,316,1.4,317,1.503,362,2.052,371,3.259,372,2.749,373,5.041]],["t/182",[19,0.391,60,1.113,73,2.372,77,2.563,79,1.706,80,1.587,110,2.144,134,2.543,238,4.134,256,4.724,314,1.587,315,1.427,316,1.239,317,1.329,322,2.486,362,1.905,374,3.798,375,4.584,376,3.798,377,4.378,378,4.584,379,4.476,380,4.584,381,4.584,382,3.798,383,3.529,384,5.702,385,3.798,386,4.584,387,3.798,388,2.947,389,4.584,390,4.134]],["t/184",[10,1.227,35,1.883,43,3.517,60,1.184,106,2.191,113,3.754,120,3.286,121,3.517,126,3.517,314,1.688,362,2.131,391,4.397,392,4.907,393,4.876,394,4.397,395,3.135,396,5.603,397,5.603,398,5.603,399,6.805,400,5.603,401,5.603,402,5.603,403,5.603,404,5.603,405,5.341,406,4.876,407,5.603,408,5.603]],["t/186",[19,0.386,38,3.264,42,0.881,80,1.567,82,3.006,88,1.92,104,1.248,149,4.392,172,4.686,258,1.883,280,2.137,314,1.567,315,1.408,316,1.223,317,1.312,362,2.223,371,3.273,372,3,373,4.751,388,2.91,409,5.565,410,4.081,411,4.686,412,5.2,413,4.081,414,5.2,415,4.081,416,2.034]],["t/188",[42,1.019,104,1.058,116,4.227,280,2.139,314,1.812,315,1.629,316,1.414,317,1.518,362,2.064,368,3.075,371,3.277,372,3.277]],["t/190",[19,0.404,42,0.924,54,2.22,104,0.96,235,2.22,280,1.643,308,3.746,314,1.643,315,1.477,316,1.282,317,1.376,319,3.225,362,2.106,368,2.948,371,2.518,372,2.518,417,6.694,418,3.225,419,4.28,420,3.225,421,4.28,422,7.243,423,3.225,424,3.052,425,3.655,426,4.202,427,6.694,428,5.454,429,3.225,430,1.376,431,3.225]],["t/192",[19,0.384,60,1.094,68,2.562,71,2.62,79,2.292,104,0.911,106,2.025,108,2.5,110,3.253,134,2.5,153,2.195,198,2.289,227,3.25,269,4.064,314,1.56,315,1.402,316,1.218,317,1.307,319,3.062,322,2.402,323,3.47,340,2.5,362,1.506,374,3.734,429,3.062,432,3.25,433,4.064,434,5.178,435,3.47,436,6.482,437,3.47,438,5.178,439,5.178,440,5.178,441,5.178,442,5.178,443,5.178,444,5.178]],["t/194",[19,0.351,37,1.428,60,1.002,61,2.518,62,2.009,73,2.219,77,1.854,79,1.985,110,2.764,198,2.095,204,2.009,235,1.929,238,3.72,256,4.418,274,1.284,314,1.428,315,1.284,316,1.114,317,1.196,322,2.592,336,2.975,362,2.161,374,3.417,377,4.159,378,4.125,379,4.262,380,4.125,381,4.125,382,3.417,383,3.176,384,5.333,385,3.417,386,4.125,387,3.417,388,2.652,389,4.125,390,3.72,432,2.975,445,3.417,446,2.803,447,3.417,448,4.55,449,3.417,450,2.975,451,5.333,452,5.333]],["t/196",[19,0.431,30,2.571,42,1.179,88,1.575,280,2.097,304,2.571,309,3.254,314,1.752,315,1.575,316,1.367,317,1.467,362,2.023,368,3.031,371,3.213,372,2.684,453,3.697,454,5.06,455,5.845]],["t/198",[19,0.506,37,1.696,42,0.954,65,1.963,81,4.035,145,4.283,216,3.017,235,2.291,258,2.038,298,3.452,314,1.696,315,1.524,316,1.323,317,1.42,362,2.135,395,3.818,456,6.824,457,5.356,458,6.824,459,6.824,460,4.058,461,4.898]],["t/200",[19,0.371,42,1.076,44,2.419,55,0.849,60,1.342,65,1.747,66,1.959,69,2.289,70,2.662,80,2.1,104,0.882,153,2.124,162,3.612,280,1.51,311,2.313,314,1.51,320,3.825,322,2.374,362,1.457,416,2.726,430,1.908,445,3.612,462,3.932,463,3.985,464,4.578,465,5.47,466,1.846,467,3.932,468,4.36,469,5.01,470,4.36,471,5.01,472,3.932,473,5.01,474,3.612,475,3.357]],["t/202",[10,1.508,19,0.28,60,1.112,66,1.478,69,1.644,71,2.662,79,2.369,80,2.075,86,2.142,95,3.161,104,1.066,114,1.18,151,1.224,162,3.795,178,3.795,216,1.671,219,2.532,236,2.372,280,1.139,311,1.744,315,1.023,316,1.237,317,0.954,320,3.313,322,2.485,327,3.289,362,1.904,371,1.744,395,2.115,416,2.368,430,1.799,445,2.725,463,3.303,464,2.725,465,4.13,468,5.27,476,3.779,477,3.779,478,3.779,479,4.13,480,5.263,481,3.779,482,3.779,483,4.58,484,3.779,485,1.744,486,3.779,487,2.058,488,3.779,489,4.13,490,5.263,491,2.532,492,4.366,493,3.779,494,3.289,495,6.055,496,3.779,497,5.263,498,2.115,499,3.779,500,3.779,501,3.779,502,2.966,503,3.779,504,3.779,505,2.966,506,3.779,507,4.13,508,2.966,509,2.966,510,2.966,511,3.779,512,3.779,513,3.289,514,3.779,515,3.779,516,3.779]],["t/204",[6,2.428,10,0.794,19,0.379,38,3.207,39,2.027,42,0.614,53,1.999,69,1.132,71,1.833,72,3.5,80,1.54,82,2.509,88,1.603,104,1.272,143,1.925,151,1.917,153,1.536,167,1.937,198,2.617,206,2.142,271,1.54,282,2.027,304,2.259,314,1.092,315,0.981,316,0.852,317,0.914,319,3.801,323,4.542,333,2.142,362,2.102,368,1.475,377,3.936,430,1.289,454,5.151,460,2.612,474,2.612,475,2.428,485,1.673,517,5.11,518,3.022,519,2.585,520,3.5,521,5.11,522,3.153,523,5.11,524,3.153,525,3.623,526,3.153,527,3.623,528,5.11,529,4.646,530,3.684,531,3.623,532,5.11,533,3.153,534,5.151,535,3.623,536,2.612,537,4.447,538,2.844,539,3.623,540,3.153,541,3.623,542,3.623,543,2.844,544,3.623,545,5.11,546,2.844,547,2.612,548,3.623,549,5.11,550,3.623,551,5.11,552,3.623,553,5.11,554,3.623,555,5.11,556,3.623,557,5.11,558,3.623,559,2.844,560,5.11,561,3.022,562,2.612,563,3.623]],["t/206",[11,1.612,19,0.397,35,1.019,42,1.331,44,1.465,53,2.471,55,1.256,65,2.064,69,0.948,79,1.734,82,1.905,85,0.914,86,2.179,88,0.822,104,1.042,108,1.465,153,1.905,167,1.613,197,1.904,235,1.235,240,1.612,258,1.627,271,1.613,274,1.217,276,2.033,278,2.381,280,1.613,284,1.904,286,3.011,288,2.584,302,1.697,304,1.987,305,2.515,306,2.033,307,1.904,308,2.515,309,1.697,314,0.914,315,0.822,316,1.057,317,0.766,320,1.535,322,1.734,333,3.165,336,1.904,358,1.794,362,2.224,368,1.235,371,1.4,372,1.4,416,1.187,430,1.134,431,1.794,435,2.033,445,2.187,462,4.201,465,2.381,466,1.307,519,1.535,564,7.308,565,4.494,566,4.494,567,5.353,568,4.494,569,3.034,570,4.494,571,3.034,572,4.494,573,3.034,574,4.494,575,3.034,576,3.24,577,4.494,578,3.034,579,4.494,580,3.034,581,3.034,582,4.494,583,3.034,584,4.494,585,3.034,586,4.494,587,3.034,588,3.034,589,3.034,590,4.494,591,3.034,592,3.034,593,2.64,594,3.034,595,2.64,596,3.034,597,3.034,598,3.034,599,2.64,600,4.494,601,3.034,602,2.64,603,4.494,604,4.494,605,2.64,606,4.494,607,3.034,608,2.033,609,4.494,610,4.494,611,3.034,612,1.904,613,2.381,614,2.187]],["t/208",[19,0.429,35,1.945,42,1.176,60,1.466,139,3.422,304,3.068,305,3.238,306,3.878,307,3.632,308,3.238,309,3.883,314,1.744,316,1.361,362,1.683,391,4.542,498,3.238,576,4.173,595,5.037,615,5.787,616,5.037,617,5.037,618,4.542,619,4.173,620,4.542]],["t/210",[42,1.313,227,4.01,314,1.925,391,5.014,621,5.56,622,5.56]],["t/212",[37,1.636,61,2.885,62,2.302,79,1.759,95,2.621,120,2.621,134,2.621,198,2.4,226,3.408,235,2.21,274,1.808,314,1.636,315,1.471,316,1.277,317,1.37,322,2.508,333,3.211,336,3.408,357,2.885,362,2.102,374,3.915,375,4.725,385,3.915,433,4.262,447,3.915,448,4.844,449,3.915,450,3.408,451,5.81,452,5.81,623,5.43]],["t/214",[10,1.639,55,1.116,104,1.159,107,2.406,143,2.823,198,2.349,227,3.335,237,2.565,298,2.688,314,1.601,315,1.439,316,1.249,317,1.341,348,3.831,354,5.732,355,5.732,357,3.976,358,3.141,362,1.915,376,3.831,432,3.335,485,3.041,624,4.749,625,6.586,626,6.586,627,4.134,628,5.312,629,5.312,630,5.312]],["t/216",[11,2.548,35,1.611,37,1.86,45,4.038,51,2.214,60,1.013,96,2.683,104,0.844,107,1.611,132,3.01,153,2.617,198,2.12,199,3.01,237,2.315,298,3.647,314,1.445,315,1.299,316,1.128,317,1.21,357,4.182,358,3.651,362,1.795,376,3.457,385,4.451,416,1.875,430,1.21,631,3.763,632,4.845,633,3.651,634,6.173,635,5.373,636,4.845,637,6.173,638,4.795,639,3.763,640,4.795,641,6.173,642,5.359,643,4.845,644,4.795,645,4.173,646,4.795,647,4.173,648,4.795,649,3.763]],["t/218",[10,1.394,35,1.69,44,2.429,65,1.754,69,1.988,71,3.22,75,2.975,178,3.627,280,1.516,302,2.815,314,1.516,315,1.362,316,1.183,317,1.269,320,3.533,322,2.544,351,3.627,362,1.851,429,2.975,432,3.157,437,3.371,462,3.948,463,3.157,464,3.627,466,1.463,483,5.539,489,5.48,492,5.035,513,4.378,547,3.627,650,3.948,651,3.948,652,5.03,653,4.378,654,5.03,655,5.03,656,5.03,657,3.627,658,2.815,659,5.03,660,3.948,661,5.03,662,5.03]],["t/220",[19,0.465,23,1.071,55,0.504,56,0.606,60,0.936,68,2.634,71,3.324,72,1.759,80,1.335,85,0.896,86,1.211,88,0.806,98,1.665,101,1.581,104,0.524,106,2.954,107,2.106,110,1.211,127,2.478,134,1.436,154,1.436,161,2.589,167,1.335,178,2.145,204,1.261,215,2.968,223,1.665,235,3.103,248,2.335,250,1.505,253,2.335,314,0.896,315,0.806,316,0.7,317,0.751,319,3.466,322,0.964,323,1.993,328,2.145,329,2.335,332,2.335,339,3.934,340,3.376,348,2.145,352,1.373,357,1.581,362,1.704,379,2.78,392,3.815,394,2.335,429,1.759,432,1.867,435,1.993,437,2.968,453,2.353,466,0.865,474,2.145,489,2.335,529,2.335,593,2.589,612,1.867,663,2.975,664,2.975,665,2.975,666,2.589,667,2.975,668,2.975,669,4.429,670,5.291,671,2.975,672,4.429,673,2.975,674,4.429,675,5.291,676,2.335,677,5.862,678,4.429,679,2.975,680,2.975,681,2.975,682,2.975,683,2.975,684,2.975,685,2.975,686,2.975,687,2.975,688,2.045,689,2.975,690,2.975,691,2.975,692,2.975,693,2.975,694,2.975,695,2.975,696,2.975,697,2.975,698,2.975,699,2.975,700,4.429,701,2.975,702,2.975,703,2.975,704,2.975,705,2.975,706,5.291,707,2.975,708,2.589,709,2.975,710,2.975,711,5.291,712,2.335,713,2.589,714,2.975,715,4.429,716,2.589,717,2.975,718,2.975,719,1.993,720,2.78,721,4.429,722,2.975,723,2.619,724,4.429,725,2.589,726,2.975,727,3.476,728,2.335,729,2.589,730,2.335]],["t/222",[10,1.216,23,1.014,55,0.941,68,2.01,69,1.734,71,2.809,80,1.673,91,1.866,106,3.138,107,1.866,227,3.485,235,2.971,314,1.673,315,1.504,316,1.306,317,1.401,319,3.283,329,4.358,432,3.485,466,1.614,475,3.72,621,4.832,622,4.832,731,6.768,732,4.832,733,5.552,734,5.552,735,5.552]],["t/224",[5,3.413,10,1.115,19,0.378,23,0.93,35,1.711,42,1.335,51,2.351,52,3.672,53,1.992,54,2.073,55,1.087,56,1.038,91,1.711,108,2.459,114,1.591,135,3.672,139,3.793,217,3.672,240,3.408,305,3.589,306,3.413,307,3.197,308,3.589,309,2.85,322,1.65,345,3.997,350,2.576,369,3.672,377,3.589,430,1.285,487,1.992,518,3.793,519,3.245,576,3.672,616,4.432,617,4.432,618,3.997,619,3.672,620,3.997,736,2.159,737,5.093,738,4.432,739,5.093]],["t/226",[0,4.822,1,3.745,2,3.058,10,1.453,19,0.399,23,0.872,35,0.844,37,1.62,39,2.18,42,0.426,51,1.16,53,1.866,54,2.368,56,0.973,60,0.823,69,0.785,70,1.335,73,1.411,75,2.304,77,0.983,78,0.91,79,1.262,82,1.065,83,1.271,85,0.757,88,1.292,91,0.844,104,0.946,114,1.679,116,3.255,120,1.213,127,1.406,134,1.213,136,1.812,151,1.884,153,1.065,167,1.62,180,1.972,184,2.572,185,1.664,186,1.213,201,1.684,203,2.187,204,2.023,221,2.611,224,2.188,230,1.577,235,1.023,245,1.563,258,0.91,261,2.109,271,1.854,274,0.681,286,1.684,288,1.213,302,1.406,308,3.255,345,1.972,368,2.505,371,1.16,372,1.16,418,3.179,419,1.972,420,3.44,421,3.058,423,3.179,424,3.008,425,3.197,426,3.863,430,1.204,446,1.486,453,2.07,479,1.972,485,1.16,487,1.866,498,1.406,537,2.187,543,1.972,599,2.187,653,2.187,688,1.16,719,1.684,740,1.972,741,3.248,742,2.513,743,2.187,744,2.187,745,2.187,746,4.771,747,4.678,748,2.513,749,2.513,750,2.513,751,3.058,752,1.812,753,1.972,754,2.187,755,1.972,756,2.513,757,3.391,758,1.972,759,2.513,760,1.577,761,2.513,762,2.187,763,3.896,764,2.187,765,1.812,766,2.187,767,1.577,768,2.187,769,2.995,770,2.995,771,2.187,772,2.187,773,2.513,774,1.812,775,2.187,776,5.587,777,4.302,778,4.771,779,1.486,780,1.684,781,3.896,782,2.513,783,2.513,784,2.513,785,1.684,786,3.896,787,3.896,788,2.187,789,2.187,790,2.187,791,2.187,792,2.187,793,2.513,794,1.972,795,1.972,796,2.513,797,2.513,798,1.972,799,2.513,800,1.972,801,2.513,802,2.187,803,2.187,804,1.812,805,2.187,806,1.972,807,1.684,808,2.513,809,2.513]],["t/228",[0,1.979,10,0.647,11,2.341,19,0.391,23,0.54,33,3.834,37,0.89,42,0.501,43,1.854,51,2.696,52,2.13,54,1.793,55,0.501,56,0.602,65,2.285,67,2.465,69,0.923,70,1.569,73,2.262,75,1.747,77,1.723,78,1.595,79,1.427,83,2.229,86,1.202,87,2.57,91,0.992,102,1.494,103,1.747,104,0.52,114,1.376,141,1.747,153,1.252,167,1.883,171,3.025,184,1.306,185,1.837,197,3.307,224,1.202,236,1.854,240,1.569,271,1.883,274,1.193,280,0.89,286,2.952,288,1.426,290,2.318,304,1.948,305,3.991,322,0.957,344,2.318,358,1.747,361,3.176,368,1.793,369,3.176,418,3.454,420,1.747,424,1.653,430,1.112,479,4.135,520,2.605,608,1.979,657,2.13,658,1.653,688,1.363,736,2.234,740,4.584,741,2.955,754,3.834,757,2.57,758,2.318,775,2.57,777,1.979,780,3.914,785,1.979,802,3.834,806,5.328,807,1.979,810,2.953,811,3.834,812,2.765,813,4.391,814,2.57,815,2.953,816,2.57,817,2.318,818,1.979,819,3.458,820,2.318,821,2.953,822,2.953,823,3.176,824,2.953,825,2.953,826,2.318,827,2.953,828,2.13,829,2.953,830,1.979,831,2.57,832,2.953,833,2.57,834,2.953,835,2.57,836,2.953,837,4.405,838,2.953,839,2.953,840,2.953,841,4.405,842,3.834,843,3.458,844,3.834,845,4.405,846,2.953,847,2.318,848,2.953,849,2.953,850,4.405,851,2.953,852,2.57,853,1.747,854,2.57,855,2.953,856,2.953,857,2.953,858,2.953,859,2.13,860,2.318,861,2.57,862,2.318,863,2.57,864,2.57,865,2.13,866,1.747,867,2.57]],["t/230",[19,0.364,23,0.897,42,1.062,51,2.267,54,2.961,55,1.062,67,3.507,69,1.534,70,2.609,73,1.778,77,2.452,78,2.269,79,1.59,102,2.484,103,2.903,107,2.106,114,1.534,136,3.54,167,1.889,171,2.267,185,1.712,245,1.428,271,2.192,274,1.33,368,1.998,426,3.082,576,4.519,741,3.171,780,3.29,798,3.853,818,3.29,823,3.54,842,4.273,843,4.919,844,4.273,859,3.54,860,3.853,861,4.273,862,3.853,863,4.273,864,4.273,865,3.54,866,2.903,867,4.273,868,4.273,869,4.91,870,4.273,871,4.91,872,4.91,873,4.91]],["t/232",[35,2.082,53,2.423,91,2.082,104,1.09,184,2.739,185,2.16,280,1.867,688,2.86,767,3.889,779,3.663,813,4.151,874,7.225,875,6.195]],["t/234",[19,0.37,35,1.176,38,2.197,42,0.845,60,1.054,73,1.267,80,1.907,82,2.683,85,1.055,88,1.938,104,0.877,114,1.093,116,1.958,134,1.69,139,4.562,145,2.197,149,4.112,151,1.134,154,2.407,172,5.014,184,2.204,185,1.22,204,1.484,216,1.547,224,2.029,240,1.859,245,1.689,258,2.591,261,1.547,280,2.156,282,1.958,288,1.69,302,1.958,371,3.377,372,2.301,373,4.902,388,2.79,409,4.967,410,2.747,411,2.523,413,2.747,415,3.913,416,2.271,466,1.689,467,2.747,487,1.369,561,2.948,736,1.484,760,2.197,767,2.197,779,2.069,807,2.345,828,3.595,853,2.069,876,3.499,877,2.345,878,2.523,879,2.747,880,3.499,881,2.523,882,5.807,883,2.523,884,3.046,885,3.499,886,2.747,887,3.645,888,3.891,889,2.747,890,4.339,891,3.046,892,3.499,893,3.499,894,3.499,895,3.499,896,5.807,897,3.499,898,3.499,899,3.499]],["t/236",[19,0.456,35,1.807,42,1.043,60,0.824,65,1.36,73,1.412,79,1.742,80,1.175,82,1.653,91,1.31,104,0.946,105,2.305,106,1.525,107,1.31,110,1.587,114,1.68,126,2.447,127,2.182,184,2.934,185,1.36,204,1.653,223,2.182,224,1.587,245,1.134,258,1.947,261,1.724,271,2,274,1.456,280,1.175,282,2.182,284,2.447,304,1.724,309,4.32,316,1.264,322,1.263,333,2.305,340,1.882,368,3.2,377,2.182,416,1.525,418,3.18,426,2.447,446,2.305,466,1.134,633,2.305,688,1.8,741,1.972,751,3.06,760,2.447,767,2.447,774,2.811,843,3.06,853,2.305,900,4.68,901,3.393,902,3.899,903,5.357,904,2.811,905,3.393,906,3.06,907,3.393,908,3.393,909,6.636,910,5.776,911,6.636,912,3.899,913,3.899,914,5.378,915,3.899,916,3.899,917,3.899,918,2.612,919,2.612,920,3.899,921,3.06,922,3.899,923,2.182,924,3.899,925,3.06,926,3.899]],["t/238",[0,0.877,6,0.877,10,1.641,12,1.138,19,0.411,23,1.013,35,1.21,38,0.821,39,0.732,42,0.222,45,1.344,51,2.56,55,0.814,56,1.131,60,1.332,66,0.889,69,0.409,70,1.602,71,1.525,75,0.774,79,2.109,80,1.863,81,3.279,82,2.76,83,0.662,85,0.685,86,2.071,88,1.553,91,1.013,104,0.787,106,0.512,108,1.097,114,0.942,119,2.173,121,0.821,127,1.272,135,1.639,151,1.167,154,2.768,167,1.932,171,1.883,184,2.878,185,1.675,199,2.261,201,1.523,204,0.555,208,0.821,217,1.639,226,1.427,234,0.821,235,0.532,236,0.821,237,0.632,245,0.876,258,1.842,261,1.977,271,2.347,274,0.816,288,3.143,304,2.357,309,3.741,315,0.616,316,0.959,317,0.574,320,0.662,322,0.424,332,1.784,333,1.782,337,1.523,351,0.943,363,0.943,368,2.919,372,0.604,377,2.688,388,0.732,393,1.138,416,0.889,418,2.411,423,0.774,424,0.732,425,0.877,426,1.427,430,0.761,446,0.774,448,0.877,453,1.208,455,5.882,485,0.604,487,0.512,518,1.344,519,1.15,520,0.774,538,1.784,540,1.138,559,2.827,561,1.344,562,4.134,612,0.821,613,1.027,627,0.821,635,1.138,651,1.027,658,0.732,676,1.027,688,1.049,736,0.964,741,1.15,744,1.978,747,1.138,751,1.784,755,3.201,760,0.821,765,1.639,767,1.427,769,0.821,779,1.344,780,2.413,790,1.978,800,3.771,804,0.943,807,0.877,811,1.978,820,1.027,823,0.943,826,1.027,853,0.774,868,4.181,883,0.943,887,0.821,900,1.978,901,5.264,903,5.666,904,3.464,905,1.138,907,1.138,908,5.484,910,1.138,918,1.523,919,1.523,927,1.308,928,1.308,929,1.308,930,1.308,931,2.273,932,1.308,933,2.273,934,1.308,935,1.308,936,1.138,937,1.027,938,1.308,939,1.308,940,1.308,941,1.308,942,0.877,943,2.02,944,1.308,945,1.138,946,1.308,947,1.308,948,1.308,949,1.308,950,1.308,951,2.273,952,1.027,953,5.088,954,3.892,955,1.308,956,1.027,957,1.308,958,2.827,959,1.308,960,1.308,961,1.639,962,1.138,963,1.138,964,1.308,965,1.308,966,1.027,967,1.978,968,2.623,969,1.308,970,1.027,971,1.308,972,1.138,973,0.943,974,1.308,975,1.308,976,1.308,977,1.308,978,1.308,979,1.308,980,1.308,981,1.138,982,1.308,983,1.027]],["t/240",[10,0.873,19,0.405,39,2.231,42,0.676,45,3.229,53,1.559,54,2.727,57,1.559,60,0.843,73,1.444,78,1.977,83,2.017,91,2.251,104,1.096,116,2.231,118,3.428,126,2.503,151,1.292,171,2.875,204,2.315,206,2.358,212,3.47,245,2.041,250,3.151,271,1.646,274,1.08,280,1.201,284,2.503,288,2.637,304,1.763,307,4.743,368,2.223,371,2.521,372,1.841,420,2.358,429,2.358,453,2.118,466,2.041,487,1.559,518,2.358,520,2.358,736,2.315,741,2.763,760,2.503,812,2.503,831,3.47,853,3.229,886,3.129,887,2.503,888,2.672,904,2.875,952,3.129,961,2.875,966,3.129,967,3.47,984,5.461,985,3.987,986,3.987,987,4.889,988,3.749,989,3.987,990,3.987,991,3.987,992,3.987,993,3.987,994,3.987,995,3.987,996,3.987,997,3.987,998,3.987,999,3.47,1000,5.461,1001,3.987,1002,3.987,1003,3.987,1004,3.987,1005,3.47,1006,3.987]],["t/242",[10,1.474,51,2.54,53,2.633,86,2.24,88,1.49,91,1.849,114,1.719,116,3.079,127,3.079,184,2.433,185,1.919,274,1.823,288,2.657,298,3.679,315,1.49,420,3.254,430,1.389,466,1.6,618,4.319,676,4.319,740,4.319,741,2.784,752,3.968,755,4.319,767,3.454,818,3.687,878,3.968,1007,5.503,1008,5.503,1009,5.503,1010,5.503,1011,4.789,1012,5.858]],["t/244",[19,0.437,54,3.05,107,2.358,108,3.389,114,1.843,127,3.3,171,2.723,245,1.715,261,2.608,302,3.3,305,3.3,361,4.253,364,4.629,369,4.253,430,1.488,650,4.629,741,2.984,1013,7.019,1014,5.898]],["t/246",[2,1.505,5,1.285,10,1.692,11,1.019,19,0.405,20,1.505,23,1.138,30,0.848,37,0.946,39,1.073,42,1.156,43,1.204,44,1.925,51,2.348,53,0.75,54,2.727,55,1.02,56,1.27,57,1.56,60,0.843,61,1.019,65,0.669,66,2.255,69,0.599,78,1.444,79,1.493,80,0.946,82,1.331,83,2.018,86,0.781,88,0.519,90,1.073,91,1.549,104,0.961,106,0.75,107,1.709,114,1.44,116,1.073,118,2.503,121,1.971,127,1.073,132,1.204,134,0.926,136,1.383,141,1.134,143,1.019,151,0.621,167,1.389,171,2.348,184,1.763,185,0.669,186,0.926,198,1.388,199,1.204,204,1.331,207,1.505,223,1.757,225,1.019,230,1.204,234,1.971,236,1.971,237,0.926,245,1.479,258,1.444,261,2.754,271,1.646,274,1.08,276,1.285,280,0.946,288,0.926,304,2.415,315,0.519,316,0.738,317,0.484,336,1.204,339,1.204,350,1.589,368,1.278,377,1.073,420,1.134,424,1.757,430,1.284,435,1.285,466,1.34,475,1.285,487,0.75,507,1.505,518,2.358,519,2.332,520,2.358,543,1.505,561,1.134,562,1.383,608,2.104,612,1.971,624,2.264,658,1.073,688,2.348,720,1.204,723,1.857,736,0.813,741,2.332,752,2.264,758,3.618,762,1.669,770,1.971,777,2.104,779,2.358,780,2.104,785,1.285,794,1.505,798,1.505,800,2.465,812,1.204,813,2.672,814,2.733,818,1.285,819,1.505,826,2.465,833,1.669,852,1.669,865,1.383,866,1.134,877,1.285,879,1.505,919,1.285,943,1.285,954,2.733,961,2.875,963,2.733,970,1.505,981,1.669,987,1.505,988,1.073,1011,1.669,1015,1.918,1016,1.918,1017,1.918,1018,1.918,1019,1.918,1020,5.462,1021,6.229,1022,1.918,1023,1.918,1024,2.733,1025,1.383,1026,1.918,1027,3.14,1028,3.14,1029,1.918,1030,1.918,1031,1.918,1032,1.918,1033,1.918,1034,1.918,1035,1.505,1036,1.918,1037,1.669,1038,1.918,1039,1.669,1040,1.918,1041,1.918,1042,1.918,1043,1.918,1044,1.918,1045,1.505,1046,1.918,1047,1.505,1048,1.918,1049,1.918,1050,1.669,1051,1.505,1052,1.918,1053,4.012,1054,1.918,1055,2.264,1056,3.14,1057,1.918,1058,1.918,1059,3.14,1060,1.918,1061,1.918,1062,1.918,1063,1.918,1064,1.918,1065,1.918,1066,3.14,1067,1.918,1068,1.918,1069,1.669,1070,1.918,1071,2.733,1072,1.669,1073,1.669,1074,1.383,1075,1.918,1076,3.14,1077,1.918,1078,1.669,1079,1.918,1080,3.988,1081,1.918,1082,2.733,1083,1.669,1084,1.918,1085,1.669,1086,1.918,1087,3.14,1088,1.918,1089,1.918,1090,1.918,1091,1.918,1092,1.918,1093,1.918,1094,1.918,1095,1.918,1096,1.918]],["t/248",[1,1.949,9,2.783,10,1.572,11,1.319,19,0.286,20,3.716,21,1.949,23,1.24,30,1.098,37,1.609,42,0.98,44,1.863,51,1.146,52,2.783,54,2.354,56,0.965,60,1.001,61,3.073,62,2.264,65,1.346,69,0.776,70,1.319,72,3.158,78,1.934,80,0.748,81,2.282,82,1.053,85,0.748,86,1.011,91,1.591,95,1.199,98,1.389,101,1.319,104,0.94,107,0.834,118,1.558,143,2.051,145,1.558,149,1.468,151,1.534,167,0.748,180,1.949,184,1.706,198,1.098,204,2.264,216,1.706,226,2.423,230,1.558,234,1.558,237,1.199,240,1.319,243,1.949,245,0.722,258,1.714,261,1.098,271,1.427,274,0.672,280,0.748,282,1.389,284,1.558,298,2.702,300,1.949,304,3,311,1.146,350,2.395,358,1.468,362,0.722,395,1.389,411,1.79,424,2.16,446,2.282,457,3.716,460,2.783,466,1.858,467,1.949,487,0.971,491,1.664,509,1.949,518,2.282,519,1.953,520,3.158,530,3.851,546,1.949,547,1.79,619,4.415,633,1.468,658,1.389,688,1.782,736,1.053,743,2.161,745,3.359,753,1.949,777,1.664,794,1.949,812,1.558,813,1.664,853,1.468,859,1.79,870,3.359,883,1.79,889,1.949,890,2.161,942,1.664,958,1.949,961,1.79,983,1.949,987,1.949,1037,2.161,1039,3.359,1047,1.949,1051,1.949,1055,1.79,1069,2.161,1078,2.161,1082,4.121,1083,2.161,1097,3.86,1098,3.86,1099,3.86,1100,2.483,1101,2.161,1102,2.483,1103,2.483,1104,2.483,1105,2.483,1106,1.79,1107,2.483,1108,2.483,1109,2.483,1110,3.86,1111,3.359,1112,2.483,1113,2.483,1114,2.483,1115,2.483,1116,2.161,1117,2.483,1118,2.483,1119,2.483,1120,2.483,1121,2.483,1122,3.86,1123,2.483,1124,2.161,1125,2.483,1126,2.161,1127,2.483,1128,2.483,1129,2.483,1130,2.483,1131,1.949,1132,2.483,1133,2.483,1134,2.483,1135,2.483,1136,2.483,1137,2.483,1138,2.483,1139,2.483,1140,2.483,1141,2.483,1142,2.483,1143,2.161,1144,2.483,1145,2.483,1146,2.483,1147,3.86,1148,2.161,1149,2.483,1150,2.483,1151,2.483,1152,1.949,1153,2.483,1154,2.161,1155,2.483,1156,1.949,1157,2.423,1158,2.483,1159,1.949,1160,2.483,1161,2.483,1162,1.79,1163,2.161,1164,2.483,1165,2.483,1166,2.483,1167,2.483]],["t/250",[19,0.461,35,2.09,39,2.715,42,1.164,55,0.822,56,0.989,58,2.342,59,2.342,61,2.578,62,2.057,80,1.462,85,1.462,88,1.314,91,1.63,98,2.715,111,3.045,114,1.516,167,1.874,199,3.045,226,3.045,271,2.182,274,1.685,280,1.462,282,2.715,311,2.24,416,1.898,418,3.678,429,2.869,466,2.106,502,3.808,620,6.305,688,2.24,804,4.485,999,5.975,1024,4.222,1168,3.808,1169,4.852,1170,4.852,1171,4.852,1172,4.222,1173,4.852,1174,4.852,1175,4.852,1176,4.852]],["t/252",[19,0.462,23,1.139,37,1.468,42,0.826,53,1.905,54,2.538,55,0.826,56,1.402,57,1.905,58,2.352,59,2.352,60,1.454,69,1.522,71,2.464,76,3.264,79,1.578,91,2.311,104,0.857,114,1.522,167,1.879,184,2.153,185,1.699,206,2.88,245,1.416,250,2.464,271,2.185,274,1.689,315,1.319,317,1.229,350,2.464,430,1.229,466,2.18,505,3.823,736,2.065,752,3.512,830,3.264,877,3.264,878,3.512,906,3.823,1053,4.239,1159,3.823,1177,4.871,1178,4.871,1179,4.871,1180,3.823,1181,4.871,1182,4.239,1183,4.871,1184,4.871,1185,4.871]],["t/254",[10,1.484,19,0.531,23,1.117,42,0.8,51,2.822,53,1.847,55,1.036,56,1.246,60,1.292,69,1.475,79,1.98,80,1.423,85,1.423,88,1.279,95,2.279,114,1.475,149,3.614,151,1.529,167,1.842,171,2.18,185,1.646,245,1.373,258,2.454,271,2.16,274,1.655,306,4.542,350,2.389,371,2.822,372,2.18,373,4.096,424,3.42,430,1.192,466,1.373,561,2.792,806,3.706,807,4.096,818,3.164,830,3.164,877,3.164,904,3.404,906,3.706,1012,4.109,1085,4.109,1159,3.706,1180,3.706,1182,4.109,1186,4.721,1187,4.721,1188,4.721,1189,4.721,1190,4.721]],["t/256",[10,1.398,23,0.923,35,1.697,42,0.856,54,2.056,60,1.067,69,1.578,91,2.144,94,2.987,114,1.578,167,1.923,184,2.233,185,1.761,234,4.006,245,1.469,250,3.718,271,2.215,274,1.728,276,3.385,280,1.522,282,2.826,352,2.332,466,1.469,688,2.332,738,6.737,779,2.987,878,3.642,879,3.964,1071,4.396,1072,4.396,1191,5.051,1192,5.051,1193,6.382,1194,5.051,1195,5.051,1196,5.051,1197,6.996,1198,5.051,1199,5.051,1200,5.051]],["t/258",[19,0.556,59,2.848,85,1.777,95,2.848,151,2.63,261,3.313,433,4.629,485,3.24,487,2.745,1201,5.898,1202,5.898,1203,5.133]],["t/260",[19,0.45,23,1.109,42,1.286,56,1.238,66,2.375,80,1.83,98,3.398,171,2.803,185,2.645,245,1.766,333,3.591,804,4.379,1204,6.073,1205,6.073]],["t/262",[23,1.062,37,2.097,55,1.179,56,1.185,57,2.274,58,3.36,59,3.36,60,1.471,61,3.957,62,3.157,94,3.438,104,1.023,311,2.684,666,5.06,1206,5.815,1207,5.815,1208,6.959]],["t/264",[10,1.789,18,4.078,19,0.347,31,4.078,35,1.574,58,2.262,77,1.833,78,1.697,95,2.262,104,0.825,171,2.163,225,2.489,234,2.941,274,1.269,316,1.102,447,4.385,449,4.869,450,2.941,466,1.362,509,3.677,1073,4.078,1116,5.293,1209,4.685,1210,6.082,1211,4.685,1212,4.685,1213,4.685,1214,4.685,1215,4.685,1216,4.685,1217,4.685,1218,4.685,1219,4.685,1220,4.685,1221,6.753,1222,4.685,1223,5.3,1224,4.685,1225,4.685,1226,6.753,1227,4.685,1228,4.685,1229,4.685,1230,4.685,1231,4.685,1232,4.685,1233,4.685,1234,4.685,1235,4.685,1236,4.685,1237,4.685,1238,4.685,1239,4.078,1240,4.685]],["t/266",[10,1.503,19,0.421,37,2.068,56,1.158,57,2.884,58,2.743,59,2.743,60,1.2,66,2.222,120,2.743,186,2.743,220,4.458,405,4.458,416,2.884,508,4.458,510,4.458,812,3.565,1168,5.386,1223,4.458,1241,4.944,1242,4.944,1243,6.862,1244,5.68,1245,5.68]],["t/268",[5,0.389,8,0.455,10,1.464,11,0.815,19,0.507,21,0.455,23,0.698,35,0.973,37,1.626,38,1.818,39,0.608,42,0.709,45,1.142,51,0.268,53,1.33,54,0.625,55,0.442,56,0.222,57,0.6,59,0.933,60,0.847,63,0.682,64,0.505,65,1.333,67,0.859,68,2.014,69,1.446,71,1.319,72,3.08,73,1.849,74,0.505,75,1.142,77,1.236,78,2.244,79,0.938,80,1.353,81,2.37,82,1.963,83,1.319,84,1.991,85,1.395,86,1.286,88,1.216,90,3.467,91,1.142,94,0.343,95,0.741,96,0.608,98,0.325,99,0.343,101,0.308,102,0.977,103,3.722,104,0.933,105,2.26,106,1.568,107,0.649,108,0.525,109,0.389,110,2.264,111,0.364,113,0.729,116,0.608,118,0.364,120,1.935,126,0.364,132,0.364,139,1.353,141,0.343,143,1.215,145,0.963,149,0.907,151,1.542,153,2.423,154,0.28,165,1.204,166,1.204,167,0.873,171,0.502,172,1.106,184,0.481,186,1.525,192,1.393,197,1.436,198,0.854,199,0.364,201,0.729,204,0.246,206,0.343,213,0.946,215,0.389,216,1.503,223,0.325,224,0.442,225,0.308,228,0.455,230,0.682,235,2.078,237,1.398,240,0.578,241,0.505,242,0.853,248,0.853,250,0.776,253,2.046,256,2.451,258,1.384,261,1.011,266,1.991,269,1.204,271,1.208,274,0.62,276,1.028,278,0.853,280,1.208,282,0.608,284,0.682,286,0.729,288,0.525,289,1.681,290,0.853,292,0.505,298,1.72,300,0.455,302,1.081,304,2.385,305,0.859,307,1.213,308,1.768,309,0.325,310,0.455,311,0.892,313,1.868,315,0.157,316,0.256,317,0.146,319,3.8,322,0.352,323,3.78,328,0.418,336,0.364,337,0.389,339,0.682,340,1.641,344,1.516,350,0.293,352,2.307,357,1.679,358,1.142,361,1.393,362,2.188,364,0.853,365,0.505,368,1.702,371,1.569,372,1.204,373,1.028,377,1.621,379,1.213,382,0.418,383,0.729,387,0.418,388,1.621,390,2.841,392,1.88,394,0.455,395,1.28,409,0.853,410,0.455,411,0.418,413,0.455,415,0.455,416,1.02,418,0.643,419,0.455,420,0.643,421,0.455,423,0.907,424,0.859,425,1.533,426,0.963,429,0.343,430,1.012,431,1.542,437,0.389,448,0.389,449,0.418,450,0.364,453,0.578,455,0.853,457,0.853,460,1.393,461,0.505,466,1.662,472,0.455,485,1.671,487,1.635,491,1.028,498,0.608,502,0.853,518,0.343,519,2.528,520,1.713,522,0.505,526,0.505,529,1.516,530,1.106,533,0.946,534,0.946,559,1.204,561,0.343,562,1.393,602,1.681,605,0.505,608,0.389,612,0.682,613,0.853,614,1.393,619,1.106,627,1.818,631,0.853,632,0.455,633,0.343,636,0.455,639,0.455,642,1.516,643,1.204,645,0.505,647,0.505,649,0.455,650,0.853,651,2.668,688,0.268,713,1.681,716,0.505,719,0.729,720,0.364,723,2.472,725,0.946,727,2.668,728,1.516,729,0.505,730,0.455,736,0.461,741,0.293,753,0.455,769,0.364,770,0.963,772,0.505,776,0.505,777,0.389,779,0.343,785,0.729,791,0.505,816,0.505,817,0.455,820,0.455,823,0.418,828,0.418,866,0.643,883,1.106,886,0.853,887,0.963,888,1.028,889,0.455,891,0.505,918,1.295,923,2.968,925,0.455,936,0.505,942,0.389,943,1.747,945,0.946,952,1.795,962,0.505,968,0.505,973,0.784,988,2.513,1025,1.393,1047,1.204,1074,0.418,1101,0.505,1124,0.505,1126,0.505,1131,0.455,1143,0.505,1154,0.505,1156,0.853,1157,1.637,1162,0.418,1172,0.505,1203,1.335,1246,0.58,1247,1.516,1248,1.534,1249,0.58,1250,2.269,1251,2.287,1252,0.58,1253,0.505,1254,0.58,1255,0.58,1256,0.58,1257,0.58,1258,1.991,1259,0.946,1260,1.991,1261,0.58,1262,0.505,1263,1.087,1264,0.58,1265,0.58,1266,0.58,1267,0.505,1268,0.58,1269,0.58,1270,1.087,1271,0.58,1272,0.505,1273,0.58,1274,1.932,1275,0.505,1276,0.58,1277,0.58,1278,0.58,1279,1.534,1280,1.534,1281,0.455,1282,2.897,1283,0.58,1284,0.58,1285,0.58,1286,0.58,1287,0.505,1288,0.58,1289,0.58,1290,1.534,1291,0.58,1292,0.58,1293,0.58,1294,0.58,1295,1.534,1296,1.534,1297,0.58,1298,0.58,1299,0.58,1300,0.505,1301,0.58,1302,0.58,1303,0.58,1304,0.784,1305,1.087,1306,1.087,1307,1.087,1308,0.58,1309,0.455,1310,0.58,1311,0.58,1312,0.853,1313,0.946,1314,0.853,1315,0.58,1316,0.946,1317,0.946,1318,0.58,1319,1.204,1320,0.505,1321,1.087,1322,0.946,1323,0.58,1324,0.58,1325,0.58,1326,0.58,1327,0.946,1328,0.505,1329,0.58,1330,0.58,1331,0.946,1332,0.58,1333,0.58,1334,0.58,1335,2.046,1336,1.335,1337,1.028,1338,0.58,1339,0.946,1340,0.505,1341,0.505,1342,0.58,1343,0.58,1344,2.686,1345,1.542,1346,0.58,1347,2.269,1348,1.534,1349,3.639,1350,1.991,1351,0.505,1352,0.505,1353,0.58,1354,0.505,1355,0.946,1356,0.505,1357,0.505,1358,0.58,1359,0.58,1360,0.343,1361,1.204,1362,1.932,1363,0.58,1364,0.58,1365,1.534,1366,0.58,1367,0.58,1368,0.505,1369,0.58,1370,0.58,1371,1.932,1372,0.58,1373,0.58,1374,0.58,1375,0.58,1376,0.505,1377,0.58,1378,0.58,1379,0.58,1380,0.505,1381,0.505,1382,0.946,1383,0.58,1384,0.58,1385,0.58,1386,0.58,1387,1.335,1388,1.087,1389,0.58,1390,0.58,1391,0.505,1392,0.58,1393,0.58,1394,0.58,1395,0.58,1396,0.58,1397,0.505,1398,0.58,1399,0.58,1400,0.58,1401,0.58,1402,0.58,1403,0.58,1404,0.58]],["t/270",[19,0.427,23,1.184,30,2.865,37,2.318,42,1.172,44,2.08,55,1.172,56,0.878,57,1.685,60,0.91,68,2.346,69,1.346,85,1.298,104,0.758,105,3.403,106,3.009,107,1.934,108,2.08,120,2.08,121,2.704,153,2.44,186,3.339,204,1.826,223,2.411,235,2.815,240,2.289,320,3.278,322,1.396,339,3.612,348,3.106,352,2.657,416,1.685,431,2.548,446,2.548,466,1.884,547,4.149,624,4.149,658,2.411,812,2.704,887,2.704,888,2.887,988,2.411,1247,3.381,1275,3.749,1405,4.308,1406,4.308,1407,4.308,1408,4.308,1409,4.308,1410,5.755,1411,4.308,1412,5.755,1413,4.308,1414,4.308,1415,4.308]],["t/272",[10,1.454,19,0.399,37,1.622,55,0.912,58,3.206,59,3.206,61,3.528,62,2.815,66,2.105,78,1.949,102,2.723,120,2.599,151,1.743,186,2.599,220,4.224,224,2.703,274,1.798,379,3.378,387,4.788,405,4.224,416,2.597,487,2.105,508,4.224,510,4.224,795,4.224,1168,5.211,1223,4.224,1241,4.684,1242,4.684,1416,5.382,1417,5.382,1418,5.382,1419,5.382,1420,5.382]],["t/274",[10,1.539,19,0.438,23,0.819,37,1.991,43,3.708,55,1.12,56,0.913,58,2.163,62,1.9,65,2.06,68,2.393,73,1.622,85,1.35,88,1.214,90,4.632,192,3.231,216,2.611,242,3.517,316,1.389,352,2.068,430,1.491,453,2.381,498,2.507,627,3.708,728,3.517,918,3.958,972,3.899,973,4.259,1313,5.141,1314,3.517,1316,3.899,1317,5.751,1319,5.513,1320,5.141,1335,5.186,1337,3.002,1368,3.899,1391,3.899,1421,4.259,1422,4.481,1423,4.481,1424,4.481,1425,4.481]],["t/276",[10,0.81,19,0.274,23,0.676,30,1.635,55,0.879,56,0.754,62,2.198,66,1.447,68,2.687,73,2.473,83,1.872,85,2.134,86,1.506,88,1.757,90,3.962,95,1.786,104,0.651,110,2.436,119,2.667,120,1.786,141,3.066,151,1.68,167,1.804,198,2.292,216,2.868,221,2.479,224,1.506,225,2.755,245,1.076,250,2.623,271,1.804,310,4.069,311,1.708,313,2.188,317,0.934,322,1.198,362,1.076,383,2.479,388,3.63,430,1.308,485,2.394,498,2.07,507,2.903,536,2.667,614,3.739,723,2.188,835,3.22,921,2.903,923,2.07,942,3.474,1157,2.322,1328,3.22,1337,2.479,1344,3.474,1345,2.188,1421,2.667,1426,3.699,1427,3.22,1428,3.22,1429,4.069,1430,4.069,1431,5.361,1432,5.21,1433,5.185,1434,3.699,1435,3.699,1436,3.699,1437,3.699,1438,3.699,1439,4.512,1440,4.069,1441,3.22,1442,3.22,1443,3.22,1444,3.22,1445,3.22,1446,3.22,1447,3.22,1448,3.22,1449,3.22,1450,3.22,1451,3.22,1452,3.22,1453,2.903,1454,2.903,1455,3.22,1456,3.22,1457,3.22]],["t/278",[10,0.82,19,0.278,23,0.684,30,1.655,55,0.886,62,2.217,66,1.465,68,2.849,73,1.356,86,1.524,88,1.014,90,3.649,104,0.659,106,2.357,110,2.452,119,2.7,120,2.525,151,1.213,167,1.816,216,2.883,221,2.509,224,1.524,225,1.989,235,2.128,245,1.089,250,3.048,271,1.816,317,0.945,322,1.213,340,2.525,352,2.782,383,2.509,388,3.372,430,1.32,447,2.7,485,1.729,498,2.095,536,2.7,612,2.35,614,2.7,633,2.214,688,1.729,712,2.939,720,2.35,723,2.214,923,2.095,942,4.038,973,2.7,1152,2.939,1157,2.35,1337,2.509,1344,3.504,1345,2.214,1421,2.7,1427,3.259,1428,3.259,1429,4.104,1430,4.104,1431,2.939,1439,4.551,1440,4.104,1441,3.259,1442,3.259,1443,3.259,1444,3.259,1445,3.259,1446,3.259,1447,3.259,1448,3.259,1449,3.259,1450,3.259,1451,3.259,1452,4.551,1453,2.939,1454,2.939,1455,4.551,1456,3.259,1457,3.259,1458,3.744,1459,3.744,1460,3.744,1461,3.744,1462,3.744,1463,3.744,1464,3.744,1465,5.229,1466,5.229,1467,5.229,1468,5.229,1469,3.744,1470,3.744,1471,2.7,1472,3.744]],["t/280",[30,2.153,37,2.073,55,1.166,59,2.352,62,2.644,66,1.905,77,1.905,86,1.983,90,4.418,113,3.264,120,2.352,141,2.88,154,2.352,216,3.314,224,1.983,225,2.588,237,2.352,245,1.416,313,2.88,316,1.145,317,1.229,352,2.249,430,1.574,498,2.726,795,3.823,881,3.512,918,4.609,921,3.823,1304,3.512,1309,3.823,1421,3.512,1429,4.894,1430,4.894,1432,5.986,1440,4.894,1453,3.823,1454,3.823,1473,4.871,1474,4.871,1475,4.871,1476,6.236,1477,6.236]],["t/282",[10,1.782,19,0.374,23,0.651,32,1.952,36,3.101,55,0.604,56,0.904,57,0.877,62,1.88,63,1.408,65,0.782,66,0.877,67,3.441,68,1.828,69,1.385,70,1.192,73,1.605,76,1.503,77,0.877,78,2.685,79,1.785,80,0.676,82,2.487,85,0.676,86,0.913,88,1.368,91,1.197,96,1.255,99,2.107,100,1.503,101,1.192,102,1.135,104,1.25,107,0.754,110,2.503,114,0.701,118,1.408,151,1.636,152,1.76,154,2.438,185,0.782,186,1.72,198,0.992,211,1.503,224,1.45,228,1.76,237,1.083,243,1.76,245,0.652,250,2.555,258,1.29,261,0.992,305,1.255,311,2.331,320,1.135,325,3.858,340,2.438,350,1.135,351,1.617,363,1.617,406,1.952,431,2.107,448,1.503,453,1.893,466,0.652,487,0.877,546,1.76,561,1.326,657,1.617,708,1.952,720,2.237,732,1.952,736,1.511,765,3.641,769,1.408,770,1.408,817,1.76,830,1.503,854,1.952,860,1.76,884,1.952,919,1.503,923,3.847,943,1.503,958,1.76,983,2.797,988,1.255,1045,2.797,1051,2.797,1106,1.617,1131,1.76,1152,2.797,1157,2.237,1162,1.617,1180,1.76,1239,1.952,1253,1.952,1304,1.617,1312,1.76,1327,1.952,1331,1.952,1344,2.388,1360,2.107,1361,4.324,1471,2.569,1478,1.617,1479,1.952,1480,2.243,1481,4.395,1482,6.088,1483,3.101,1484,4.395,1485,2.243,1486,2.243,1487,2.243,1488,2.243,1489,1.76,1490,6.149,1491,2.243,1492,2.243,1493,2.243,1494,5.05,1495,2.243,1496,3.858,1497,2.243,1498,3.563,1499,2.243,1500,2.243,1501,3.563,1502,2.243,1503,2.243,1504,3.563,1505,3.563,1506,2.243,1507,2.243,1508,2.243,1509,2.243,1510,4.433,1511,2.243,1512,4.433,1513,3.563,1514,3.563,1515,2.243,1516,2.243,1517,2.243,1518,1.952,1519,2.243,1520,2.243,1521,2.243,1522,3.563,1523,2.243,1524,3.563,1525,2.243,1526,3.563,1527,2.243,1528,1.952,1529,2.243,1530,2.243,1531,2.243]],["t/284",[23,1.179,60,1.563,86,2.627,104,1.136,1345,3.817]],["t/286",[10,0.865,23,0.721,37,1.19,53,2.949,55,0.669,56,0.805,65,1.377,66,1.544,68,2.244,70,2.098,73,2.416,76,2.646,80,1.19,85,1.19,96,2.21,99,3.208,100,2.646,101,2.098,107,1.823,110,2.522,211,2.646,219,2.646,311,1.823,313,3.665,340,2.619,352,1.823,357,2.882,423,4.377,430,1.369,463,2.478,466,1.577,485,1.823,487,2.122,491,4.687,492,3.912,660,3.099,723,4.458,847,3.099,1360,4.136,1431,3.099,1471,2.847,1478,2.847,1489,3.099,1532,4.721,1533,4.721,1534,5.807,1535,3.949,1536,3.436,1537,4.721,1538,4.721,1539,4.721,1540,4.721,1541,4.721,1542,3.949,1543,3.436,1544,4.721,1545,3.436,1546,3.436,1547,3.436,1548,3.436,1549,3.436,1550,3.436,1551,3.436,1552,3.436,1553,3.436,1554,3.436,1555,3.436,1556,3.436,1557,3.436,1558,3.436,1559,3.949]],["t/288",[8,4.1,10,1.522,19,0.387,23,0.954,37,0.877,42,0.739,53,2.643,55,0.493,56,1.329,60,0.921,65,1.015,68,1.578,73,2.573,77,1.705,82,1.848,85,0.877,91,2.335,99,1.722,101,1.547,104,0.767,105,1.722,107,1.755,110,2.528,114,0.91,211,1.951,245,0.847,258,1.578,261,1.927,271,1.313,274,1.415,313,1.722,339,1.828,340,1.406,352,1.344,357,3.081,423,4.399,430,1.464,437,1.951,446,1.722,453,1.547,466,1.519,485,2.012,487,2.268,491,4.761,492,4.182,719,1.951,723,4.201,736,1.234,785,1.951,847,2.285,862,2.285,923,2.923,937,2.285,1005,2.534,1247,4.552,1281,2.285,1314,2.285,1345,1.722,1360,3.996,1518,2.534,1532,2.534,1533,4.546,1534,5.881,1536,2.534,1537,4.546,1538,5.405,1539,5.047,1540,5.047,1541,5.047,1543,2.534,1544,4.546,1545,2.534,1546,2.534,1547,2.534,1548,2.534,1549,2.534,1550,2.534,1551,2.534,1552,2.534,1553,2.534,1554,2.534,1555,2.534,1556,2.534,1557,2.534,1558,3.793,1560,2.912,1561,2.912,1562,2.912,1563,2.534,1564,4.358,1565,4.358,1566,2.912,1567,2.912,1568,4.358,1569,2.912,1570,2.912,1571,2.912,1572,4.358,1573,2.912]],["t/290",[19,0.415,23,1.024,30,3.008,56,1.142,68,2.029,69,1.75,77,3.055,78,2.464,80,1.688,85,1.688,88,1.517,95,2.705,102,3.443,103,3.313,165,4.397,186,2.705,316,1.317,328,4.04,337,3.754,352,2.586,423,3.313,430,1.414,633,3.313,866,3.313,1360,4.024,1574,6.805]],["t/292",[19,0.457,23,1.245,43,2.998,56,1.389,68,2.23,77,2.816,78,2.762,85,1.439,88,1.294,102,3.115,104,0.841,107,1.605,134,2.306,186,2.306,237,2.306,245,1.389,271,2.054,274,1.294,395,2.673,430,1.205,524,4.157,633,3.641,770,2.998,788,4.157,805,4.157,865,4.914,866,4.03,937,3.749,956,3.749,966,3.749,1074,3.444,1250,4.157,1360,4.257,1575,4.776,1576,6.265,1577,4.776,1578,4.776,1579,4.776,1580,4.776,1581,4.776,1582,4.776,1583,4.776,1584,4.776,1585,4.776,1586,4.157]],["t/294",[10,0.797,19,0.491,23,1.019,30,1.993,35,1.722,44,1.111,55,0.868,56,1.266,57,0.9,58,1.111,60,0.769,66,0.9,68,1.633,69,0.719,77,2.43,78,2.55,79,1.178,81,2.151,82,3.068,88,0.623,94,1.361,98,1.288,102,3.353,103,4.574,104,1.133,105,1.361,107,0.773,113,3.022,114,1.136,124,1.66,128,1.66,132,1.445,137,1.806,150,2.003,152,2.855,154,1.111,166,1.806,185,0.803,204,0.976,224,2.271,237,1.111,245,0.669,258,2.249,261,1.018,271,0.694,274,1.221,298,1.164,311,1.679,322,1.461,324,2.003,382,1.66,392,3.251,416,0.9,430,0.581,431,2.151,435,2.437,450,2.83,466,1.311,474,1.66,494,2.003,519,3.142,536,2.622,538,1.806,608,1.542,627,1.445,631,3.539,658,1.288,660,1.806,720,2.283,727,4.655,736,0.976,760,2.283,768,2.003,769,1.445,770,4.592,771,2.003,774,1.66,792,2.003,803,2.003,828,2.622,859,1.66,866,2.666,881,1.66,970,1.806,988,1.288,1050,3.165,1074,3.251,1106,1.66,1111,3.165,1156,2.855,1258,5.604,1259,2.003,1260,3.165,1262,2.003,1267,2.003,1287,2.003,1300,2.003,1322,2.003,1347,3.165,1349,3.924,1350,3.924,1351,2.003,1352,3.165,1354,2.003,1355,3.165,1356,2.003,1357,2.003,1360,3.508,1397,2.003,1528,2.003,1587,3.637,1588,4.509,1589,4.509,1590,2.302,1591,3.637,1592,3.637,1593,2.302,1594,2.302,1595,2.302,1596,2.302,1597,3.637,1598,2.302,1599,2.302,1600,2.302,1601,2.302,1602,3.637,1603,2.302,1604,2.302,1605,2.302,1606,3.637,1607,2.302,1608,2.302,1609,2.302,1610,2.302,1611,3.637,1612,3.637,1613,2.302,1614,2.302,1615,2.302,1616,2.302,1617,4.509,1618,2.302,1619,2.302,1620,2.302,1621,2.302,1622,2.302,1623,3.637,1624,3.637,1625,2.302,1626,2.302]],["t/296",[23,1.347,55,1.088,56,1.309,769,4.031,881,4.63,1345,3.797]],["t/298",[5,3.812,9,3.053,10,1.7,11,2.25,19,0.476,23,1.255,35,1.423,42,0.964,45,4.237,55,1.164,56,1.4,58,2.044,59,2.044,63,2.658,78,2.06,79,1.372,96,2.369,104,1.131,107,1.423,132,2.658,151,1.372,153,1.795,167,1.276,229,3.323,271,1.714,274,1.541,298,2.878,350,2.142,357,4.167,416,2.225,430,1.436,470,3.685,632,4.464,636,4.464,639,3.323,642,5.042,643,4.464,649,4.464,919,2.837,943,2.837,956,3.323,1035,3.323,1380,3.685,1381,3.685,1382,3.685,1576,3.685,1627,5.688,1628,5.688,1629,3.685,1630,3.685,1631,3.685,1632,4.234,1633,4.234,1634,4.234,1635,4.234,1636,4.234]],["t/300",[10,1.72,19,0.444,23,1.293,42,0.627,54,1.506,55,0.879,56,1.392,57,2.028,58,1.786,59,1.786,63,4.072,65,1.29,66,2.341,67,3.35,68,1.877,78,1.877,85,1.115,106,1.447,107,1.243,110,1.506,114,1.156,143,2.755,151,1.198,167,1.115,225,1.966,229,2.903,245,1.076,250,2.623,271,1.562,274,1.404,308,2.901,311,1.708,342,4.512,350,1.872,352,2.394,376,4.316,430,1.308,519,1.872,719,2.479,730,4.069,736,1.568,764,3.22,765,2.667,819,4.069,923,2.901,1025,3.739,1035,2.903,1045,2.903,1106,2.667,1148,3.22,1157,2.322,1272,4.512,1304,4.678,1309,2.903,1312,4.069,1319,2.903,1344,2.479,1345,2.188,1479,3.22,1481,3.22,1482,5.21,1483,3.22,1484,4.512,1496,3.22,1563,3.22,1629,3.22,1630,3.22,1631,3.22,1637,5.185,1638,5.185,1639,5.986,1640,3.699,1641,3.699,1642,3.699,1643,3.699,1644,5.185,1645,3.699,1646,3.699,1647,3.699,1648,3.699,1649,3.699,1650,3.699,1651,3.699,1652,3.699,1653,3.699,1654,3.699,1655,3.699]],["t/302",[19,0.538,23,1.142,44,1.938,50,5.439,53,2.445,55,0.68,56,1.118,57,1.57,62,1.701,65,2.179,67,2.246,75,2.373,77,2.146,78,1.986,83,2.03,85,1.209,88,1.087,91,1.348,96,2.246,99,2.373,100,2.689,101,3.737,102,2.03,103,2.373,106,1.57,109,2.689,111,2.519,123,3.493,151,1.3,192,2.894,197,3.923,206,2.373,216,1.774,217,2.894,235,1.633,236,2.519,245,1.167,280,1.209,313,2.373,337,2.689,340,3.396,363,2.894,379,3.443,395,2.246,416,1.57,425,2.689,430,1.013,464,2.894,466,2.045,485,2.532,519,2.775,624,2.894,627,2.519,657,2.894,712,4.905,766,3.493,813,2.689,877,2.689,988,2.246,1055,2.894,1281,3.15,1335,3.15,1336,3.493,1337,2.689,1339,5.439,1340,3.493,1341,3.493,1361,3.15,1376,3.493,1471,2.894,1478,2.894,1489,3.15,1656,4.013,1657,4.013,1658,4.013,1659,4.013,1660,4.013,1661,5.485,1662,3.493,1663,5.485,1664,4.013,1665,4.013,1666,4.013]],["t/304",[19,0.323,42,0.982,54,1.772,55,0.738,56,0.888,60,0.92,65,1.518,66,1.703,68,2.098,73,2.098,76,2.917,77,1.703,78,1.576,85,1.746,88,1.881,90,2.436,91,2.591,94,3.427,108,2.102,110,1.772,112,3.139,154,2.798,197,2.733,204,1.846,208,2.733,214,3.789,230,2.733,240,2.313,258,1.576,280,1.312,304,3.07,320,2.203,395,3.243,431,2.575,450,2.733,463,2.733,466,1.894,472,3.417,475,2.917,487,2.548,505,3.417,530,3.139,658,2.436,736,2.457,774,3.139,789,3.789,830,2.917,853,2.575,923,2.436,925,3.417,988,2.436,1025,3.139,1055,4.179,1162,3.139,1163,3.789,1387,3.789,1586,3.789,1662,5.044,1667,4.354,1668,4.354,1669,4.354,1670,4.354,1671,4.354,1672,4.354,1673,4.354,1674,4.354,1675,4.354,1676,4.354,1677,4.354,1678,4.354,1679,4.354]],["t/306",[19,0.417,55,0.954,65,1.963,80,2.213,96,3.149,99,3.328,100,3.772,101,2.99,151,2.21,153,3.113,245,1.637,320,3.452,340,3.295,368,2.291,463,4.283,487,2.201,887,4.61,888,4.921,1478,4.058,1680,5.628,1681,5.628,1682,5.628]]],"invertedIndex":[["",{"_index":10,"t":{"155":{"position":[[92,1],[528,1]]},"157":{"position":[[119,1],[559,4]]},"165":{"position":[[752,3],[789,3],[827,3],[831,3]]},"184":{"position":[[234,1]]},"202":{"position":[[618,3],[972,1],[974,1],[987,1],[1038,1]]},"204":{"position":[[693,1]]},"214":{"position":[[202,1],[204,1],[331,1],[333,1]]},"218":{"position":[[649,1],[655,2]]},"222":{"position":[[259,3]]},"224":{"position":[[209,1]]},"226":{"position":[[256,1],[1182,1],[1202,1],[1306,1],[1621,1],[1641,1],[3089,1],[3110,2]]},"228":{"position":[[1195,1]]},"238":{"position":[[259,2],[353,2],[432,2],[496,2],[566,2],[2038,1],[2318,1],[2591,1],[2613,1],[3485,1],[3499,1],[3519,1],[4395,1],[4439,1],[4490,1],[4512,1],[4521,1],[4566,1],[4604,1],[4616,1],[4632,1],[4647,1],[4688,1],[4993,1],[5015,1],[5032,1],[5064,1],[5987,3],[6222,1],[6244,1],[6261,1],[6281,1],[6478,1],[6899,1],[6921,1],[6938,1]]},"240":{"position":[[674,2]]},"242":{"position":[[366,1],[396,1]]},"246":{"position":[[39,1],[1414,1],[3059,1],[3080,1],[3140,1],[3191,1],[3193,1],[3236,1],[3238,1],[3261,1],[3284,1],[3311,1],[3331,1],[3361,1],[3493,1],[4386,1],[4407,1],[4464,1],[4520,1],[4522,1],[4560,1],[4562,1],[4578,1],[4599,1],[4624,1],[4644,1],[4665,1],[4693,1],[4770,1]]},"248":{"position":[[1584,1],[1616,1],[1670,1],[1726,1],[1749,1],[1773,1],[1808,1],[1858,1],[1885,1],[1914,1],[1989,1],[2068,1]]},"254":{"position":[[213,1],[238,1],[259,1]]},"256":{"position":[[400,2],[458,2]]},"264":{"position":[[239,1],[248,1],[264,1],[272,4],[277,1],[312,1],[320,4],[325,1],[330,1],[570,1],[697,1],[706,1],[728,1],[730,1]]},"266":{"position":[[83,1],[85,1]]},"268":{"position":[[71,2],[93,1],[1050,1],[1583,1],[1706,3],[2057,4],[2062,2],[2418,1],[2420,1],[2493,1],[2574,1],[2662,1],[3124,2],[3431,1],[3433,1],[3511,1],[3513,1],[3950,1],[4089,1],[4200,1],[4990,1],[5533,2],[7096,1],[7163,4],[8215,2],[8284,1],[8730,2],[8923,2],[9540,1],[10287,1],[12600,1],[12728,1],[12877,1],[12941,1],[13092,1],[13123,1],[14073,1],[14502,1],[14790,1],[14890,1],[15128,1],[15210,1],[15217,2],[15299,1],[15952,1],[15959,2],[16312,2]]},"272":{"position":[[147,1],[149,1]]},"274":{"position":[[215,1],[241,1],[278,1],[343,1]]},"276":{"position":[[927,1]]},"278":{"position":[[782,1]]},"282":{"position":[[242,1],[272,4],[317,1],[513,1],[557,1],[629,1],[640,1],[655,1],[796,1],[879,3],[912,1],[923,1],[925,1],[969,1],[988,1],[1050,1],[1282,1],[1468,1],[1644,1],[1737,1],[1803,1],[1901,1],[2080,1],[2161,1],[2266,2],[2269,3],[2273,5],[2279,1],[2396,1],[2398,1],[2494,1],[2582,1],[2612,1],[2656,4],[2665,2],[3338,1],[3419,1],[3448,2],[3451,2],[3484,1],[3496,2],[3523,2],[3556,5],[3566,1]]},"286":{"position":[[589,2]]},"288":{"position":[[154,1],[349,1],[488,2],[570,1],[757,2],[858,1],[1069,2],[1282,2]]},"294":{"position":[[2505,2],[2549,2]]},"298":{"position":[[227,1],[262,1],[298,1],[334,1],[369,1],[391,1],[414,1],[431,1],[449,1]]},"300":{"position":[[114,3],[750,1],[951,1],[953,1],[1165,2],[1264,1],[1299,1],[1335,1],[1357,1],[1380,1],[1397,1],[1420,1],[1438,1]]}}}],["0",{"_index":1260,"t":{"268":{"position":[[1304,2],[1776,1],[5793,1],[5806,1],[11048,1]]},"294":{"position":[[1110,1],[1700,4]]}}}],["0.0.0.0:4180",{"_index":1096,"t":{"246":{"position":[[4772,14]]}}}],["0.001",{"_index":1469,"t":{"278":{"position":[[916,5]]}}}],["00010203",{"_index":1445,"t":{"276":{"position":[[1121,8]]},"278":{"position":[[984,8]]}}}],["0400",{"_index":1430,"t":{"276":{"position":[[256,5],[1301,4]]},"278":{"position":[[137,5],[1323,4]]},"280":{"position":[[267,5],[593,4]]}}}],["0405",{"_index":1446,"t":{"276":{"position":[[1130,4]]},"278":{"position":[[993,4]]}}}],["0a0b0c0d0e0f",{"_index":1449,"t":{"276":{"position":[[1145,12]]},"278":{"position":[[1008,12]]}}}],["1",{"_index":719,"t":{"220":{"position":[[2225,1]]},"226":{"position":[[2828,1]]},"268":{"position":[[1821,3],[15804,4]]},"288":{"position":[[423,2]]},"300":{"position":[[1116,2]]}}}],["1.3",{"_index":640,"t":{"216":{"position":[[474,3]]}}}],["1.5h",{"_index":402,"t":{"184":{"position":[[236,5]]}}}],["100",{"_index":1325,"t":{"268":{"position":[[5889,3]]}}}],["12",{"_index":1472,"t":{"278":{"position":[[1200,2]]}}}],["12.x",{"_index":984,"t":{"240":{"position":[[58,5],[128,4]]}}}],["123456.apps.googleusercontent.com",{"_index":1252,"t":{"268":{"position":[[724,35]]}}}],["127.0.0.1:4180",{"_index":1309,"t":{"268":{"position":[[5212,16]]},"280":{"position":[[732,14]]},"300":{"position":[[150,14]]}}}],["128",{"_index":1592,"t":{"294":{"position":[[383,3],[434,3]]}}}],["15",{"_index":1355,"t":{"268":{"position":[[10926,2],[10957,2]]},"294":{"position":[[3491,2],[3522,2]]}}}],["15m",{"_index":1277,"t":{"268":{"position":[[2261,3]]}}}],["168h0m0",{"_index":1262,"t":{"268":{"position":[[1385,8]]},"294":{"position":[[1175,8]]}}}],["19.0.0",{"_index":938,"t":{"238":{"position":[[636,7]]}}}],["19/mar/2015:17:20:19",{"_index":1429,"t":{"276":{"position":[[233,21],[1279,20]]},"278":{"position":[[114,21],[1301,20]]},"280":{"position":[[244,21],[571,20]]}}}],["1916",{"_index":960,"t":{"238":{"position":[[3370,5]]}}}],["192",{"_index":1236,"t":{"264":{"position":[[644,3]]}}}],["1h",{"_index":773,"t":{"226":{"position":[[923,4]]}}}],["1m",{"_index":1612,"t":{"294":{"position":[[2097,4],[2532,2]]}}}],["1s",{"_index":1293,"t":{"268":{"position":[[3239,4]]}}}],["2",{"_index":785,"t":{"226":{"position":[[1547,1]]},"228":{"position":[[1134,1]]},"246":{"position":[[3458,2]]},"268":{"position":[[15275,3],[15880,4]]},"288":{"position":[[717,2]]}}}],["2.0",{"_index":1011,"t":{"242":{"position":[[213,3]]},"246":{"position":[[35,3]]}}}],["20",{"_index":1298,"t":{"268":{"position":[[4403,2]]}}}],["200",{"_index":712,"t":{"220":{"position":[[1941,3]]},"278":{"position":[[1249,3]]},"302":{"position":[[223,3],[336,3],[417,3]]}}}],["202",{"_index":1478,"t":{"282":{"position":[[131,3]]},"286":{"position":[[162,3]]},"302":{"position":[[1098,3]]},"306":{"position":[[22,3]]}}}],["2048",{"_index":1113,"t":{"248":{"position":[[1052,4]]}}}],["21.0.0",{"_index":940,"t":{"238":{"position":[[773,7]]}}}],["24",{"_index":1234,"t":{"264":{"position":[[630,2]]}}}],["2>/dev/nul",{"_index":1220,"t":{"264":{"position":[[227,11]]}}}],["2f",{"_index":734,"t":{"222":{"position":[[212,7]]}}}],["2h45m",{"_index":403,"t":{"184":{"position":[[245,8]]}}}],["3",{"_index":843,"t":{"228":{"position":[[1492,2],[1800,2]]},"230":{"position":[[385,2],[421,2]]},"236":{"position":[[1247,4]]}}}],["3/4",{"_index":1393,"t":{"268":{"position":[[15577,3]]}}}],["30",{"_index":730,"t":{"220":{"position":[[2598,2]]},"268":{"position":[[14763,3]]},"300":{"position":[[1138,3],[1161,3]]}}}],["300m",{"_index":401,"t":{"184":{"position":[[225,8]]}}}],["315360000",{"_index":1549,"t":{"286":{"position":[[965,9]]},"288":{"position":[[1723,9]]}}}],["32",{"_index":1226,"t":{"264":{"position":[[309,2],[578,2],[708,2]]}}}],["3650",{"_index":1125,"t":{"248":{"position":[[1175,4]]}}}],["401",{"_index":99,"t":{"157":{"position":[[403,3]]},"268":{"position":[[112,3]]},"282":{"position":[[158,3],[965,3]]},"286":{"position":[[189,3],[1254,4]]},"288":{"position":[[898,3]]},"302":{"position":[[1125,3]]},"306":{"position":[[49,3]]}}}],["403",{"_index":1559,"t":{"286":{"position":[[1259,4]]}}}],["4180",{"_index":1643,"t":{"300":{"position":[[465,5]]}}}],["443",{"_index":1312,"t":{"268":{"position":[[5378,6],[16159,3]]},"282":{"position":[[251,3]]},"300":{"position":[[395,3],[759,3]]}}}],["4607",{"_index":1447,"t":{"276":{"position":[[1135,4]]},"278":{"position":[[998,4]]}}}],["4kb",{"_index":1498,"t":{"282":{"position":[[1733,3],[1938,4]]}}}],["5",{"_index":802,"t":{"226":{"position":[[2527,1]]},"228":{"position":[[1528,2],[1836,2]]}}}],["59",{"_index":1613,"t":{"294":{"position":[[2138,6]]}}}],["7",{"_index":1323,"t":{"268":{"position":[[5722,1]]}}}],["74.125.224.72",{"_index":1441,"t":{"276":{"position":[[840,13]]},"278":{"position":[[695,13]]}}}],["80",{"_index":1402,"t":{"268":{"position":[[16145,3]]}}}],["8809",{"_index":1448,"t":{"276":{"position":[[1140,4]]},"278":{"position":[[1003,4]]}}}],["994",{"_index":985,"t":{"240":{"position":[[138,5]]}}}],["_",{"_index":1223,"t":{"264":{"position":[[279,3],[327,2],[732,3]]},"266":{"position":[[104,4]]},"272":{"position":[[168,4]]}}}],["__host",{"_index":1265,"t":{"268":{"position":[[1562,7]]}}}],["__secur",{"_index":1266,"t":{"268":{"position":[[1574,8]]}}}],["_oauth2_proxi",{"_index":1267,"t":{"268":{"position":[[1612,15]]},"294":{"position":[[338,14]]}}}],["_oauth2_proxy_1",{"_index":1531,"t":{"282":{"position":[[3951,18]]}}}],["aad",{"_index":832,"t":{"228":{"position":[[880,3]]}}}],["abov",{"_index":921,"t":{"236":{"position":[[1233,5]]},"276":{"position":[[1542,5]]},"280":{"position":[[45,5]]}}}],["absent",{"_index":1299,"t":{"268":{"position":[[4409,6]]}}}],["accept",{"_index":96,"t":{"157":{"position":[[363,7]]},"216":{"position":[[139,11]]},"268":{"position":[[11440,8],[14435,11]]},"282":{"position":[[135,8]]},"286":{"position":[[166,8]]},"298":{"position":[[566,10]]},"302":{"position":[[1102,8]]},"306":{"position":[[26,8]]}}}],["acceptable.e.g",{"_index":638,"t":{"216":{"position":[[420,15]]}}}],["access",{"_index":258,"t":{"171":{"position":[[349,6]]},"176":{"position":[[101,6]]},"180":{"position":[[171,6]]},"186":{"position":[[346,6]]},"198":{"position":[[259,6]]},"206":{"position":[[2139,6],[2286,6]]},"226":{"position":[[2285,7]]},"234":{"position":[[296,7],[924,6],[999,6],[1036,6],[1186,6],[1217,6],[1306,6]]},"236":{"position":[[138,6],[1173,6]]},"238":{"position":[[857,6],[2260,6],[2320,6],[2630,6],[3022,6],[3350,6],[3600,6],[7059,6]]},"246":{"position":[[2344,6],[2403,7],[2977,6]]},"248":{"position":[[305,7],[2650,6],[3170,10]]},"254":{"position":[[528,6],[638,6],[673,6]]},"268":{"position":[[3903,6],[4328,6],[4375,6],[7175,6],[7245,6],[7329,6],[8131,6],[9127,6],[11997,6],[12026,6],[15034,6]]},"282":{"position":[[1306,6],[1447,6]]},"288":{"position":[[2016,6],[2192,6]]},"294":{"position":[[1477,6],[1670,6],[1709,6],[1871,6],[2066,6],[2445,6],[2508,6]]},"304":{"position":[[214,9]]}}}],["access_by_lua_block",{"_index":1523,"t":{"282":{"position":[[3399,19]]}}}],["access_token",{"_index":1330,"t":{"268":{"position":[[7204,12]]}}}],["accesstokenacceptedvers",{"_index":838,"t":{"228":{"position":[[1104,29]]}}}],["accompani",{"_index":885,"t":{"234":{"position":[[382,11]]}}}],["account",{"_index":424,"t":{"190":{"position":[[271,7]]},"226":{"position":[[981,7],[1095,7],[1828,7],[2927,7]]},"228":{"position":[[177,7]]},"238":{"position":[[3854,7]]},"246":{"position":[[1641,8],[3747,8]]},"248":{"position":[[260,8],[737,7]]},"254":{"position":[[204,7],[487,7]]},"268":{"position":[[4608,7],[4652,7],[4782,7]]}}}],["acr",{"_index":292,"t":{"171":{"position":[[1037,3]]},"268":{"position":[[34,3]]}}}],["activ",{"_index":811,"t":{"228":{"position":[[65,6],[1349,6]]},"238":{"position":[[4302,10],[5101,9]]}}}],["actual",{"_index":830,"t":{"228":{"position":[[851,8]]},"252":{"position":[[221,6]]},"254":{"position":[[124,6]]},"282":{"position":[[3721,6]]},"304":{"position":[[1057,6]]}}}],["ad",{"_index":108,"t":{"157":{"position":[[637,5]]},"169":{"position":[[7,6]]},"174":{"position":[[66,6]]},"192":{"position":[[79,5]]},"206":{"position":[[2230,2]]},"224":{"position":[[294,2]]},"238":{"position":[[1810,5],[6789,5]]},"244":{"position":[[4,6],[49,2]]},"268":{"position":[[11327,2],[12042,5]]},"270":{"position":[[750,6]]},"304":{"position":[[939,5]]}}}],["adc",{"_index":786,"t":{"226":{"position":[[1615,5],[1884,3]]}}}],["add",{"_index":171,"t":{"163":{"position":[[148,3]]},"165":{"position":[[432,3]]},"228":{"position":[[0,3],[430,3],[532,3],[662,3],[1222,3],[1284,4]]},"230":{"position":[[64,3]]},"238":{"position":[[3322,3],[3343,3],[3487,3],[6263,3],[6497,3]]},"240":{"position":[[223,3],[431,3],[1312,3]]},"244":{"position":[[74,3]]},"246":{"position":[[605,3],[1296,4],[1989,3],[2336,3],[2567,3]]},"254":{"position":[[0,3]]},"260":{"position":[[80,3]]},"264":{"position":[[332,3]]},"268":{"position":[[7305,4],[16237,3]]}}}],["add_head",{"_index":1496,"t":{"282":{"position":[[1608,10],[2496,10],[2539,10]]},"300":{"position":[[888,10]]}}}],["addedto",{"_index":334,"t":{"176":{"position":[[667,7],[902,7]]}}}],["addit",{"_index":561,"t":{"204":{"position":[[1553,10],[1614,8]]},"234":{"position":[[206,10],[775,8]]},"238":{"position":[[3089,10],[3168,8]]},"246":{"position":[[2066,10]]},"254":{"position":[[559,10]]},"268":{"position":[[7103,10]]},"282":{"position":[[1968,10]]}}}],["addition",{"_index":1300,"t":{"268":{"position":[[4847,12]]},"294":{"position":[[851,12]]}}}],["address",{"_index":485,"t":{"202":{"position":[[496,9]]},"204":{"position":[[230,7]]},"214":{"position":[[146,7],[268,7]]},"226":{"position":[[2343,7]]},"238":{"position":[[3663,7]]},"258":{"position":[[95,9],[199,9]]},"268":{"position":[[5056,7],[5180,8],[5237,7],[5346,8],[6354,7],[7669,7],[8856,7],[8875,7],[15588,8],[15681,7]]},"276":{"position":[[81,7],[875,8]]},"278":{"position":[[730,8]]},"286":{"position":[[1150,8]]},"288":{"position":[[1917,8],[2082,8]]},"302":{"position":[[568,7],[599,8]]}}}],["address=\"0.0.0.0:4180",{"_index":1641,"t":{"300":{"position":[[312,22]]}}}],["address=\"http://:4180",{"_index":1642,"t":{"300":{"position":[[345,23]]}}}],["adf",{"_index":576,"t":{"206":{"position":[[739,4],[2237,4]]},"208":{"position":[[128,5]]},"224":{"position":[[232,4]]},"230":{"position":[[9,4],[445,4]]}}}],["adfsconfig",{"_index":574,"t":{"206":{"position":[[676,10],[699,10]]}}}],["adfsopt",{"_index":575,"t":{"206":{"position":[[687,11]]}}}],["admin",{"_index":418,"t":{"190":{"position":[[164,5]]},"226":{"position":[[1337,5],[2275,5],[2395,5],[2481,5]]},"228":{"position":[[696,5],[729,5],[801,8],[940,5]]},"236":{"position":[[1482,5],[1548,7]]},"238":{"position":[[604,5],[652,5],[700,5],[797,5],[1276,5]]},"250":{"position":[[574,6],[612,6]]},"268":{"position":[[4425,5],[4455,5]]}}}],["admin2",{"_index":947,"t":{"238":{"position":[[1400,6]]}}}],["adminemail",{"_index":417,"t":{"190":{"position":[[121,10],[139,10]]}}}],["administr",{"_index":798,"t":{"226":{"position":[[2322,14]]},"230":{"position":[[14,14]]},"246":{"position":[[1626,14]]}}}],["advis",{"_index":1615,"t":{"294":{"position":[[2377,7]]}}}],["advisori",{"_index":168,"t":{"163":{"position":[[23,10],[182,8],[411,9]]}}}],["ae",{"_index":1235,"t":{"264":{"position":[[640,3]]}}}],["affect",{"_index":164,"t":{"161":{"position":[[688,8]]}}}],["afterward",{"_index":1668,"t":{"304":{"position":[[334,10]]}}}],["ag",{"_index":1320,"t":{"268":{"position":[[5667,3]]},"274":{"position":[[237,3],[256,5]]}}}],["again",{"_index":1667,"t":{"304":{"position":[[240,6]]}}}],["against",{"_index":39,"t":{"155":{"position":[[432,7]]},"204":{"position":[[1433,7]]},"226":{"position":[[2731,7],[2994,7]]},"238":{"position":[[1719,7]]},"240":{"position":[[35,7]]},"246":{"position":[[163,7]]},"250":{"position":[[50,7]]},"268":{"position":[[455,7],[4873,7]]}}}],["age=2592000",{"_index":1652,"t":{"300":{"position":[[929,12]]}}}],["agenc",{"_index":1098,"t":{"248":{"position":[[80,7],[718,6]]}}}],["agent",{"_index":1337,"t":{"268":{"position":[[8663,5],[8683,5],[8751,6]]},"274":{"position":[[753,6]]},"276":{"position":[[1372,5]]},"278":{"position":[[1444,5]]},"302":{"position":[[263,6]]}}}],["agre",{"_index":181,"t":{"163":{"position":[[441,6]]}}}],["agreement",{"_index":1008,"t":{"242":{"position":[[124,9]]}}}],["ajax",{"_index":93,"t":{"157":{"position":[[335,4]]}}}],["algorithm:secretkey",{"_index":1367,"t":{"268":{"position":[[12514,21]]}}}],["alia",{"_index":391,"t":{"184":{"position":[[8,7]]},"208":{"position":[[8,7]]},"210":{"position":[[12,7]]}}}],["allow",{"_index":80,"t":{"157":{"position":[[143,8]]},"171":{"position":[[1087,7],[1116,7]]},"176":{"position":[[85,6]]},"182":{"position":[[38,6]]},"186":{"position":[[392,6]]},"200":{"position":[[295,7],[459,7],[609,7]]},"202":{"position":[[599,6],[724,7],[1291,5],[1327,5],[1477,5]]},"204":{"position":[[868,6],[1389,6]]},"220":{"position":[[788,6],[1613,5]]},"222":{"position":[[188,8]]},"234":{"position":[[473,7],[1180,5],[1473,5],[1628,5]]},"236":{"position":[[1090,7]]},"238":{"position":[[322,7],[388,7],[468,7],[3974,7],[3992,7],[4285,8],[4751,7],[4836,7],[5093,7],[5135,8],[5449,7],[6037,7],[6555,7],[6589,5]]},"246":{"position":[[2784,7],[4106,8]]},"248":{"position":[[2350,5]]},"250":{"position":[[23,6]]},"254":{"position":[[456,6]]},"260":{"position":[[117,5]]},"268":{"position":[[3960,5],[6303,5],[6445,5],[7134,7],[11453,6],[14769,7],[14870,7],[15135,7],[15223,5],[15336,5],[15967,5],[16069,8],[16097,8],[16209,5],[16292,5]]},"282":{"position":[[33,6]]},"286":{"position":[[38,6]]},"290":{"position":[[9,5]]},"306":{"position":[[192,7],[254,7],[316,7]]}}}],["allowed.e.g",{"_index":644,"t":{"216":{"position":[[553,13]]}}}],["allowed_email",{"_index":1682,"t":{"306":{"position":[[276,15]]}}}],["allowed_email_domain",{"_index":1681,"t":{"306":{"position":[[207,22]]}}}],["allowed_group",{"_index":1680,"t":{"306":{"position":[[152,15]]}}}],["allowedgroup",{"_index":610,"t":{"206":{"position":[[2371,13],[2394,13]]}}}],["allowedto",{"_index":563,"t":{"204":{"position":[[1583,9]]}}}],["alpha",{"_index":200,"t":{"165":{"position":[[44,5],[297,5],[353,5],[665,5]]},"167":{"position":[[15,5],[153,5],[194,5]]},"169":{"position":[[24,5],[92,5],[189,5],[510,5]]},"171":{"position":[[106,5],[1408,5],[1524,5]]},"176":{"position":[[22,5],[108,5],[267,6]]}}}],["alphaopt",{"_index":227,"t":{"165":{"position":[[607,12]]},"176":{"position":[[0,12]]},"192":{"position":[[13,13]]},"210":{"position":[[33,13]]},"214":{"position":[[13,13]]},"222":{"position":[[13,13]]}}}],["alreadi",{"_index":1606,"t":{"294":{"position":[[1579,7],[1758,7]]}}}],["altern",{"_index":505,"t":{"202":{"position":[[927,13]]},"252":{"position":[[496,14]]},"304":{"position":[[523,14]]}}}],["alway",{"_index":470,"t":{"200":{"position":[[532,6]]},"298":{"position":[[745,6]]}}}],["amazon",{"_index":1637,"t":{"300":{"position":[[61,6],[255,6]]}}}],["amd64",{"_index":24,"t":{"155":{"position":[[262,7],[581,6]]}}}],["amount",{"_index":1385,"t":{"268":{"position":[[14694,6]]}}}],["anchor",{"_index":661,"t":{"218":{"position":[[625,6]]}}}],["and/or",{"_index":496,"t":{"202":{"position":[[732,6]]}}}],["announc",{"_index":939,"t":{"238":{"position":[[723,9]]}}}],["anoth",{"_index":345,"t":{"176":{"position":[[1037,7]]},"224":{"position":[[82,7]]},"226":{"position":[[176,7]]}}}],["anyth",{"_index":471,"t":{"200":{"position":[[551,8]]}}}],["apach",{"_index":1424,"t":{"274":{"position":[[668,6]]}}}],["api",{"_index":420,"t":{"190":{"position":[[189,3]]},"226":{"position":[[250,5],[1300,5],[1322,5],[1363,4],[2281,3]]},"228":{"position":[[490,3]]},"240":{"position":[[78,3]]},"242":{"position":[[368,3]]},"246":{"position":[[1979,3]]},"268":{"position":[[76,3],[4480,3]]}}}],["api/v1",{"_index":1200,"t":{"256":{"position":[[635,9]]}}}],["app",{"_index":813,"t":{"228":{"position":[[90,3],[294,3],[465,3],[518,4],[1143,3],[1217,4]]},"232":{"position":[[16,3]]},"246":{"position":[[2215,5],[2701,4],[3925,3]]},"248":{"position":[[1334,3]]},"302":{"position":[[923,3]]}}}],["appear",{"_index":314,"t":{"174":{"position":[[0,8]]},"178":{"position":[[0,8]]},"180":{"position":[[0,8]]},"182":{"position":[[0,8]]},"184":{"position":[[16,8]]},"186":{"position":[[0,8]]},"188":{"position":[[0,8]]},"190":{"position":[[0,8]]},"192":{"position":[[0,8]]},"194":{"position":[[0,8]]},"196":{"position":[[0,8]]},"198":{"position":[[0,8]]},"200":{"position":[[0,8]]},"204":{"position":[[0,8]]},"206":{"position":[[0,8]]},"208":{"position":[[16,8]]},"210":{"position":[[20,8]]},"212":{"position":[[0,8]]},"214":{"position":[[0,8]]},"216":{"position":[[0,8]]},"218":{"position":[[0,8]]},"220":{"position":[[0,8]]},"222":{"position":[[0,8]]}}}],["append",{"_index":854,"t":{"228":{"position":[[2101,6]]},"282":{"position":[[2149,6]]}}}],["appli",{"_index":441,"t":{"192":{"position":[[428,7]]}}}],["applic",{"_index":54,"t":{"155":{"position":[[631,11]]},"190":{"position":[[395,11]]},"224":{"position":[[35,11]]},"226":{"position":[[538,12],[551,11],[1150,11],[1583,11],[1716,11]]},"228":{"position":[[7,12],[586,11]]},"230":{"position":[[74,11],[142,11],[174,12],[282,11]]},"240":{"position":[[230,12],[343,11],[468,12],[724,11]]},"244":{"position":[[14,11],[81,12],[124,10]]},"246":{"position":[[1817,13],[1890,12],[2169,11],[2255,11],[2391,11],[2542,12],[2571,12],[2668,11],[2989,12],[3549,11],[3806,12],[3876,11]]},"248":{"position":[[467,11],[559,11],[779,11],[3018,11],[3109,11]]},"252":{"position":[[19,11],[108,12]]},"256":{"position":[[13,12]]},"268":{"position":[[4690,11],[4731,11],[9892,10]]},"300":{"position":[[532,12]]},"304":{"position":[[228,11]]}}}],["application.y",{"_index":349,"t":{"176":{"position":[[1268,15]]}}}],["application/json",{"_index":97,"t":{"157":{"position":[[371,17]]}}}],["approach",{"_index":1632,"t":{"298":{"position":[[495,8]]}}}],["appropri",{"_index":760,"t":{"226":{"position":[[598,11]]},"234":{"position":[[1750,11]]},"236":{"position":[[421,11]]},"238":{"position":[[2153,11]]},"240":{"position":[[1107,11]]},"294":{"position":[[3001,14],[3204,14]]}}}],["approv",{"_index":290,"t":{"171":{"position":[[1005,8]]},"228":{"position":[[946,11]]},"268":{"position":[[208,8],[8188,8]]}}}],["approval_prompt",{"_index":1249,"t":{"268":{"position":[[237,15]]}}}],["apps/oauth2",{"_index":1171,"t":{"250":{"position":[[351,15]]}}}],["aren't",{"_index":1359,"t":{"268":{"position":[[11661,6]]}}}],["arg",{"_index":1036,"t":{"246":{"position":[[949,5]]}}}],["argument",{"_index":1168,"t":{"250":{"position":[[218,9]]},"266":{"position":[[19,8],[116,8]]},"272":{"position":[[19,8],[180,8]]}}}],["arm64",{"_index":28,"t":{"155":{"position":[[297,5]]}}}],["armv6",{"_index":26,"t":{"155":{"position":[[279,6]]}}}],["armv7",{"_index":27,"t":{"155":{"position":[[286,6]]}}}],["around",{"_index":493,"t":{"202":{"position":[[688,6]]}}}],["ask",{"_index":89,"t":{"157":{"position":[[256,5]]}}}],["assembl",{"_index":1228,"t":{"264":{"position":[[347,8]]}}}],["assemblynam",{"_index":1230,"t":{"264":{"position":[[390,12]]}}}],["assign",{"_index":800,"t":{"226":{"position":[[2374,6]]},"238":{"position":[[2720,8],[4184,8],[4573,6],[4634,6],[4690,7],[5115,6],[5174,8]]},"246":{"position":[[2926,11],[4073,12]]}}}],["associ",{"_index":971,"t":{"238":{"position":[[5277,10]]}}}],["assum",{"_index":1109,"t":{"248":{"position":[[526,6]]}}}],["attach",{"_index":790,"t":{"226":{"position":[[1836,8]]},"238":{"position":[[6187,6],[6661,9]]}}}],["attacksbetweem",{"_index":704,"t":{"220":{"position":[[1647,14]]}}}],["attempt",{"_index":310,"t":{"171":{"position":[[1338,10]]},"268":{"position":[[300,8]]},"276":{"position":[[99,10],[1062,8]]}}}],["attent",{"_index":147,"t":{"161":{"position":[[294,9]]}}}],["attribut",{"_index":1131,"t":{"248":{"position":[[1446,9]]},"268":{"position":[[2018,9]]},"282":{"position":[[2101,10]]}}}],["aud",{"_index":559,"t":{"204":{"position":[[1465,3]]},"238":{"position":[[1597,3],[1629,3],[2876,4],[3235,5]]},"268":{"position":[[2912,3],[7061,5],[13295,3]]}}}],["audienc",{"_index":562,"t":{"204":{"position":[[1564,9]]},"238":{"position":[[1169,10],[1200,8],[1229,8],[1545,8],[1776,9],[2533,8],[2862,8],[2924,8],[3100,8],[3150,8],[3201,9]]},"246":{"position":[[2225,9]]},"268":{"position":[[7000,8],[7052,8],[7080,8],[7114,9]]}}}],["audienceclaim",{"_index":557,"t":{"204":{"position":[[1351,14],[1375,13]]}}}],["auth",{"_index":73,"t":{"157":{"position":[[65,4]]},"171":{"position":[[630,4],[669,4]]},"182":{"position":[[412,4],[470,4]]},"194":{"position":[[633,4],[691,4]]},"226":{"position":[[1019,4],[1308,6]]},"228":{"position":[[1057,4],[1328,4],[1626,4],[1964,4],[2303,4]]},"230":{"position":[[450,4]]},"234":{"position":[[179,4]]},"236":{"position":[[65,4]]},"240":{"position":[[5,4]]},"268":{"position":[[263,4],[316,4],[598,4],[667,4],[7316,4],[7485,4],[7511,5],[7847,4],[11820,4],[11841,4],[11864,4],[11889,4],[12013,4],[12202,4],[12227,4],[12631,4],[12710,4],[12758,4],[12859,4],[13049,4]]},"274":{"position":[[519,4]]},"276":{"position":[[606,4],[790,4],[1057,4],[1473,4],[1524,4]]},"278":{"position":[[1545,4]]},"282":{"position":[[94,5],[477,4],[578,4]]},"286":{"position":[[437,4],[631,4],[912,4],[1131,5]]},"288":{"position":[[556,4],[841,4],[1111,4],[1317,4],[1670,4],[1889,4],[2003,4],[2051,4],[2179,4]]},"304":{"position":[[572,4],[633,4]]}}}],["auth/pass_basic_auth",{"_index":257,"t":{"171":{"position":[[323,20]]}}}],["auth/set_basic_auth",{"_index":263,"t":{"171":{"position":[[478,19]]}}}],["auth_cooki",{"_index":1494,"t":{"282":{"position":[[1568,12],[1630,13],[2252,13],[2305,13]]}}}],["auth_cookie_name_0",{"_index":1504,"t":{"282":{"position":[[2285,19],[2518,20]]}}}],["auth_cookie_name_1",{"_index":1505,"t":{"282":{"position":[[2323,19],[2561,20]]}}}],["auth_cookie_name_1=$auth_cookie_name_upstream_1$1",{"_index":1506,"t":{"282":{"position":[[2343,52]]}}}],["auth_cookie_name_upstream_1",{"_index":1501,"t":{"282":{"position":[[2014,28],[2463,30]]}}}],["auth_request",{"_index":1361,"t":{"268":{"position":[[11955,12],[12165,12],[12273,12]]},"282":{"position":[[10,12],[804,12],[927,12],[1538,12],[1871,12]]},"302":{"position":[[1175,12]]}}}],["auth_request_set",{"_index":1490,"t":{"282":{"position":[[1098,16],[1157,16],[1360,16],[1551,16],[1997,16],[2857,16],[3340,16]]}}}],["authent",{"_index":85,"t":{"157":{"position":[[200,14],[294,14],[458,14],[657,14]]},"176":{"position":[[444,14],[746,13],[1134,13]]},"206":{"position":[[1871,14]]},"220":{"position":[[1833,15]]},"226":{"position":[[3036,14]]},"234":{"position":[[234,14]]},"238":{"position":[[2188,14],[2208,14]]},"248":{"position":[[2935,13]]},"250":{"position":[[37,12]]},"254":{"position":[[498,13]]},"258":{"position":[[111,13]]},"268":{"position":[[142,14],[285,14],[356,14],[409,13],[442,12],[2581,12],[2667,12],[4860,12],[6263,14],[7793,15],[12661,14],[12777,14],[12891,14],[13100,14],[15173,15],[15352,14]]},"270":{"position":[[291,13]]},"274":{"position":[[419,15]]},"276":{"position":[[0,14],[113,13],[365,13],[440,12],[514,14],[1013,13]]},"282":{"position":[[49,12]]},"286":{"position":[[56,12]]},"288":{"position":[[273,13]]},"290":{"position":[[24,14]]},"292":{"position":[[802,12]]},"300":{"position":[[494,12]]},"302":{"position":[[109,14]]},"304":{"position":[[154,14],[294,14]]}}}],["authenticationprovid",{"_index":343,"t":{"176":{"position":[[994,22]]}}}],["autherror",{"_index":1437,"t":{"276":{"position":[[464,9]]}}}],["authfailur",{"_index":1435,"t":{"276":{"position":[[406,11]]}}}],["author",{"_index":261,"t":{"171":{"position":[[421,13],[536,13]]},"226":{"position":[[610,10],[692,10],[998,11]]},"234":{"position":[[67,13]]},"236":{"position":[[1031,14]]},"238":{"position":[[3725,13],[3765,13],[3811,13],[4728,10],[5379,13],[5631,9]]},"244":{"position":[[211,13]]},"246":{"position":[[1757,13],[1860,13],[1993,13],[2098,13],[2508,13],[2807,13],[3414,13],[4115,13],[4256,13]]},"248":{"position":[[3369,14]]},"258":{"position":[[3,9],[68,9],[179,9]]},"268":{"position":[[7378,13],[7438,13],[12081,13],[12111,13],[13125,13]]},"282":{"position":[[1667,13]]},"288":{"position":[[2031,13],[2207,13]]},"294":{"position":[[1292,13]]}}}],["authorizationnginx.ingress.kubernetes.io/auth",{"_index":1517,"t":{"282":{"position":[[3120,45]]}}}],["authresponsehead",{"_index":1572,"t":{"288":{"position":[[1978,20],[2154,20]]}}}],["authsuccess",{"_index":1433,"t":{"276":{"position":[[339,11],[1494,11]]}}}],["auto",{"_index":1567,"t":{"288":{"position":[[776,4]]}}}],["automat",{"_index":789,"t":{"226":{"position":[[1798,13]]},"304":{"position":[[186,13]]}}}],["automaticallyanchor",{"_index":656,"t":{"218":{"position":[[510,21]]}}}],["avail",{"_index":30,"t":{"155":{"position":[[308,10]]},"167":{"position":[[240,10]]},"171":{"position":[[85,9]]},"176":{"position":[[136,9]]},"196":{"position":[[195,9]]},"246":{"position":[[2037,9]]},"248":{"position":[[334,9]]},"270":{"position":[[737,9],[871,9],[950,9]]},"276":{"position":[[766,9]]},"278":{"position":[[618,9]]},"280":{"position":[[490,9]]},"290":{"position":[[198,9],[249,9]]},"294":{"position":[[1822,10],[2024,10],[3033,9]]}}}],["azur",{"_index":305,"t":{"171":{"position":[[1284,6]]},"206":{"position":[[660,5],[2223,6]]},"208":{"position":[[134,6]]},"224":{"position":[[226,5],[288,5]]},"228":{"position":[[59,5],[1051,5],[1322,5],[1342,6],[1533,5],[1620,5],[1841,5],[1958,5],[2297,5]]},"244":{"position":[[43,5]]},"268":{"position":[[496,5],[6523,5],[11320,6]]},"282":{"position":[[3676,7]]}}}],["azureconfig",{"_index":572,"t":{"206":{"position":[[594,11],[619,11]]}}}],["azureopt",{"_index":573,"t":{"206":{"position":[[606,12]]}}}],["b",{"_index":8,"t":{"155":{"position":[[78,2]]},"268":{"position":[[4937,1]]},"288":{"position":[[463,2],[1044,2],[1517,1]]}}}],["back",{"_index":1587,"t":{"294":{"position":[[100,4],[172,4]]}}}],["backend",{"_index":1360,"t":{"268":{"position":[[11758,8]]},"282":{"position":[[1041,8],[1352,7]]},"286":{"position":[[393,7],[659,7],[769,8],[837,8],[1279,7]]},"288":{"position":[[527,7],[812,7],[1139,7],[1345,7],[1455,8],[1527,8],[1595,8]]},"290":{"position":[[224,9],[259,8]]},"292":{"position":[[19,7],[42,7],[141,8],[366,7]]},"294":{"position":[[18,7],[2196,7],[2233,7],[2298,7],[2345,9],[3053,7]]}}}],["backport",{"_index":193,"t":{"163":{"position":[[632,8]]}}}],["backslash",{"_index":504,"t":{"202":{"position":[[872,9]]}}}],["backup",{"_index":1317,"t":{"268":{"position":[[5603,6],[5738,7]]},"274":{"position":[[266,6],[293,9],[310,6]]}}}],["balanc",{"_index":1639,"t":{"300":{"position":[[100,10],[241,8],[290,10]]}}}],["banner",{"_index":1295,"t":{"268":{"position":[[3384,6],[3412,6],[3454,7]]}}}],["bar",{"_index":674,"t":{"220":{"position":[[603,8],[641,5]]}}}],["base",{"_index":223,"t":{"165":{"position":[[505,5]]},"167":{"position":[[57,5]]},"176":{"position":[[523,5]]},"220":{"position":[[1386,7]]},"236":{"position":[[1025,5]]},"246":{"position":[[3391,5],[3929,4]]},"268":{"position":[[14640,5]]},"270":{"position":[[1243,5]]}}}],["base/dir",{"_index":699,"t":{"220":{"position":[[1467,12]]}}}],["base64",{"_index":449,"t":{"194":{"position":[[168,6]]},"212":{"position":[[213,6]]},"264":{"position":[[241,6],[302,6],[586,6]]},"268":{"position":[[1895,6]]}}}],["base64url",{"_index":1594,"t":{"294":{"position":[[457,9]]}}}],["bash",{"_index":1211,"t":{"264":{"position":[[73,4]]}}}],["basic",{"_index":256,"t":{"171":{"position":[[317,5],[472,5],[624,5]]},"182":{"position":[[406,5],[464,5]]},"194":{"position":[[627,5],[685,5]]},"268":{"position":[[592,5],[661,5],[7479,5],[7505,5],[7841,5],[8623,5],[8710,5],[12196,5],[12221,5]]}}}],["basicauthpassword",{"_index":384,"t":{"182":{"position":[[330,17],[361,17]]},"194":{"position":[[551,17],[582,17]]}}}],["baz",{"_index":675,"t":{"220":{"position":[[648,12],[690,4],[957,11]]}}}],["baz/abc/123",{"_index":685,"t":{"220":{"position":[[1021,12]]}}}],["bcrypt",{"_index":1301,"t":{"268":{"position":[[4943,6]]}}}],["bearer",{"_index":84,"t":{"157":{"position":[[181,6]]},"268":{"position":[[2834,6],[7452,6],[12125,6],[13199,6],[13260,6]]}}}],["becom",{"_index":387,"t":{"182":{"position":[[453,6]]},"194":{"position":[[674,6]]},"268":{"position":[[1314,7]]},"272":{"position":[[417,7],[481,7]]}}}],["befor",{"_index":215,"t":{"165":{"position":[[282,6]]},"169":{"position":[[0,6]]},"171":{"position":[[1488,6]]},"220":{"position":[[829,6],[1050,6]]},"268":{"position":[[5873,6]]}}}],["beforward",{"_index":516,"t":{"202":{"position":[[1494,11]]}}}],["behind",{"_index":64,"t":{"155":{"position":[[772,6]]},"268":{"position":[[11372,6]]}}}],["believ",{"_index":131,"t":{"161":{"position":[[12,7]]}}}],["beload",{"_index":378,"t":{"182":{"position":[[204,8]]},"194":{"position":[[425,8]]}}}],["belong",{"_index":415,"t":{"186":{"position":[[454,6]]},"234":{"position":[[510,6],[1535,6]]},"268":{"position":[[4013,6]]}}}],["below",{"_index":225,"t":{"165":{"position":[[541,5],[728,6],[863,5]]},"167":{"position":[[104,6],[271,5]]},"246":{"position":[[345,6]]},"264":{"position":[[50,5]]},"268":{"position":[[16334,5]]},"276":{"position":[[167,5],[324,5]]},"278":{"position":[[48,5]]},"280":{"position":[[237,6]]},"300":{"position":[[53,7]]}}}],["beoverridden",{"_index":514,"t":{"202":{"position":[[1384,12]]}}}],["bepass",{"_index":512,"t":{"202":{"position":[[1252,8]]}}}],["best",{"_index":948,"t":{"238":{"position":[[1429,4]]}}}],["between",{"_index":328,"t":{"176":{"position":[[290,7]]},"220":{"position":[[2135,7]]},"268":{"position":[[3180,7]]},"290":{"position":[[53,7]]}}}],["bewar",{"_index":214,"t":{"165":{"position":[[267,6]]},"304":{"position":[[838,6]]}}}],["big",{"_index":1601,"t":{"294":{"position":[[970,4]]}}}],["bin/dex",{"_index":1034,"t":{"246":{"position":[[848,7]]}}}],["binari",{"_index":4,"t":{"155":{"position":[[43,6],[171,6],[366,8]]}}}],["bindaddress",{"_index":354,"t":{"176":{"position":[[1377,11],[1685,11]]},"214":{"position":[[108,11],[127,11]]}}}],["bit",{"_index":1111,"t":{"248":{"position":[[823,4],[1057,3]]},"294":{"position":[[387,3],[438,3]]}}}],["bitbucket",{"_index":306,"t":{"171":{"position":[[1291,10]]},"206":{"position":[[832,9]]},"208":{"position":[[141,10]]},"224":{"position":[[345,9]]},"254":{"position":[[477,9],[594,9],[713,9]]}}}],["bitbucketconfig",{"_index":577,"t":{"206":{"position":[[754,15],[787,15]]}}}],["bitbucketopt",{"_index":578,"t":{"206":{"position":[[770,16]]}}}],["blank",{"_index":626,"t":{"214":{"position":[[186,5],[315,5]]}}}],["block",{"_index":507,"t":{"202":{"position":[[958,6],[1040,5]]},"246":{"position":[[625,5]]},"276":{"position":[[294,5]]}}}],["bodi",{"_index":708,"t":{"220":{"position":[[1825,4]]},"282":{"position":[[842,4]]}}}],["bool",{"_index":319,"t":{"174":{"position":[[56,4]]},"190":{"position":[[329,4]]},"192":{"position":[[281,4]]},"204":{"position":[[166,4],[322,4],[501,4],[849,4]]},"220":{"position":[[1502,4],[1725,4],[2250,4],[2387,4]]},"222":{"position":[[131,4]]},"268":{"position":[[276,4],[1412,4],[1927,4],[2091,4],[2471,4],[2711,4],[3258,4],[3312,4],[4722,4],[5404,4],[5566,4],[6326,4],[6440,4],[6590,4],[7188,4],[7399,4],[7490,4],[7640,4],[7901,4],[7972,4],[9059,4],[9794,4],[10427,4],[10546,4],[11159,4],[11352,4],[11602,4],[11809,4],[12102,4],[12207,4],[12320,4],[12559,4],[12646,4],[13068,4],[13213,4],[13400,4],[13544,4],[13650,4],[13766,4],[13865,4]]}}}],["boolean",{"_index":428,"t":{"190":{"position":[[372,7]]}}}],["both",{"_index":351,"t":{"176":{"position":[[1302,4],[1610,4]]},"218":{"position":[[291,5]]},"238":{"position":[[3013,4]]},"282":{"position":[[2405,4]]}}}],["bracket",{"_index":1306,"t":{"268":{"position":[[5149,8],[5315,8]]}}}],["break",{"_index":205,"t":{"165":{"position":[[89,8]]}}}],["brief",{"_index":975,"t":{"238":{"position":[[5482,5]]}}}],["bring",{"_index":146,"t":{"161":{"position":[[281,5]]}}}],["brows",{"_index":233,"t":{"165":{"position":[[842,6]]}}}],["browser",{"_index":1156,"t":{"248":{"position":[[2922,8]]},"268":{"position":[[1366,7],[16186,8]]},"294":{"position":[[868,7],[1358,8]]}}}],["browserxssfilt",{"_index":1550,"t":{"286":{"position":[[975,17]]},"288":{"position":[[1733,17]]}}}],["bs=32",{"_index":1218,"t":{"264":{"position":[[213,5]]}}}],["buffer",{"_index":716,"t":{"220":{"position":[[2165,6]]},"268":{"position":[[3206,7]]}}}],["build",{"_index":9,"t":{"155":{"position":[[81,5]]},"178":{"position":[[243,8]]},"248":{"position":[[2563,6],[2581,5]]},"298":{"position":[[962,8]]}}}],["built",{"_index":1018,"t":{"246":{"position":[[157,5]]}}}],["bundl",{"_index":1132,"t":{"248":{"position":[[1456,7]]}}}],["button",{"_index":1375,"t":{"268":{"position":[[13537,6]]}}}],["button=tru",{"_index":1140,"t":{"248":{"position":[[1902,11]]}}}],["bypass",{"_index":1371,"t":{"268":{"position":[[12770,6],[12884,6],[13405,6],[15345,6]]}}}],["bysom",{"_index":654,"t":{"218":{"position":[[457,6]]}}}],["byte",{"_index":447,"t":{"194":{"position":[[145,6]]},"212":{"position":[[190,6]]},"264":{"position":[[581,4],[633,6]]},"278":{"position":[[1215,5]]}}}],["c",{"_index":18,"t":{"155":{"position":[[193,2],[541,1]]},"264":{"position":[[115,1]]}}}],["c=us/st=washington/l=dc/o=gsa/ou=18f/cn=localhost",{"_index":1128,"t":{"248":{"position":[[1193,53]]}}}],["ca",{"_index":278,"t":{"171":{"position":[[865,2]]},"206":{"position":[[1707,2]]},"268":{"position":[[8269,2],[8300,2]]}}}],["cafil",{"_index":600,"t":{"206":{"position":[[1660,7],[1677,7]]}}}],["call",{"_index":421,"t":{"190":{"position":[[193,5]]},"226":{"position":[[1923,6],[2468,5]]},"268":{"position":[[4484,5]]}}}],["callback",{"_index":877,"t":{"234":{"position":[[81,8]]},"246":{"position":[[594,10]]},"252":{"position":[[121,8]]},"254":{"position":[[28,9]]},"302":{"position":[[963,8]]}}}],["caller",{"_index":473,"t":{"200":{"position":[[705,6]]}}}],["capitalis",{"_index":1417,"t":{"272":{"position":[[108,12]]}}}],["captur",{"_index":670,"t":{"220":{"position":[[507,8],[699,7],[885,7]]}}}],["case",{"_index":98,"t":{"157":{"position":[[398,4]]},"161":{"position":[[533,4]]},"220":{"position":[[1214,4]]},"248":{"position":[[3451,5]]},"250":{"position":[[839,5]]},"260":{"position":[[90,4]]},"268":{"position":[[13510,4]]},"294":{"position":[[2841,5]]}}}],["caseadd",{"_index":1229,"t":{"264":{"position":[[376,7]]}}}],["caveat",{"_index":1610,"t":{"294":{"position":[[2035,7]]}}}],["center",{"_index":746,"t":{"226":{"position":[[230,6],[318,6],[425,6]]}}}],["cert",{"_index":636,"t":{"216":{"position":[[260,4],[278,4]]},"268":{"position":[[14005,4]]},"298":{"position":[[65,4],[306,4]]}}}],["cert.pem",{"_index":1123,"t":{"248":{"position":[[1160,8]]}}}],["certif",{"_index":358,"t":{"176":{"position":[[1480,11],[1788,11]]},"206":{"position":[[1710,12]]},"214":{"position":[[400,11]]},"216":{"position":[[68,11],[294,11]]},"228":{"position":[[1182,12]]},"248":{"position":[[1008,11]]},"268":{"position":[[8303,12],[13674,12],[13790,12],[14030,11]]}}}],["certresolv",{"_index":1539,"t":{"286":{"position":[[447,13],[672,13]]},"288":{"position":[[624,13],[907,13],[1152,13],[1358,13]]}}}],["challeng",{"_index":613,"t":{"206":{"position":[[2500,9]]},"238":{"position":[[544,9]]},"268":{"position":[[876,9],[914,10]]}}}],["chang",{"_index":206,"t":{"165":{"position":[[98,7],[202,8]]},"176":{"position":[[283,6]]},"204":{"position":[[783,6]]},"240":{"position":[[82,8]]},"252":{"position":[[651,6]]},"268":{"position":[[1531,7]]},"302":{"position":[[150,7]]}}}],["channel",{"_index":1283,"t":{"268":{"position":[[2761,7]]}}}],["charact",{"_index":495,"t":{"202":{"position":[[709,10],[916,10],[1076,10]]}}}],["check",{"_index":75,"t":{"157":{"position":[[80,7]]},"218":{"position":[[134,7]]},"226":{"position":[[2723,7],[2986,7]]},"228":{"position":[[157,5]]},"238":{"position":[[6760,5]]},"268":{"position":[[8636,6],[8723,6],[8740,5],[8830,6]]},"302":{"position":[[391,6]]}}}],["checkedaft",{"_index":539,"t":{"204":{"position":[[655,12]]}}}],["checksum",{"_index":41,"t":{"155":{"position":[[458,8]]}}}],["chomp",{"_index":506,"t":{"202":{"position":[[949,8]]}}}],["choos",{"_index":0,"t":{"155":{"position":[[0,6]]},"176":{"position":[[1288,6],[1596,6]]},"226":{"position":[[108,6],[243,6],[290,6],[331,6],[438,6],[501,6],[526,6],[581,6],[805,6],[1315,6],[2303,6],[2559,6]]},"228":{"position":[[52,6]]},"238":{"position":[[6301,6]]}}}],["cidr",{"_index":1389,"t":{"268":{"position":[[15321,4]]}}}],["cipher",{"_index":642,"t":{"216":{"position":[[530,6],[663,6],[697,6]]},"268":{"position":[[14053,6],[14094,6],[14240,6],[14275,6]]},"298":{"position":[[797,6],[839,6],[1027,6]]}}}],["ciphersuit",{"_index":641,"t":{"216":{"position":[[478,12],[500,12]]}}}],["claim",{"_index":377,"t":{"182":{"position":[[75,5],[123,5],[136,5],[161,5],[393,5],[442,5]]},"194":{"position":[[344,5],[357,5],[382,5],[614,5],[663,5]]},"204":{"position":[[561,5],[1101,5],[1201,5],[1302,5],[1410,5],[1469,5]]},"224":{"position":[[477,7],[508,5]]},"236":{"position":[[361,5]]},"238":{"position":[[1115,5],[1601,5],[1633,5],[1799,6],[3241,5],[5819,5],[5890,5]]},"246":{"position":[[1782,6]]},"268":{"position":[[6636,5],[6851,5],[6875,5],[6929,5],[6953,5],[7009,5],[7033,5]]}}}],["claim/user_id_claim",{"_index":294,"t":{"171":{"position":[[1067,19]]}}}],["claimsourc",{"_index":375,"t":{"182":{"position":[[26,11]]},"212":{"position":[[13,12]]}}}],["clear",{"_index":1661,"t":{"302":{"position":[[704,6],[759,5]]}}}],["click",{"_index":780,"t":{"226":{"position":[[1328,5]]},"228":{"position":[[117,5],[398,5],[523,5],[616,5]]},"230":{"position":[[199,5]]},"238":{"position":[[2169,5],[2667,8],[2822,5],[3458,8]]},"246":{"position":[[1983,5],[2647,5]]}}}],["client",{"_index":271,"t":{"171":{"position":[[712,6],[732,6],[765,6]]},"204":{"position":[[1445,6],[1630,6]]},"206":{"position":[[140,6],[269,6],[441,6]]},"226":{"position":[[515,6],[838,6],[852,6],[1265,6],[1527,6],[2453,6]]},"228":{"position":[[1232,6],[1456,6],[1497,6],[1764,6],[1805,6]]},"230":{"position":[[239,6],[250,6],[349,6],[390,6]]},"236":{"position":[[103,6],[292,6],[460,6],[498,6]]},"238":{"position":[[27,6],[58,6],[454,6],[524,6],[822,6],[885,6],[1046,6],[1193,6],[1250,6],[1370,6],[1511,6],[1750,6],[1889,7],[1928,6],[1957,6],[1982,6],[2047,6],[2054,6],[2083,6],[2181,6],[2558,6],[2582,7],[2615,6],[2729,6],[2813,8],[2917,6],[3194,6],[3425,6],[3919,6],[4097,6],[4134,6],[4253,6],[4457,6],[4481,7],[4546,7],[4668,7],[4796,7],[4959,6],[4984,7],[5017,6],[5525,6],[5714,6],[6144,6],[6205,7],[6213,7],[6246,6],[6267,6],[6343,6],[6890,7],[6923,6]]},"240":{"position":[[748,6],[777,6]]},"246":{"position":[[1011,6],[1034,6],[2891,6],[2905,6],[4169,6],[4183,6]]},"248":{"position":[[1587,6],[3565,6],[3589,6]]},"250":{"position":[[414,6],[428,6],[548,6],[582,6]]},"252":{"position":[[338,6],[352,6],[442,6],[466,6]]},"254":{"position":[[275,6],[289,6],[376,6],[400,6]]},"256":{"position":[[175,6],[189,6],[355,6],[405,6]]},"268":{"position":[[681,6],[708,6],[762,6],[793,6],[809,6],[855,6],[5133,8],[5299,8],[9173,6],[9241,7],[13317,6],[15455,6]]},"276":{"position":[[677,11],[833,6],[1408,7]]},"278":{"position":[[413,11],[688,6],[1480,7]]},"288":{"position":[[2276,6],[2307,6]]},"292":{"position":[[187,6],[340,6],[481,6]]},"294":{"position":[[109,6]]},"298":{"position":[[435,6],[453,6]]},"300":{"position":[[1424,6],[1442,6]]}}}],["client'",{"_index":908,"t":{"236":{"position":[[518,8]]},"238":{"position":[[43,8],[78,8],[1576,8],[2099,8],[2493,8],[2599,8],[2682,8],[2894,8],[2946,8],[4498,8],[4855,8],[5001,8],[5040,8],[6230,8],[6907,8]]}}}],["client/remot",{"_index":1442,"t":{"276":{"position":[[858,13]]},"278":{"position":[[713,13]]}}}],["client_id",{"_index":1071,"t":{"246":{"position":[[3499,9],[4564,13]]},"256":{"position":[[368,9]]}}}],["client_secret",{"_index":1072,"t":{"246":{"position":[[3513,13]]},"256":{"position":[[422,13]]}}}],["client_session_idl",{"_index":1621,"t":{"294":{"position":[[2592,20]]}}}],["clientid",{"_index":565,"t":{"206":{"position":[[102,8],[118,8]]}}}],["clientsecret",{"_index":567,"t":{"206":{"position":[[223,12],[243,12],[475,12]]}}}],["clientsecretfil",{"_index":568,"t":{"206":{"position":[[356,16],[380,16]]}}}],["close",{"_index":1261,"t":{"268":{"position":[[1377,7]]}}}],["closest",{"_index":665,"t":{"220":{"position":[[364,7]]}}}],["cloud",{"_index":1148,"t":{"248":{"position":[[2259,5]]},"300":{"position":[[80,5]]}}}],["cloud/dock",{"_index":1144,"t":{"248":{"position":[[2179,12]]}}}],["cluster",{"_index":1347,"t":{"268":{"position":[[9509,7],[9561,7],[9650,7],[10419,7],[10449,8],[10475,7]]},"294":{"position":[[3022,7],[3180,7]]}}}],["cluster=tru",{"_index":1624,"t":{"294":{"position":[[3129,12],[3277,12]]}}}],["code",{"_index":612,"t":{"206":{"position":[[2495,4]]},"220":{"position":[[2005,4]]},"238":{"position":[[539,4]]},"246":{"position":[[2821,4],[4129,4]]},"268":{"position":[[871,4],[909,4]]},"278":{"position":[[1269,4]]}}}],["code_challenge_method",{"_index":611,"t":{"206":{"position":[[2462,21]]}}}],["codematch",{"_index":709,"t":{"220":{"position":[[1864,12]]}}}],["collabor",{"_index":172,"t":{"163":{"position":[[161,12]]},"186":{"position":[[217,13],[494,13]]},"234":{"position":[[310,13],[550,14],[934,13],[1104,13],[1456,13],[1575,14]]},"268":{"position":[[3749,13],[3873,13],[4053,13]]}}}],["collaboratorsit",{"_index":412,"t":{"186":{"position":[[315,15]]}}}],["collect",{"_index":621,"t":{"210":{"position":[[62,10]]},"222":{"position":[[47,10]]}}}],["combin",{"_index":1391,"t":{"268":{"position":[[15403,8]]},"274":{"position":[[675,8]]}}}],["come",{"_index":635,"t":{"216":{"position":[[242,4],[338,4]]},"238":{"position":[[4045,5]]}}}],["comma",{"_index":888,"t":{"234":{"position":[[889,5],[1605,5],[1669,5]]},"240":{"position":[[1025,5]]},"268":{"position":[[3049,5],[3703,5],[4169,5]]},"270":{"position":[[1057,5]]},"306":{"position":[[168,5],[230,5],[292,5]]}}}],["command",{"_index":58,"t":{"155":{"position":[[701,7]]},"250":{"position":[[205,7]]},"252":{"position":[[693,7]]},"262":{"position":[[35,7],[135,7]]},"264":{"position":[[56,9]]},"266":{"position":[[6,7]]},"272":{"position":[[6,7],[365,7]]},"274":{"position":[[140,8]]},"294":{"position":[[731,8]]},"298":{"position":[[135,7]]},"300":{"position":[[1172,7]]}}}],["commandlin",{"_index":1155,"t":{"248":{"position":[[2830,12]]}}}],["common",{"_index":364,"t":{"178":{"position":[[99,6],[152,8]]},"244":{"position":[[204,6]]},"268":{"position":[[543,6],[581,8]]}}}],["commun",{"_index":115,"t":{"159":{"position":[[23,9]]}}}],["compat",{"_index":1329,"t":{"268":{"position":[[6542,14]]}}}],["complet",{"_index":956,"t":{"238":{"position":[[2120,8]]},"292":{"position":[[405,10]]},"298":{"position":[[1000,8]]}}}],["compos",{"_index":150,"t":{"161":{"position":[[353,7]]},"294":{"position":[[230,8]]}}}],["compress",{"_index":1313,"t":{"268":{"position":[[5395,8],[5437,10]]},"274":{"position":[[332,10],[354,10]]}}}],["compris",{"_index":1596,"t":{"294":{"position":[[565,9]]}}}],["concurr",{"_index":1584,"t":{"292":{"position":[[628,12]]}}}],["confident",{"_index":902,"t":{"236":{"position":[[150,13]]}}}],["confidenti",{"_index":941,"t":{"238":{"position":[[869,15]]}}}],["config",{"_index":57,"t":{"155":{"position":[[688,6]]},"165":{"position":[[691,6]]},"167":{"position":[[159,6],[200,6]]},"169":{"position":[[30,6],[82,6],[179,6],[197,6],[487,7],[516,6],[551,6]]},"171":{"position":[[1394,6],[1414,6],[1530,6]]},"240":{"position":[[495,6]]},"246":{"position":[[3684,6],[4346,6],[4845,6]]},"252":{"position":[[545,6]]},"262":{"position":[[82,6]]},"266":{"position":[[50,6],[162,6],[235,6]]},"268":{"position":[[993,6],[1015,6],[10938,6]]},"270":{"position":[[1173,6]]},"282":{"position":[[2906,6]]},"294":{"position":[[3503,6]]},"300":{"position":[[46,6],[645,6]]},"302":{"position":[[182,6]]}}}],["config=/etc/oauth2",{"_index":1245,"t":{"266":{"position":[[307,18]]}}}],["configur",{"_index":55,"t":{"155":{"position":[[659,9],[748,9]]},"157":{"position":[[518,10],[698,14]]},"165":{"position":[[303,13],[359,13],[447,13],[511,13],[587,14],[639,14],[671,14],[898,13]]},"167":{"position":[[21,14]]},"169":{"position":[[123,13],[318,13],[406,13]]},"171":{"position":[[112,14]]},"176":{"position":[[39,13],[169,13],[402,9],[634,9],[869,9],[1225,9],[1464,9],[1547,9],[1772,9],[1850,9]]},"178":{"position":[[200,10]]},"200":{"position":[[48,13]]},"206":{"position":[[43,13],[556,14],[641,14],[720,14],[813,14],[902,14],[989,14],[1075,14],[1155,14],[1213,15],[1285,14]]},"214":{"position":[[49,13],[454,13]]},"220":{"position":[[53,13]]},"222":{"position":[[309,13]]},"224":{"position":[[105,9],[409,13]]},"228":{"position":[[1289,9]]},"230":{"position":[[268,9],[306,9]]},"238":{"position":[[1526,10],[2294,14],[2415,14],[2511,9],[2828,9],[3385,14],[3504,13]]},"246":{"position":[[360,9],[611,13],[1535,9],[1747,9],[1847,9],[2372,9],[3011,13],[3531,10]]},"250":{"position":[[165,14]]},"252":{"position":[[304,10]]},"254":{"position":[[442,13],[570,13]]},"262":{"position":[[20,10],[234,13]]},"268":{"position":[[393,13],[2977,13],[9917,15],[11257,13],[13491,10],[13985,13]]},"270":{"position":[[180,10],[511,10],[775,10],[1031,10]]},"272":{"position":[[339,13]]},"274":{"position":[[67,10],[183,9],[589,12]]},"276":{"position":[[582,9],[654,10]]},"278":{"position":[[315,9],[390,10]]},"280":{"position":[[134,13],[349,9],[425,10]]},"282":{"position":[[2798,13],[3744,10]]},"286":{"position":[[295,14]]},"288":{"position":[[240,10]]},"294":{"position":[[1000,9],[2793,9],[2915,9],[3152,9]]},"296":{"position":[[26,15]]},"298":{"position":[[0,9],[176,13],[481,13],[713,11]]},"300":{"position":[[0,9],[1213,13]]},"302":{"position":[[935,10]]},"304":{"position":[[971,13]]},"306":{"position":[[86,10]]}}}],["conflict",{"_index":1585,"t":{"292":{"position":[[768,9]]}}}],["conjunct",{"_index":344,"t":{"176":{"position":[[1020,11]]},"228":{"position":[[2056,11]]},"268":{"position":[[7817,11],[9621,11],[10209,11],[10369,11]]}}}],["connect",{"_index":519,"t":{"204":{"position":[[87,7],[993,7]]},"206":{"position":[[1748,10]]},"224":{"position":[[304,7],[556,7]]},"238":{"position":[[909,8],[2074,8]]},"246":{"position":[[7,7],[227,7],[271,7],[2635,7]]},"248":{"position":[[869,7],[913,8]]},"268":{"position":[[6683,7],[8341,10],[9517,10],[9569,10],[9666,10],[9826,10],[9975,10],[10071,11],[10264,10],[10317,10],[10432,7],[10483,10],[10551,7],[10642,10],[10692,10],[10726,10],[10815,10],[10972,10],[11021,10]]},"294":{"position":[[2704,10],[2732,10],[2985,10],[3188,10],[3376,10],[3537,10],[3586,10]]},"300":{"position":[[414,11]]},"302":{"position":[[455,11],[491,9]]}}}],["connect/auth",{"_index":912,"t":{"236":{"position":[[615,13]]}}}],["connect/token",{"_index":913,"t":{"236":{"position":[[710,14]]}}}],["connect/userinfo",{"_index":914,"t":{"236":{"position":[[807,17],[908,17]]}}}],["consent",{"_index":479,"t":{"202":{"position":[[165,7],[333,7]]},"226":{"position":[[345,7]]},"228":{"position":[[702,7],[810,7],[837,7]]}}}],["consent#th",{"_index":858,"t":{"228":{"position":[[2238,11]]}}}],["consid",{"_index":327,"t":{"176":{"position":[[256,10]]},"202":{"position":[[889,10]]}}}],["consol",{"_index":868,"t":{"230":{"position":[[29,7]]},"238":{"position":[[610,7],[658,7],[706,7],[803,7],[1282,7],[1407,8],[6856,7]]}}}],["consult",{"_index":950,"t":{"238":{"position":[[1466,7]]}}}],["consum",{"_index":1012,"t":{"242":{"position":[[353,8],[380,8]]},"254":{"position":[[16,8]]}}}],["contact",{"_index":1099,"t":{"248":{"position":[[96,7],[135,7]]}}}],["contain",{"_index":198,"t":{"165":{"position":[[17,8]]},"176":{"position":[[13,8]]},"192":{"position":[[561,8]]},"194":{"position":[[315,10]]},"204":{"position":[[1107,8],[1207,8],[1308,8]]},"212":{"position":[[360,10]]},"214":{"position":[[359,8]]},"216":{"position":[[25,8]]},"246":{"position":[[1466,9],[4746,10]]},"248":{"position":[[2508,8]]},"268":{"position":[[6881,8],[6959,8],[7039,8],[12391,7]]},"276":{"position":[[53,7],[305,7]]},"282":{"position":[[2217,7]]}}}],["content",{"_index":983,"t":{"238":{"position":[[7093,9]]},"248":{"position":[[1251,8]]},"282":{"position":[[864,7],[2240,8]]}}}],["contenttypenosniff",{"_index":1551,"t":{"286":{"position":[[998,19]]},"288":{"position":[[1756,19]]}}}],["contrib",{"_index":1244,"t":{"266":{"position":[[257,7]]}}}],["control",{"_index":1357,"t":{"268":{"position":[[11396,8]]},"294":{"position":[[1623,8]]}}}],["convert",{"_index":238,"t":{"169":{"position":[[74,7],[106,7],[171,7],[244,7]]},"182":{"position":[[379,8]]},"194":{"position":[[600,8]]}}}],["convolut",{"_index":500,"t":{"202":{"position":[[798,11]]}}}],["cooki",{"_index":78,"t":{"157":{"position":[[112,6],[122,6],[543,8],[570,6]]},"226":{"position":[[933,6]]},"228":{"position":[[2336,6],[2374,6]]},"230":{"position":[[483,6],[521,6]]},"240":{"position":[[570,6],[814,6]]},"246":{"position":[[1147,6],[1167,6],[3618,7]]},"248":{"position":[[1729,6],[1811,6],[1861,6],[3847,6]]},"264":{"position":[[21,6]]},"268":{"position":[[1029,6],[1066,6],[1090,7],[1203,6],[1242,6],[1286,7],[1307,6],[1332,6],[1396,6],[1430,6],[1449,6],[1484,6],[1548,6],[1590,6],[1630,6],[1661,6],[1682,7],[1712,6],[1748,6],[1827,6],[1875,7],[1913,6],[1956,6],[1975,6],[2011,6],[2067,6],[2125,7],[2200,6],[2254,6],[11587,6],[11631,6],[11675,7],[11776,6],[11783,6],[15840,6]]},"272":{"position":[[398,6]]},"282":{"position":[[1487,6],[1623,6],[1710,7],[1847,7],[1914,7],[1979,7],[2094,6],[2131,6],[2233,6],[2414,6],[2511,6],[2554,6],[3475,8],[3728,6],[3761,6],[3810,6],[3929,6]]},"290":{"position":[[122,6],[309,6]]},"292":{"position":[[4,6],[126,6],[199,7],[426,7],[518,6],[579,6]]},"294":{"position":[[139,6],[196,6],[326,6],[901,6],[1027,6],[1046,6],[1082,6],[1124,6],[1168,6],[1188,7],[1600,7],[2396,6]]},"298":{"position":[[373,6],[395,6]]},"300":{"position":[[1339,6],[1361,6]]},"302":{"position":[[711,8],[777,6]]},"304":{"position":[[103,8]]}}}],["cookie_expir",{"_index":1619,"t":{"294":{"position":[[2535,13]]}}}],["cookie_refresh",{"_index":1618,"t":{"294":{"position":[[2490,14]]}}}],["cookie_secret",{"_index":1073,"t":{"246":{"position":[[3589,13]]},"264":{"position":[[681,15]]}}}],["cookienam",{"_index":1589,"t":{"294":{"position":[[257,12],[301,10],[541,12]]}}}],["copi",{"_index":243,"t":{"169":{"position":[[343,4]]},"248":{"position":[[2600,4]]},"282":{"position":[[1825,6]]}}}],["coreo",{"_index":1019,"t":{"246":{"position":[[171,6]]}}}],["corp.com\"]client_id",{"_index":1063,"t":{"246":{"position":[[3240,20]]}}}],["corpor",{"_index":129,"t":{"159":{"position":[[218,9]]}}}],["correct",{"_index":879,"t":{"234":{"position":[[104,7]]},"246":{"position":[[545,7]]},"256":{"position":[[110,7]]}}}],["correctli",{"_index":862,"t":{"228":{"position":[[2425,10]]},"230":{"position":[[572,10]]},"288":{"position":[[382,9]]}}}],["count=1",{"_index":1219,"t":{"264":{"position":[[219,7]]}}}],["coupl",{"_index":1616,"t":{"294":{"position":[[2413,6]]}}}],["cours",{"_index":1608,"t":{"294":{"position":[[1938,7]]}}}],["cover",{"_index":1473,"t":{"280":{"position":[[30,7]]}}}],["creat",{"_index":184,"t":{"163":{"position":[[480,6]]},"226":{"position":[[40,6],[812,8],[1078,6],[2293,6],[2549,6]]},"228":{"position":[[253,6]]},"232":{"position":[[0,6]]},"234":{"position":[[0,6],[1350,7]]},"236":{"position":[[92,6],[299,6],[487,8],[1461,6]]},"238":{"position":[[811,6],[1053,6],[1136,6],[1349,6],[1944,8],[1964,6],[2040,6],[3561,6],[4348,8],[4397,6],[4446,8],[4523,6],[5503,8],[5701,6],[6131,8],[6438,6],[6480,6]]},"242":{"position":[[42,6]]},"246":{"position":[[2653,6],[3002,6],[3791,6]]},"248":{"position":[[443,6],[2429,6]]},"252":{"position":[[0,6]]},"256":{"position":[[0,6]]},"268":{"position":[[1512,8],[4914,7]]}}}],["credenti",{"_index":426,"t":{"190":{"position":[[284,11],[415,11]]},"226":{"position":[[297,13],[445,13],[478,12],[1170,11],[1603,11],[1736,12]]},"230":{"position":[[294,11]]},"236":{"position":[[270,10]]},"238":{"position":[[1024,10],[2440,11]]},"268":{"position":[[4665,11],[4710,11],[4751,11]]}}}],["crypto/tl",{"_index":649,"t":{"216":{"position":[[731,10]]},"268":{"position":[[14309,10]]},"298":{"position":[[914,10],[1062,11]]}}}],["csrf",{"_index":1274,"t":{"268":{"position":[[2074,4],[2120,4],[2207,4],[2249,4]]}}}],["current",{"_index":5,"t":{"155":{"position":[[50,8]]},"224":{"position":[[517,9]]},"246":{"position":[[1228,7]]},"268":{"position":[[6499,10]]},"298":{"position":[[735,9],[932,9]]}}}],["custom",{"_index":943,"t":{"238":{"position":[[1222,6],[3143,6],[5844,9]]},"246":{"position":[[2091,6]]},"268":{"position":[[2267,6],[2303,6],[2327,6],[2374,6],[3398,6],[3478,6]]},"282":{"position":[[3803,6]]},"298":{"position":[[508,13]]}}}],["cycl",{"_index":1663,"t":{"302":{"position":[[844,5],[906,6]]}}}],["d",{"_index":31,"t":{"155":{"position":[[319,2]]},"264":{"position":[[254,1]]}}}],["danger",{"_index":196,"t":{"165":{"position":[[0,6]]},"176":{"position":[[211,6]]}}}],["dashboard",{"_index":745,"t":{"226":{"position":[[220,9]]},"248":{"position":[[496,10],[798,10]]}}}],["data",{"_index":633,"t":{"216":{"position":[[210,4],[306,4]]},"236":{"position":[[1355,4]]},"248":{"position":[[426,4]]},"268":{"position":[[11745,4]]},"278":{"position":[[1392,4]]},"290":{"position":[[179,4]]},"292":{"position":[[550,4],[586,5]]}}}],["date",{"_index":1453,"t":{"276":{"position":[[1310,4]]},"278":{"position":[[1332,4]]},"280":{"position":[[602,4]]}}}],["day",{"_index":1124,"t":{"248":{"position":[[1170,4]]},"268":{"position":[[5693,4]]}}}],["dd",{"_index":1216,"t":{"264":{"position":[[194,2]]}}}],["debug",{"_index":1363,"t":{"268":{"position":[[12305,5]]}}}],["decim",{"_index":397,"t":{"184":{"position":[[153,7]]}}}],["decod",{"_index":1233,"t":{"264":{"position":[[620,6]]}}}],["decreas",{"_index":1206,"t":{"262":{"position":[[98,10]]}}}],["dedic",{"_index":953,"t":{"238":{"position":[[1916,11],[2523,9],[2641,9],[2695,10],[2775,10],[3415,9],[3467,9],[5053,9]]}}}],["deep",{"_index":1338,"t":{"268":{"position":[[8818,4]]}}}],["default",{"_index":430,"t":{"190":{"position":[[407,7]]},"200":{"position":[[176,9],[207,7],[431,7],[513,7],[637,7]]},"202":{"position":[[68,8],[226,7],[1170,7],[1198,7],[1218,7],[1363,7]]},"204":{"position":[[804,7],[1457,7]]},"206":{"position":[[1549,7],[1797,7]]},"216":{"position":[[647,7]]},"224":{"position":[[218,7]]},"226":{"position":[[1162,7],[1595,7],[1728,7]]},"228":{"position":[[2108,9],[2250,7]]},"238":{"position":[[680,8],[1290,8],[4339,8]]},"242":{"position":[[146,7]]},"244":{"position":[[196,7]]},"246":{"position":[[576,7],[1927,7],[2415,7],[2863,8],[4248,7]]},"252":{"position":[[575,8]]},"254":{"position":[[434,7]]},"268":{"position":[[24,7],[2433,7],[2749,7],[3446,7],[3526,7],[4390,9],[4702,7],[4743,7],[8391,7],[14224,7],[16039,8],[16110,7]]},"274":{"position":[[3,8],[627,7]]},"276":{"position":[[152,7],[636,7]]},"278":{"position":[[33,7],[372,7]]},"280":{"position":[[219,7],[407,7]]},"286":{"position":[[461,7],[686,7]]},"288":{"position":[[638,7],[921,7],[1166,7],[1372,7]]},"290":{"position":[[316,9]]},"292":{"position":[[34,7]]},"294":{"position":[[356,8]]},"298":{"position":[[635,8],[900,8]]},"300":{"position":[[168,8],[763,7]]},"302":{"position":[[620,7]]}}}],["defin",{"_index":333,"t":{"176":{"position":[[550,7]]},"204":{"position":[[1399,6]]},"206":{"position":[[158,7],[291,7],[1953,7]]},"212":{"position":[[140,7]]},"236":{"position":[[1511,6]]},"238":{"position":[[3447,7],[4126,7],[6020,7]]},"260":{"position":[[48,6]]}}}],["definit",{"_index":622,"t":{"210":{"position":[[76,11]]},"222":{"position":[[61,11]]}}}],["delay",{"_index":189,"t":{"163":{"position":[[571,5]]}}}],["delet",{"_index":1605,"t":{"294":{"position":[[1343,7]]}}}],["demo",{"_index":1108,"t":{"248":{"position":[[512,5]]}}}],["demonstr",{"_index":158,"t":{"161":{"position":[[558,11]]}}}],["depend",{"_index":111,"t":{"157":{"position":[[680,10]]},"161":{"position":[[85,13]]},"163":{"position":[[339,14]]},"250":{"position":[[228,9]]},"268":{"position":[[8543,8]]},"302":{"position":[[1239,12]]}}}],["deploy",{"_index":1,"t":{"155":{"position":[[14,7],[765,6]]},"226":{"position":[[1754,8],[1867,8],[2005,8]]},"248":{"position":[[3075,11]]}}}],["deprec",{"_index":1370,"t":{"268":{"position":[[12735,11]]}}}],["describ",{"_index":207,"t":{"165":{"position":[[172,9]]},"167":{"position":[[77,9]]},"246":{"position":[[2156,8]]}}}],["descript",{"_index":317,"t":{"174":{"position":[[34,11]]},"176":{"position":[[334,11]]},"178":{"position":[[34,11]]},"180":{"position":[[34,11]]},"182":{"position":[[111,11]]},"186":{"position":[[34,11]]},"188":{"position":[[34,11]]},"190":{"position":[[34,11]]},"192":{"position":[[129,11]]},"194":{"position":[[127,11]]},"196":{"position":[[34,11]]},"198":{"position":[[34,11]]},"202":{"position":[[1098,11]]},"204":{"position":[[34,11]]},"206":{"position":[[90,11]]},"212":{"position":[[172,11]]},"214":{"position":[[96,11]]},"216":{"position":[[162,11]]},"218":{"position":[[308,11]]},"220":{"position":[[182,11]]},"222":{"position":[[106,11]]},"238":{"position":[[2760,11],[5488,11]]},"246":{"position":[[2324,11]]},"252":{"position":[[71,11]]},"268":{"position":[[12,11]]},"276":{"position":[[821,11]]},"278":{"position":[[676,11]]},"280":{"position":[[549,11]]}}}],["deselect",{"_index":957,"t":{"238":{"position":[[2274,10]]}}}],["desir",{"_index":444,"t":{"192":{"position":[[574,7]]}}}],["detail",{"_index":141,"t":{"161":{"position":[[167,7],[457,6]]},"165":{"position":[[122,8],[336,7]]},"228":{"position":[[2273,8]]},"246":{"position":[[508,8]]},"268":{"position":[[12330,8]]},"276":{"position":[[1042,7],[1552,8]]},"280":{"position":[[751,7]]}}}],["determin",{"_index":437,"t":{"192":{"position":[[307,10]]},"218":{"position":[[145,9]]},"220":{"position":[[1981,10],[2270,10]]},"268":{"position":[[9212,9]]},"288":{"position":[[362,9]]}}}],["dev.yaml",{"_index":1028,"t":{"246":{"position":[[679,9],[878,8]]}}}],["develop",{"_index":1078,"t":{"246":{"position":[[3737,9]]},"248":{"position":[[315,9]]}}}],["dex",{"_index":1020,"t":{"246":{"position":[[178,3],[352,4],[392,4],[435,4],[802,4],[1521,4]]}}}],["differ",{"_index":498,"t":{"202":{"position":[[759,9]]},"208":{"position":[[77,9]]},"226":{"position":[[2685,9]]},"268":{"position":[[2110,9],[6474,6]]},"274":{"position":[[381,9]]},"276":{"position":[[546,9]]},"278":{"position":[[279,9]]},"280":{"position":[[313,9]]}}}],["digitalocean",{"_index":616,"t":{"208":{"position":[[152,12]]},"224":{"position":[[332,12]]}}}],["dir",{"_index":1278,"t":{"268":{"position":[[2284,3]]}}}],["dir\",th",{"_index":698,"t":{"220":{"position":[[1427,10]]}}}],["direct",{"_index":363,"t":{"178":{"position":[[67,7]]},"238":{"position":[[2253,6]]},"282":{"position":[[23,9]]},"302":{"position":[[1188,9]]}}}],["directli",{"_index":1376,"t":{"268":{"position":[[13575,8]]},"302":{"position":[[22,8]]}}}],["directori",{"_index":812,"t":{"228":{"position":[[72,10],[1356,9]]},"240":{"position":[[1201,9]]},"246":{"position":[[1244,9]]},"248":{"position":[[2480,9]]},"266":{"position":[[265,10]]},"270":{"position":[[595,9]]}}}],["directory/develop/v2",{"_index":857,"t":{"228":{"position":[[2201,20]]}}}],["disabl",{"_index":627,"t":{"214":{"position":[[209,8],[338,8]]},"238":{"position":[[5072,9]]},"268":{"position":[[1781,8],[2425,7],[3438,7],[3518,7],[5798,7],[6829,8],[12564,7]]},"274":{"position":[[483,8],[791,8]]},"294":{"position":[[1115,7]]},"302":{"position":[[608,8]]}}}],["disallow",{"_index":1657,"t":{"302":{"position":[[244,9]]}}}],["disclos",{"_index":170,"t":{"163":{"position":[[65,9],[298,9]]}}}],["disclosur",{"_index":124,"t":{"159":{"position":[[139,11]]},"161":{"position":[[194,11],[491,10]]},"163":{"position":[[129,10]]},"294":{"position":[[839,11]]}}}],["discov",{"_index":160,"t":{"161":{"position":[[590,10]]}}}],["discoveri",{"_index":530,"t":{"204":{"position":[[447,9],[888,9]]},"248":{"position":[[3252,10],[3298,9],[3485,9],[3711,9]]},"268":{"position":[[6816,9],[13390,9],[13426,10]]},"304":{"position":[[826,11]]}}}],["discret",{"_index":195,"t":{"163":{"position":[[695,10]]}}}],["discuss",{"_index":169,"t":{"163":{"position":[[47,7],[216,10]]}}}],["display",{"_index":276,"t":{"171":{"position":[[821,7]]},"206":{"position":[[1591,7]]},"246":{"position":[[979,7]]},"256":{"position":[[332,7]]},"268":{"position":[[2449,7],[2476,7],[8445,7]]}}}],["doc",{"_index":1246,"t":{"268":{"position":[[66,4]]}}}],["docker",{"_index":20,"t":{"155":{"position":[[215,6]]},"246":{"position":[[1490,6]]},"248":{"position":[[2318,6],[2556,6],[2574,6]]}}}],["document",{"_index":199,"t":{"165":{"position":[[26,13]]},"216":{"position":[[742,14]]},"238":{"position":[[306,13],[1487,14],[5580,14],[6717,13]]},"246":{"position":[[2470,13]]},"250":{"position":[[387,13]]},"268":{"position":[[14320,14]]}}}],["doesn't",{"_index":861,"t":{"228":{"position":[[2398,7]]},"230":{"position":[[545,7]]}}}],["domain",{"_index":487,"t":{"202":{"position":[[529,7],[655,7]]},"224":{"position":[[147,6]]},"226":{"position":[[648,6],[1058,7],[2364,6]]},"234":{"position":[[407,8]]},"238":{"position":[[277,6]]},"240":{"position":[[1263,6]]},"246":{"position":[[1194,6]]},"248":{"position":[[3874,6]]},"258":{"position":[[22,6],[221,9]]},"268":{"position":[[1036,6],[1073,7],[1138,6],[1210,6],[2560,6],[2620,6],[15114,6],[15143,7],[15196,6],[15910,6],[15929,6],[16004,6],[16263,7]]},"272":{"position":[[469,6]]},"282":{"position":[[548,8]]},"286":{"position":[[469,8],[694,8]]},"288":{"position":[[646,8],[929,8],[1174,8],[1380,8]]},"304":{"position":[[854,6],[964,6],[1064,6]]},"306":{"position":[[268,7]]}}}],["domain.com",{"_index":1443,"t":{"276":{"position":[[964,10]]},"278":{"position":[[819,10]]}}}],["domain.tld/gitlab",{"_index":1001,"t":{"240":{"position":[[1217,19]]}}}],["domain.tld/gitlab/oauth",{"_index":1006,"t":{"240":{"position":[[1366,24]]}}}],["domain.tld/oauth",{"_index":1004,"t":{"240":{"position":[[1332,16]]}}}],["domain=\"yourcompany.com",{"_index":1629,"t":{"298":{"position":[[237,24]]},"300":{"position":[[1274,24]]}}}],["domain=/oauth2/callback",{"_index":1185,"t":{"252":{"position":[[611,24]]}}}],["headers.default",{"_index":443,"t":{"192":{"position":[[456,16]]}}}],["headers/pass_user_head",{"_index":260,"t":{"171":{"position":[[390,25]]}}}],["headers/skip_auth_strip_head",{"_index":270,"t":{"171":{"position":[[680,31]]}}}],["headershould",{"_index":438,"t":{"192":{"position":[[346,12]]}}}],["headervalu",{"_index":374,"t":{"182":{"position":[[13,12]]},"192":{"position":[[540,13]]},"194":{"position":[[21,11]]},"212":{"position":[[26,12]]}}}],["health",{"_index":1336,"t":{"268":{"position":[[8629,6],[8716,6],[8823,6]]},"302":{"position":[[384,6]]}}}],["helm",{"_index":34,"t":{"155":{"position":[[350,6]]}}}],["here",{"_index":1103,"t":{"248":{"position":[[344,5]]}}}],["hex",{"_index":1593,"t":{"294":{"position":[[406,3]]}}}],["histor",{"_index":1575,"t":{"292":{"position":[[103,13]]}}}],["hit",{"_index":754,"t":{"226":{"position":[[408,3]]},"228":{"position":[[658,3],[1276,7]]}}}],["hold",{"_index":564,"t":{"206":{"position":[[33,5],[546,5],[631,5],[710,5],[803,5],[892,5],[979,5],[1065,5],[1145,5],[1275,5]]}}}],["homepag",{"_index":1177,"t":{"252":{"position":[[57,9]]}}}],["host",{"_index":250,"t":{"171":{"position":[[162,4]]},"220":{"position":[[2301,4]]},"240":{"position":[[185,7],[1053,6],[1175,6]]},"252":{"position":[[606,4]]},"256":{"position":[[47,4],[495,4],[560,4],[630,4]]},"268":{"position":[[1168,4],[7889,4],[7923,4]]},"276":{"position":[[959,4],[992,4]]},"278":{"position":[[475,9],[814,4],[847,4]]},"282":{"position":[[370,4],[375,6],[708,4],[713,6]]},"300":{"position":[[1006,4],[1011,6]]}}}],["host(`a",{"_index":1537,"t":{"286":{"position":[[342,8],[537,8]]},"288":{"position":[[432,8],[726,8],[1013,8]]}}}],["host(`oauth.example.com",{"_index":1569,"t":{"288":{"position":[[1255,26]]}}}],["host>/api/v3",{"_index":899,"t":{"234":{"position":[[1953,13]]}}}],["host>/auth/realms//login/oauth/access_token",{"_index":898,"t":{"234":{"position":[[1878,31]]}}}],["host>/login/oauth/author",{"_index":897,"t":{"234":{"position":[[1808,28]]}}}],["host>/oauth2/callback",{"_index":1193,"t":{"256":{"position":[[144,21],[298,22]]}}}],["host_head",{"_index":1458,"t":{"278":{"position":[[143,13]]}}}],["hostnam",{"_index":1159,"t":{"248":{"position":[[3220,9]]},"252":{"position":[[228,8]]},"254":{"position":[[131,8]]}}}],["hosts.thi",{"_index":701,"t":{"220":{"position":[[1574,10]]}}}],["hour",{"_index":809,"t":{"226":{"position":[[3105,4]]}}}],["hst",{"_index":1646,"t":{"300":{"position":[[737,5]]}}}],["htaccess",{"_index":1334,"t":{"268":{"position":[[7784,8]]}}}],["html",{"_index":1279,"t":{"268":{"position":[[2310,4],[3405,6],[3485,6]]}}}],["htpasswd",{"_index":1282,"t":{"268":{"position":[[2457,8],[2521,8],[4826,8],[4883,8],[4927,8],[4963,8],[5034,8]]}}}],["http",{"_index":352,"t":{"176":{"position":[[1307,4],[1316,5],[1615,4],[1624,5]]},"220":{"position":[[1568,5]]},"256":{"position":[[26,9]]},"268":{"position":[[107,4],[656,4],[1943,6],[3252,5],[3271,5],[3346,4],[5051,4],[5128,4],[5231,5],[5293,5],[7500,4],[12216,4],[13708,5],[13824,5],[14513,4],[15524,4],[15697,4],[16153,5],[16167,6]]},"270":{"position":[[151,4],[160,5]]},"274":{"position":[[439,4]]},"278":{"position":[[0,4],[1257,4],[1404,4]]},"280":{"position":[[713,5]]},"286":{"position":[[310,5]]},"288":{"position":[[392,5]]},"290":{"position":[[70,4]]},"300":{"position":[[307,4],[340,4]]}}}],["http(",{"_index":348,"t":{"176":{"position":[[1239,7],[1561,7]]},"214":{"position":[[70,7]]},"220":{"position":[[1147,7]]},"270":{"position":[[91,7]]}}}],["http/1.0",{"_index":1444,"t":{"276":{"position":[[1080,8]]},"278":{"position":[[869,8]]}}}],["http/1.1",{"_index":1460,"t":{"278":{"position":[[186,8]]}}}],["http/1.1x",{"_index":1672,"t":{"304":{"position":[[623,9]]}}}],["http://0.0.0.0:8080\"]email_domain",{"_index":1090,"t":{"246":{"position":[[4524,35]]}}}],["http://127.0.0.1:4180",{"_index":1045,"t":{"246":{"position":[[1360,21]]},"282":{"position":[[330,22],[668,22]]},"300":{"position":[[966,22]]}}}],["http://127.0.0.1:4180/oauth2/callback",{"_index":1037,"t":{"246":{"position":[[1067,37]]},"248":{"position":[[3623,37]]}}}],["http://127.0.0.1:4180/oauth2/callback'nam",{"_index":1030,"t":{"246":{"position":[[722,44]]}}}],["http://127.0.0.1:4180/static",{"_index":1046,"t":{"246":{"position":[[1385,28]]}}}],["http://127.0.0.1:5556",{"_index":1164,"t":{"248":{"position":[[3678,21]]}}}],["http://127.0.0.1:5556/author",{"_index":1165,"t":{"248":{"position":[[3732,31]]}}}],["http://127.0.0.1:5556/dex",{"_index":1038,"t":{"246":{"position":[[1121,25]]}}}],["http://127.0.0.1:5556/key",{"_index":1167,"t":{"248":{"position":[[3819,26]]}}}],["http://127.0.0.1:5556/token",{"_index":1166,"t":{"248":{"position":[[3776,27]]}}}],["http://127.0.0.1:8080",{"_index":1406,"t":{"270":{"position":[[218,22]]}}}],["http://127.0.0.1:8080/some/path",{"_index":1407,"t":{"270":{"position":[[361,32]]}}}],["http://172.16.0.1:4180",{"_index":1546,"t":{"286":{"position":[[876,22]]},"288":{"position":[[1634,22]]}}}],["http://172.16.0.2:7555",{"_index":1545,"t":{"286":{"position":[[808,22]]},"288":{"position":[[1494,22]]}}}],["http://172.16.0.3:7555",{"_index":1570,"t":{"288":{"position":[[1566,22]]}}}],["http://[::1]:4180",{"_index":1308,"t":{"268":{"position":[[5194,17]]}}}],["http://[oauth2",{"_index":1410,"t":{"270":{"position":[[608,14],[963,14]]}}}],["http://]:::/sign_in",{"_index":1343,"t":{"268":{"position":[[9011,18]]}}}],["oauth2_proxy_",{"_index":1416,"t":{"272":{"position":[[93,14]]}}}],["oauth2_proxy_cookie_secret",{"_index":1419,"t":{"272":{"position":[[425,27]]}}}],["oauth2_proxy_email_domain",{"_index":1420,"t":{"272":{"position":[[489,27]]}}}],["oauth2_proxy_jwt_key",{"_index":1130,"t":{"248":{"position":[[1299,24]]}}}],["oauth2_proxy_jwt_key_file=/etc/ssl/private/jwt_signing_key.pem",{"_index":1153,"t":{"248":{"position":[[2672,62]]}}}],["oauth_proxi",{"_index":1264,"t":{"268":{"position":[[1500,11]]}}}],["obtain",{"_index":1398,"t":{"268":{"position":[[15664,9]]}}}],["occur",{"_index":1475,"t":{"280":{"position":[[187,5]]}}}],["oidc",{"_index":304,"t":{"171":{"position":[[1278,5]]},"196":{"position":[[229,4]]},"204":{"position":[[442,4],[883,4]]},"206":{"position":[[1174,4],[1208,4]]},"208":{"position":[[218,5],[259,5]]},"228":{"position":[[1560,4],[1868,4]]},"236":{"position":[[60,4]]},"238":{"position":[[20,4],[161,4],[1365,4],[1506,4],[1765,4],[1977,4],[3951,4],[4248,4],[5878,4]]},"240":{"position":[[1126,4]]},"246":{"position":[[244,6],[374,4],[965,4],[996,4],[1105,4],[1549,4]]},"248":{"position":[[16,4],[1673,4],[3247,4],[3293,4],[3480,4],[3559,4],[3662,4],[3706,4],[3805,4]]},"268":{"position":[[6298,4],[6410,4],[6455,4],[6574,4],[6614,4],[6649,4],[6740,4],[6761,4],[6811,4],[6840,4],[6870,4],[6917,4],[6948,4],[6995,4],[7028,4],[7069,4],[7409,4],[8163,4],[13385,4],[13412,4],[13469,4],[14997,4],[15875,4]]},"304":{"position":[[481,4],[667,4],[780,4],[889,4]]}}}],["oidc\"redirect_url",{"_index":1059,"t":{"246":{"position":[[3061,18],[4388,18]]}}}],["oidc_issuer_url",{"_index":852,"t":{"228":{"position":[[2036,16]]},"246":{"position":[[3372,15]]}}}],["oidcconfig",{"_index":586,"t":{"206":{"position":[[1111,10],[1134,10]]}}}],["oidcopt",{"_index":587,"t":{"206":{"position":[[1122,11]]}}}],["ok",{"_index":50,"t":{"155":{"position":[[588,2]]},"302":{"position":[[227,2],[340,2],[421,2]]}}}],["okta",{"_index":1021,"t":{"246":{"position":[[315,5],[1526,5],[1567,5],[1612,4],[2465,4],[3708,4],[3834,4],[4309,4],[4482,4]]}}}],["old",{"_index":1322,"t":{"268":{"position":[[5708,3],[5768,3]]},"294":{"position":[[1530,3]]}}}],["omit",{"_index":1403,"t":{"268":{"position":[[16195,4]]}}}],["on",{"_index":95,"t":{"157":{"position":[[354,3]]},"161":{"position":[[674,4]]},"202":{"position":[[95,3],[259,3],[614,3],[1458,3]]},"212":{"position":[[101,3]]},"248":{"position":[[2206,3]]},"254":{"position":[[683,3]]},"258":{"position":[[156,3]]},"264":{"position":[[39,3]]},"268":{"position":[[479,4],[9284,4],[13330,3]]},"276":{"position":[[313,3]]},"290":{"position":[[187,3]]}}}],["onc",{"_index":180,"t":{"163":{"position":[[421,4]]},"226":{"position":[[3097,4]]},"248":{"position":[[2843,4]]}}}],["onlyvalu",{"_index":515,"t":{"202":{"position":[[1436,10]]}}}],["open",{"_index":136,"t":{"161":{"position":[[113,4]]},"226":{"position":[[464,4]]},"230":{"position":[[0,4]]},"246":{"position":[[106,4]]}}}],["openid",{"_index":518,"t":{"204":{"position":[[80,6],[986,6]]},"224":{"position":[[297,6],[549,6]]},"238":{"position":[[901,7],[2066,7]]},"240":{"position":[[276,7]]},"246":{"position":[[0,6],[220,6],[2628,6]]},"248":{"position":[[862,6],[906,6]]},"268":{"position":[[6676,6]]}}}],["openssl",{"_index":1116,"t":{"248":{"position":[[1104,7]]},"264":{"position":[[78,7],[288,7]]}}}],["oppos",{"_index":1002,"t":{"240":{"position":[[1240,7]]}}}],["option",{"_index":60,"t":{"155":{"position":[[714,8]]},"165":{"position":[[164,7],[317,8],[373,7]]},"167":{"position":[[218,7],[263,7]]},"169":{"position":[[37,7],[256,7],[379,7],[437,7]]},"171":{"position":[[1233,8],[1251,6],[1369,7],[1480,7]]},"176":{"position":[[53,8],[77,7],[222,7]]},"182":{"position":[[246,8]]},"184":{"position":[[180,8]]},"192":{"position":[[416,6]]},"194":{"position":[[467,8]]},"200":{"position":[[186,6],[316,7]]},"202":{"position":[[1187,10],[1316,10]]},"208":{"position":[[101,7],[115,7]]},"216":{"position":[[102,8]]},"220":{"position":[[1585,6],[2039,6]]},"226":{"position":[[1066,11],[2071,7]]},"234":{"position":[[276,8],[362,7]]},"236":{"position":[[1050,8]]},"238":{"position":[[299,6],[356,9],[435,9],[499,9],[3965,7],[4782,7],[5127,7],[5440,6],[5896,6],[5945,6],[6051,6],[6308,8],[6546,6],[6651,6],[6974,8]]},"240":{"position":[[905,7]]},"246":{"position":[[1721,10],[2023,6],[2452,8]]},"248":{"position":[[1540,8],[2132,7],[3495,7]]},"252":{"position":[[407,8],[530,7],[706,7]]},"254":{"position":[[344,8],[584,7]]},"256":{"position":[[223,7]]},"262":{"position":[[48,8],[148,7]]},"266":{"position":[[169,6]]},"268":{"position":[[0,6],[52,9],[1057,8],[1652,8],[1883,11],[10776,6],[10871,7],[12680,7],[15437,10],[15740,6],[15917,7],[16362,7]]},"270":{"position":[[61,6]]},"284":{"position":[[5,6],[37,6]]},"288":{"position":[[175,7],[2326,6]]},"294":{"position":[[3337,6],[3432,7]]},"304":{"position":[[985,6]]}}}],["order",{"_index":1207,"t":{"262":{"position":[[109,5]]}}}],["org",{"_index":409,"t":{"186":{"position":[[46,3],[57,3],[478,3]]},"234":{"position":[[534,3],[635,7],[795,4],[1559,3]]},"268":{"position":[[3551,3],[4037,3]]}}}],["organ",{"_index":882,"t":{"234":{"position":[[259,12],[580,12],[713,12]]}}}],["organis",{"_index":410,"t":{"186":{"position":[[101,12]]},"234":{"position":[[678,12]]},"268":{"position":[[3597,12]]}}}],["organization'",{"_index":486,"t":{"202":{"position":[[514,14]]}}}],["organizationdefault",{"_index":476,"t":{"202":{"position":[[6,20]]}}}],["orgname/repo",{"_index":891,"t":{"234":{"position":[[1150,12]]},"268":{"position":[[3795,12]]}}}],["orgname/repo=accesslevel",{"_index":1297,"t":{"268":{"position":[[4302,25]]}}}],["origin",{"_index":762,"t":{"226":{"position":[[632,7]]},"246":{"position":[[146,10]]}}}],["os,base64",{"_index":1214,"t":{"264":{"position":[[125,10]]}}}],["otherwis",{"_index":475,"t":{"200":{"position":[[751,10]]},"204":{"position":[[631,10]]},"222":{"position":[[232,9]]},"246":{"position":[[1903,10]]},"304":{"position":[[992,9]]}}}],["out",{"_index":1055,"t":{"246":{"position":[[2125,3],[2318,3]]},"248":{"position":[[1156,3]]},"302":{"position":[[691,3]]},"304":{"position":[[17,4],[325,3]]}}}],["output",{"_index":1421,"t":{"274":{"position":[[34,6],[81,6]]},"276":{"position":[[142,6]]},"278":{"position":[[23,6]]},"280":{"position":[[80,6]]}}}],["outsid",{"_index":795,"t":{"226":{"position":[[2014,7]]},"272":{"position":[[326,7]]},"280":{"position":[[193,7]]}}}],["overrid",{"_index":650,"t":{"218":{"position":[[178,9]]},"244":{"position":[[183,8]]},"268":{"position":[[8465,8],[9938,8]]}}}],["overridden",{"_index":468,"t":{"200":{"position":[[371,10]]},"202":{"position":[[245,10],[388,11],[1279,11]]}}}],["override_speci",{"_index":1240,"t":{"264":{"position":[[711,16]]}}}],["overwrit",{"_index":1208,"t":{"262":{"position":[[161,9],[224,9]]}}}],["packag",{"_index":1204,"t":{"260":{"position":[[37,7]]}}}],["pad",{"_index":1595,"t":{"294":{"position":[[479,9]]}}}],["page",{"_index":197,"t":{"165":{"position":[[12,4],[143,4],[190,4],[331,4]]},"206":{"position":[[1654,5]]},"228":{"position":[[506,4],[1091,4],[1205,4]]},"268":{"position":[[2403,4],[3357,5],[8538,4],[12366,5],[13567,4]]},"302":{"position":[[656,5],[695,4],[1282,5]]},"304":{"position":[[329,4]]}}}],["pair",{"_index":1287,"t":{"268":{"position":[[2924,5]]},"294":{"position":[[533,4]]}}}],["pane",{"_index":747,"t":{"226":{"position":[[237,5],[284,5],[325,5],[432,5]]},"238":{"position":[[2659,4]]}}}],["parallel",{"_index":1276,"t":{"268":{"position":[[2173,8]]}}}],["paramet",{"_index":320,"t":{"174":{"position":[[83,9]]},"200":{"position":[[81,9],[280,10],[347,9],[476,9],[654,9]]},"202":{"position":[[36,9],[198,9],[366,9],[1159,10]]},"206":{"position":[[1965,10]]},"218":{"position":[[82,10],[202,9],[600,9]]},"238":{"position":[[6989,10]]},"270":{"position":[[258,10],[1096,10],[1121,9]]},"282":{"position":[[3773,10]]},"304":{"position":[[364,10]]},"306":{"position":[[123,10],[140,11]]}}}],["part",{"_index":325,"t":{"176":{"position":[[149,4]]},"282":{"position":[[1796,6],[2177,4],[2455,4]]}}}],["particularli",{"_index":1418,"t":{"272":{"position":[[286,12]]}}}],["pass",{"_index":69,"t":{"157":{"position":[[12,7]]},"171":{"position":[[157,4],[312,4],[344,4],[380,4],[416,4]]},"200":{"position":[[103,6],[253,6],[560,6],[677,6]]},"202":{"position":[[58,6],[216,6]]},"204":{"position":[[1593,4]]},"206":{"position":[[1988,6]]},"218":{"position":[[93,6],[212,6]]},"222":{"position":[[154,4]]},"226":{"position":[[2643,4]]},"228":{"position":[[2410,6]]},"230":{"position":[[557,6]]},"238":{"position":[[3008,4]]},"246":{"position":[[1795,6]]},"248":{"position":[[2283,4]]},"252":{"position":[[388,4]]},"254":{"position":[[325,4]]},"256":{"position":[[204,4]]},"268":{"position":[[644,7],[7145,4],[7170,4],[7193,4],[7373,4],[7404,4],[7474,4],[7495,4],[7698,7],[7836,4],[7858,4],[7884,4],[7906,4],[7954,4],[7977,4],[11992,4]]},"270":{"position":[[71,4]]},"282":{"position":[[990,4],[1301,4],[1330,4]]},"290":{"position":[[276,6]]},"294":{"position":[[2154,4]]}}}],["passhosthead",{"_index":721,"t":{"220":{"position":[[2235,14],[2255,14]]}}}],["password",{"_index":390,"t":{"182":{"position":[[529,8]]},"194":{"position":[[750,8]]},"268":{"position":[[603,8],[623,8],[2495,8],[9860,8],[9882,9],[9951,8],[10007,8],[10038,9],[10098,9],[10128,8]]}}}],["password/basic_auth_password",{"_index":268,"t":{"171":{"position":[[635,28]]}}}],["patch",{"_index":191,"t":{"163":{"position":[[601,7]]}}}],["path",{"_index":235,"t":{"167":{"position":[[123,4]]},"176":{"position":[[536,4]]},"190":{"position":[[251,4]]},"194":{"position":[[300,4]]},"198":{"position":[[150,4]]},"206":{"position":[[1698,5]]},"212":{"position":[[345,4]]},"220":{"position":[[140,4],[165,5],[296,4],[308,4],[407,5],[592,4],[622,4],[671,4],[721,4],[824,4],[877,4],[949,4],[1199,5],[1378,4]]},"222":{"position":[[171,4],[397,4],[422,5]]},"226":{"position":[[2888,4]]},"238":{"position":[[5939,5]]},"268":{"position":[[1007,4],[1637,4],[1668,4],[2295,4],[2354,4],[3037,4],[3073,5],[3131,5],[4632,4],[6070,4],[8291,5],[8572,4],[8766,4],[8961,4],[12805,5],[12943,5],[14022,4],[14357,4],[14559,5],[14653,4]]},"270":{"position":[[501,5],[703,4],[852,4],[1256,4]]},"278":{"position":[[177,8],[1166,4]]},"302":{"position":[[279,6]]}}}],["path.eg",{"_index":691,"t":{"220":{"position":[[1257,8]]}}}],["path/to/cert.key",{"_index":1651,"t":{"300":{"position":[[869,18]]}}}],["path/to/cert.pem",{"_index":1649,"t":{"300":{"position":[[830,18]]}}}],["path/to/existing/config.cfg",{"_index":239,"t":{"169":{"position":[[204,29],[558,29]]}}}],["path/to/new/config.yaml",{"_index":244,"t":{"169":{"position":[[523,25]]}}}],["path/to/sit",{"_index":1508,"t":{"282":{"position":[[2623,15]]}}}],["path_regex",{"_index":1248,"t":{"268":{"position":[[195,10],[13015,10],[13029,12]]}}}],["pathprefix",{"_index":1564,"t":{"288":{"position":[[491,16],[1285,16]]}}}],["pathprefix(`/no",{"_index":1566,"t":{"288":{"position":[[760,15]]}}}],["pathprefix(`/oauth2",{"_index":1543,"t":{"286":{"position":[[592,23]]},"288":{"position":[[1072,23]]}}}],["pattern",{"_index":489,"t":{"202":{"position":[[561,8],[978,8]]},"218":{"position":[[259,7],[379,7],[396,7]]},"220":{"position":[[449,7]]}}}],["pem",{"_index":457,"t":{"198":{"position":[[87,3],[182,3]]},"248":{"position":[[1023,4],[2383,3],[2528,3]]},"268":{"position":[[5925,3],[6102,3]]}}}],["per",{"_index":1203,"t":{"258":{"position":[[166,3]]},"268":{"position":[[484,3],[2079,3],[2133,3]]}}}],["perform",{"_index":963,"t":{"238":{"position":[[3757,7]]},"246":{"position":[[397,7],[1573,7]]}}}],["period",{"_index":394,"t":{"184":{"position":[[81,6]]},"220":{"position":[[2128,6]]},"268":{"position":[[3173,6]]}}}],["permiss",{"_index":806,"t":{"226":{"position":[[2778,11]]},"228":{"position":[[445,11],[494,11],[538,11],[598,12],[666,11],[775,10],[2222,11]]},"254":{"position":[[176,11]]}}}],["pick",{"_index":814,"t":{"228":{"position":[[144,4]]},"246":{"position":[[2235,4],[2660,4]]}}}],["pin",{"_index":1645,"t":{"300":{"position":[[713,3]]}}}],["ping",{"_index":1335,"t":{"268":{"position":[[8567,4],[8588,4],[8643,7],[8653,4],[12546,4],[12595,4]]},"274":{"position":[[716,5],[743,4],[815,4]]},"302":{"position":[[318,5]]}}}],["ping,/path2",{"_index":1291,"t":{"268":{"position":[[3109,14]]}}}],["pkce",{"_index":936,"t":{"238":{"position":[[569,4]]},"268":{"position":[[904,4]]}}}],["plain",{"_index":1253,"t":{"268":{"position":[[959,7]]},"282":{"position":[[2894,5]]}}}],["plan",{"_index":836,"t":{"228":{"position":[[1030,8]]}}}],["platform",{"_index":819,"t":{"228":{"position":[[270,8],[1660,8]]},"246":{"position":[[2603,8]]},"300":{"position":[[86,8],[276,8]]}}}],["pleas",{"_index":135,"t":{"161":{"position":[[99,6],[144,6],[346,6],[434,6]]},"165":{"position":[[260,6],[835,6]]},"224":{"position":[[430,6]]},"238":{"position":[[2113,6],[6688,6]]}}}],["plural",{"_index":1242,"t":{"266":{"position":[[186,6]]},"272":{"position":[[257,6]]}}}],["poc",{"_index":1268,"t":{"268":{"position":[[1699,6]]}}}],["point",{"_index":1005,"t":{"240":{"position":[[1349,8]]},"288":{"position":[[119,8]]}}}],["polici",{"_index":833,"t":{"228":{"position":[[884,8]]},"246":{"position":[[2351,8]]}}}],["popul",{"_index":922,"t":{"236":{"position":[[1276,8]]}}}],["port",{"_index":1025,"t":{"246":{"position":[[584,5]]},"268":{"position":[[16059,5],[16118,4],[16231,5],[16302,5]]},"300":{"position":[[390,4],[460,4]]},"304":{"position":[[1075,4]]}}}],["possibl",{"_index":126,"t":{"159":{"position":[[165,9]]},"161":{"position":[[467,9]]},"184":{"position":[[125,8]]},"236":{"position":[[82,9]]},"240":{"position":[[877,8]]},"268":{"position":[[2156,8]]}}}],["post",{"_index":140,"t":{"161":{"position":[[158,4]]}}}],["potenti",{"_index":161,"t":{"161":{"position":[[622,9]]},"220":{"position":[[1619,9]]}}}],["powershel",{"_index":1212,"t":{"264":{"position":[[86,10]]}}}],["ppc64le",{"_index":25,"t":{"155":{"position":[[270,8]]}}}],["pr",{"_index":138,"t":{"161":{"position":[[130,2]]},"163":{"position":[[373,3]]}}}],["practic",{"_index":949,"t":{"238":{"position":[[1434,10]]}}}],["pre",{"_index":965,"t":{"238":{"position":[[4122,3]]}}}],["prebuilt",{"_index":3,"t":{"155":{"position":[[34,8],[206,8],[357,8]]}}}],["preced",{"_index":666,"t":{"220":{"position":[[388,10]]},"262":{"position":[[118,11]]}}}],["prefer",{"_index":266,"t":{"171":{"position":[[582,6]]},"268":{"position":[[7569,9],[7619,6],[7645,6],[8054,9],[11902,9]]}}}],["preferred_usernam",{"_index":739,"t":{"224":{"position":[[489,18]]}}}],["prefix",{"_index":379,"t":{"182":{"position":[[219,6],[233,6],[255,6]]},"194":{"position":[[440,6],[454,6],[476,6]]},"220":{"position":[[627,8],[676,8]]},"268":{"position":[[1555,6],[8934,6],[15189,6],[15936,8]]},"272":{"position":[[75,9]]},"302":{"position":[[136,6],[175,6]]}}}],["preflight",{"_index":1369,"t":{"268":{"position":[[12636,9]]}}}],["prepend",{"_index":380,"t":{"182":{"position":[[275,9]]},"194":{"position":[[496,9]]}}}],["present",{"_index":165,"t":{"161":{"position":[[705,7]]},"268":{"position":[[8179,8],[13687,9],[13803,9]]},"290":{"position":[[237,7]]}}}],["preserv",{"_index":439,"t":{"192":{"position":[[362,9]]}}}],["preserverequestvalu",{"_index":436,"t":{"192":{"position":[[260,20],[286,20]]}}}],["pretti",{"_index":1169,"t":{"250":{"position":[[282,6]]}}}],["prevent",{"_index":524,"t":{"204":{"position":[[200,8]]},"292":{"position":[[460,7]]}}}],["preview",{"_index":981,"t":{"238":{"position":[[6818,7]]},"246":{"position":[[1682,7]]}}}],["previou",{"_index":194,"t":{"163":{"position":[[652,8]]}}}],["previous",{"_index":176,"t":{"163":{"position":[[287,10]]}}}],["primari",{"_index":326,"t":{"176":{"position":[[161,7]]}}}],["print",{"_index":241,"t":{"169":{"position":[[304,5]]},"268":{"position":[[15081,5]]}}}],["print(base64.urlsafe_b64encode(os.urandom(32)).decod",{"_index":1215,"t":{"264":{"position":[[136,57]]}}}],["prior",{"_index":212,"t":{"165":{"position":[[245,5]]},"240":{"position":[[119,5]]}}}],["privat",{"_index":145,"t":{"161":{"position":[[222,8]]},"163":{"position":[[37,9]]},"198":{"position":[[72,7],[162,7]]},"234":{"position":[[1048,7]]},"248":{"position":[[1065,7]]},"268":{"position":[[5910,7],[6082,7],[14365,7]]}}}],["process",{"_index":1152,"t":{"248":{"position":[[2587,7]]},"278":{"position":[[965,8]]},"282":{"position":[[2934,9],[2980,9]]}}}],["product",{"_index":753,"t":{"226":{"position":[[374,8]]},"248":{"position":[[294,10]]},"268":{"position":[[12437,11]]}}}],["profil",{"_index":284,"t":{"171":{"position":[[933,7]]},"206":{"position":[[2131,7]]},"236":{"position":[[727,7]]},"240":{"position":[[284,7]]},"248":{"position":[[1992,7]]},"268":{"position":[[8104,7],[8123,7]]}}}],["profileurl",{"_index":606,"t":{"206":{"position":[[2095,10],[2113,10]]}}}],["project",{"_index":116,"t":{"159":{"position":[[33,8],[74,7],[204,8]]},"188":{"position":[[113,8],[131,8],[184,8]]},"226":{"position":[[53,8],[123,7],[150,7],[184,7],[212,7]]},"234":{"position":[[13,8]]},"240":{"position":[[411,8]]},"242":{"position":[[55,8]]},"246":{"position":[[118,9]]},"268":{"position":[[4184,8],[4250,8]]}}}],["prometheu",{"_index":1340,"t":{"268":{"position":[[8883,10]]},"302":{"position":[[533,10]]}}}],["prompt",{"_index":289,"t":{"171":{"position":[[998,6]]},"268":{"position":[[217,6],[8149,6],[8168,7],[8197,6]]}}}],["prompt/approval_prompt",{"_index":291,"t":{"171":{"position":[[1014,22]]}}}],["promptallow",{"_index":478,"t":{"202":{"position":[[130,12]]}}}],["promptdefault",{"_index":481,"t":{"202":{"position":[[294,14]]}}}],["properli",{"_index":991,"t":{"240":{"position":[[551,9]]}}}],["propos",{"_index":174,"t":{"163":{"position":[[257,8]]}}}],["protect",{"_index":608,"t":{"206":{"position":[[2213,9]]},"228":{"position":[[315,7]]},"246":{"position":[[2189,11],[2279,8]]},"268":{"position":[[11310,9]]},"294":{"position":[[774,8]]}}}],["protectedresourc",{"_index":607,"t":{"206":{"position":[[2171,17]]}}}],["proto,host,uri",{"_index":1358,"t":{"268":{"position":[[11472,16]]}}}],["protocol",{"_index":942,"t":{"238":{"position":[[892,8]]},"248":{"position":[[842,9]]},"268":{"position":[[16136,8]]},"276":{"position":[[1071,8],[1101,9]]},"278":{"position":[[534,13],[860,8],[890,9]]}}}],["provid",{"_index":42,"t":{"155":{"position":[[472,8],[600,8],[650,8],[803,8]]},"157":{"position":[[309,8],[473,9],[740,8]]},"167":{"position":[[111,7]]},"171":{"position":[[803,8],[812,8],[856,8],[1215,8]]},"174":{"position":[[13,9]]},"176":{"position":[[1809,9],[1819,9],[1829,9],[1869,10]]},"178":{"position":[[13,9]]},"180":{"position":[[13,9]]},"186":{"position":[[13,9]]},"188":{"position":[[13,9]]},"190":{"position":[[13,9]]},"196":{"position":[[13,9],[234,9]]},"198":{"position":[[13,9]]},"200":{"position":[[13,9],[712,8]]},"204":{"position":[[13,9]]},"206":{"position":[[13,10],[24,8],[70,8],[212,10],[345,10],[584,9],[666,9],[744,9],[842,9],[929,9],[1015,9],[1101,9],[1190,9],[1313,9],[1414,10],[1425,8],[1504,9],[1581,9]]},"208":{"position":[[29,9],[87,8]]},"210":{"position":[[0,11],[47,9],[92,10]]},"224":{"position":[[54,8],[90,10],[195,9],[365,8],[400,8],[455,9],[564,9]]},"226":{"position":[[2747,8]]},"228":{"position":[[2308,8]]},"230":{"position":[[92,7],[455,8]]},"234":{"position":[[184,8],[1264,7]]},"236":{"position":[[24,8],[70,8],[1256,8]]},"238":{"position":[[3956,8]]},"240":{"position":[[10,8]]},"246":{"position":[[84,9],[133,8],[235,8],[297,9],[379,8],[553,8],[956,8],[970,8],[1001,9],[1554,8],[1918,8],[3050,8],[4377,8]]},"248":{"position":[[21,8],[1565,8],[1893,8],[3268,9],[3550,8]]},"250":{"position":[[14,8],[125,9],[528,8]]},"252":{"position":[[378,9]]},"254":{"position":[[315,9]]},"256":{"position":[[323,8]]},"260":{"position":[[27,9],[61,8],[151,9]]},"268":{"position":[[1811,9],[2538,8],[8220,8],[8242,8],[8260,8],[8359,9],[8436,8],[8555,9],[13528,8],[13714,9],[15002,9],[15820,9],[16344,8]]},"270":{"position":[[194,9],[353,7],[691,7],[1149,9]]},"288":{"position":[[34,8],[2252,8]]},"298":{"position":[[47,9],[418,12]]},"300":{"position":[[1384,12]]},"304":{"position":[[169,8],[785,8]]}}}],["provider'",{"_index":1162,"t":{"248":{"position":[[3422,10]]},"268":{"position":[[8478,10]]},"282":{"position":[[1699,10]]},"304":{"position":[[309,10]]}}}],["provider.example.com",{"_index":1677,"t":{"304":{"position":[[894,20]]}}}],["provider.example.com%2fsign_out_pag",{"_index":1671,"t":{"304":{"position":[[486,36]]}}}],["provider.if",{"_index":601,"t":{"206":{"position":[[1766,11]]}}}],["provider.thi",{"_index":594,"t":{"206":{"position":[[1374,13]]}}}],["provider/sign_out_pag",{"_index":1674,"t":{"304":{"position":[[672,25]]}}}],["provider=\"github",{"_index":1194,"t":{"256":{"position":[[247,17]]}}}],["provider=\"gitlab",{"_index":992,"t":{"240":{"position":[[605,17]]}}}],["provider=adf",{"_index":873,"t":{"230":{"position":[[333,13]]}}}],["provider=azur",{"_index":841,"t":{"228":{"position":[[1439,14],[1747,14]]}}}],["provider=bitbucket",{"_index":1188,"t":{"254":{"position":[[355,18]]}}}],["provider=digitalocean",{"_index":1181,"t":{"252":{"position":[[418,21]]}}}],["provider=keycloak",{"_index":905,"t":{"236":{"position":[[440,17]]},"238":{"position":[[2,17]]}}}],["providermust",{"_index":596,"t":{"206":{"position":[[1465,12]]}}}],["provideror",{"_index":588,"t":{"206":{"position":[[1179,10]]}}}],["providers.new",{"_index":1205,"t":{"260":{"position":[[98,15]]}}}],["providerthi",{"_index":566,"t":{"206":{"position":[[173,12],[306,12]]}}}],["providertyp",{"_index":595,"t":{"206":{"position":[[1434,12]]},"208":{"position":[[39,12]]}}}],["proxi",{"_index":23,"t":{"155":{"position":[[256,5],[563,5],[676,5]]},"157":{"position":[[32,5],[729,5]]},"159":{"position":[[12,5]]},"161":{"position":[[65,5],[339,6]]},"169":{"position":[[58,5],[163,5],[467,5],[502,5]]},"171":{"position":[[191,5],[1511,5]]},"176":{"position":[[204,6],[490,7],[973,5],[1045,5],[1262,5]]},"220":{"position":[[108,7],[1057,8],[1669,5],[2416,8]]},"222":{"position":[[365,7]]},"224":{"position":[[179,5]]},"226":{"position":[[1694,5],[2845,5],[2961,6]]},"228":{"position":[[1303,5]]},"230":{"position":[[320,5]]},"238":{"position":[[1697,5],[2985,5],[3621,5],[3746,5],[5434,5],[5679,5],[5913,6],[6068,6],[6413,5],[6540,5]]},"246":{"position":[[530,5],[789,5],[924,5],[1028,5],[1048,5],[3656,5],[3676,5],[4817,5],[4837,5]]},"248":{"position":[[393,5],[661,5],[1512,5],[1558,5],[2999,7],[3190,6],[3340,5],[3582,5],[3603,5]]},"252":{"position":[[206,5],[249,5]]},"254":{"position":[[108,6],[152,5]]},"256":{"position":[[238,6]]},"260":{"position":[[130,5]]},"262":{"position":[[7,5]]},"268":{"position":[[8928,5],[8976,5],[9042,5],[9082,8],[9268,5],[11346,5],[11389,6],[13177,5],[15427,5],[15549,5],[15718,5]]},"270":{"position":[[7,5],[623,5],[978,5]]},"274":{"position":[[19,5]]},"276":{"position":[[937,5]]},"278":{"position":[[792,5]]},"282":{"position":[[192,8],[1763,5]]},"284":{"position":[[31,5]]},"286":{"position":[[223,8]]},"288":{"position":[[138,5],[208,6],[1236,5]]},"290":{"position":[[109,5]]},"292":{"position":[[97,5],[396,5],[655,6]]},"294":{"position":[[1021,5],[1374,5],[1644,5],[1848,5],[2166,5]]},"296":{"position":[[52,5],[69,5]]},"298":{"position":[[38,5],[162,5],[221,5],[978,5]]},"300":{"position":[[133,5],[432,8],[451,5],[478,5],[1199,5],[1258,5]]},"302":{"position":[[7,5],[87,7],[169,5]]}}}],["proxiedto",{"_index":722,"t":{"220":{"position":[[2323,9]]}}}],["proxy'",{"_index":76,"t":{"157":{"position":[[96,7]]},"252":{"position":[[296,7]]},"282":{"position":[[86,7]]},"286":{"position":[[93,7]]},"304":{"position":[[91,7]]}}}],["proxy'secret",{"_index":1031,"t":{"246":{"position":[[775,13]]}}}],["proxy(e.g",{"_index":821,"t":{"228":{"position":[[337,10]]}}}],["proxy.cfg",{"_index":1243,"t":{"266":{"position":[[225,9],[326,9]]}}}],["proxy.thi",{"_index":341,"t":{"176":{"position":[[929,10]]}}}],["proxy/oauth2",{"_index":14,"t":{"155":{"position":[[123,12],[243,12]]}}}],["proxy/oauth2/callback",{"_index":1179,"t":{"252":{"position":[[163,22]]}}}],["proxy/v7@latest",{"_index":15,"t":{"155":{"position":[[136,15]]}}}],["proxy=tru",{"_index":1563,"t":{"288":{"position":[[306,11]]},"300":{"position":[[1409,10]]}}}],["proxy>/oauth2/callback",{"_index":1187,"t":{"254":{"position":[[63,23]]}}}],["proxy_buffer_s",{"_index":864,"t":{"228":{"position":[[2451,17]]},"230":{"position":[[598,17]]}}}],["proxy_connect_timeout",{"_index":1653,"t":{"300":{"position":[[1094,21]]}}}],["proxy_pass",{"_index":1481,"t":{"282":{"position":[[319,10],[657,10],[2584,10],[2948,10]]},"300":{"position":[[955,10]]}}}],["proxy_pass_request_bodi",{"_index":1487,"t":{"282":{"position":[[883,23]]}}}],["proxy_read_timeout",{"_index":1655,"t":{"300":{"position":[[1142,18]]}}}],["proxy_send_timeout",{"_index":1654,"t":{"300":{"position":[[1119,18]]}}}],["proxy_set_head",{"_index":1482,"t":{"282":{"position":[[353,16],[382,16],[423,16],[458,16],[559,16],[691,16],[720,16],[761,16],[847,16],[1218,16],[1249,16],[1428,16]]},"300":{"position":[[989,16],[1018,16],[1059,16]]}}}],["proxyrawpath",{"_index":731,"t":{"222":{"position":[[118,12],[136,12]]}}}],["proxyredirecturi",{"_index":1029,"t":{"246":{"position":[[702,18]]}}}],["proxyus",{"_index":1346,"t":{"268":{"position":[[9326,9]]}}}],["proxywebsocket",{"_index":724,"t":{"220":{"position":[[2371,15],[2392,15]]}}}],["pubjwk",{"_index":300,"t":{"171":{"position":[[1185,6]]},"248":{"position":[[1917,6]]},"268":{"position":[[9098,6]]}}}],["pubjwkurl",{"_index":459,"t":{"198":{"position":[[214,9],[231,9]]}}}],["pubkey",{"_index":461,"t":{"198":{"position":[[252,6]]},"268":{"position":[[9120,6]]}}}],["public",{"_index":890,"t":{"234":{"position":[[1011,6],[1229,6]]},"248":{"position":[[974,6]]}}}],["public_repo",{"_index":894,"t":{"234":{"position":[[1376,11]]}}}],["publicli",{"_index":142,"t":{"161":{"position":[[175,9]]}}}],["pull",{"_index":1450,"t":{"276":{"position":[[1173,6]]},"278":{"position":[[1036,6]]}}}],["push",{"_index":413,"t":{"186":{"position":[[341,4]]},"234":{"position":[[994,4]]},"268":{"position":[[3898,4]]}}}],["put",{"_index":16,"t":{"155":{"position":[[163,3]]}}}],["python",{"_index":1210,"t":{"264":{"position":[[66,6],[107,6]]}}}],["quay.io/oauth2",{"_index":22,"t":{"155":{"position":[[228,14]]}}}],["queri",{"_index":463,"t":{"200":{"position":[[75,5],[390,5]]},"202":{"position":[[1153,5],[1405,5]]},"218":{"position":[[76,5]]},"286":{"position":[[1287,6]]},"304":{"position":[[358,5]]},"306":{"position":[[117,5],[134,5]]}}}],["quick",{"_index":1115,"t":{"248":{"position":[[1080,5]]}}}],["quickli",{"_index":125,"t":{"159":{"position":[[154,7]]}}}],["quit",{"_index":1600,"t":{"294":{"position":[[964,5]]}}}],["quot",{"_index":501,"t":{"202":{"position":[[845,6]]}}}],["r_basicprofil",{"_index":1009,"t":{"242":{"position":[[168,14]]}}}],["r_emailaddress",{"_index":1010,"t":{"242":{"position":[[187,15]]}}}],["rand",{"_index":1225,"t":{"264":{"position":[[296,4]]}}}],["random",{"_index":536,"t":{"204":{"position":[[586,6]]},"276":{"position":[[1210,6]]},"278":{"position":[[1073,6]]},"294":{"position":[[391,6],[442,6]]}}}],["random_password",{"_index":1238,"t":{"264":{"position":[[663,17]]}}}],["rang",{"_index":1390,"t":{"268":{"position":[[15326,6]]}}}],["raw",{"_index":732,"t":{"222":{"position":[[163,3]]},"282":{"position":[[2229,3]]}}}],["rd",{"_index":1669,"t":{"304":{"position":[[355,2]]}}}],["re",{"_index":1586,"t":{"292":{"position":[[799,2]]},"304":{"position":[[200,2]]}}}],["reach",{"_index":1377,"t":{"268":{"position":[[13584,5]]}}}],["read",{"_index":807,"t":{"226":{"position":[[2862,4]]},"228":{"position":[[440,4]]},"234":{"position":[[1207,4]]},"238":{"position":[[5562,4]]},"254":{"position":[[240,4],[261,4]]}}}],["read_api",{"_index":990,"t":{"240":{"position":[[445,8]]}}}],["readi",{"_index":192,"t":{"163":{"position":[[613,6]]},"268":{"position":[[8760,5],[8782,5],[8837,8],[12602,5]]},"274":{"position":[[768,6]]},"302":{"position":[[398,6]]}}}],["real",{"_index":1157,"t":{"248":{"position":[[3070,4],[3215,4]]},"268":{"position":[[9168,4],[9226,4],[9312,4],[9342,4],[11428,4],[15450,4]]},"276":{"position":[[899,4]]},"278":{"position":[[754,4]]},"282":{"position":[[401,4],[739,4]]},"300":{"position":[[1037,4]]}}}],["realm",{"_index":901,"t":{"236":{"position":[[127,5]]},"238":{"position":[[219,6],[375,5],[846,5],[1871,5],[2006,5],[3902,5],[4081,5],[4359,5],[4382,5],[4420,6],[4707,6],[4906,5],[6959,5]]}}}],["realm>/protocol/openid",{"_index":911,"t":{"236":{"position":[[592,22],[687,22],[784,22],[885,22]]}}}],["reason",{"_index":803,"t":{"226":{"position":[[2537,6]]},"294":{"position":[[2364,7]]}}}],["recipi",{"_index":951,"t":{"238":{"position":[[1662,9],[3310,11]]}}}],["recommend",{"_index":769,"t":{"226":{"position":[[871,11],[1233,14],[1672,14]]},"238":{"position":[[1451,11]]},"268":{"position":[[977,13]]},"282":{"position":[[3574,11]]},"294":{"position":[[2468,11]]},"296":{"position":[[14,11]]}}}],["redeem",{"_index":282,"t":{"171":{"position":[[911,6]]},"204":{"position":[[686,6]]},"234":{"position":[[1837,6]]},"236":{"position":[[631,6]]},"248":{"position":[[3765,6]]},"250":{"position":[[686,6]]},"256":{"position":[[527,6]]},"268":{"position":[[9352,6],[13452,6]]}}}],["redeemurl",{"_index":604,"t":{"206":{"position":[[2035,9],[2052,9]]}}}],["redempt",{"_index":605,"t":{"206":{"position":[[2075,10]]},"268":{"position":[[9376,10]]}}}],["redi",{"_index":103,"t":{"157":{"position":[[552,6]]},"228":{"position":[[2498,5]]},"230":{"position":[[645,5]]},"268":{"position":[[9503,5],[9555,5],[9640,5],[9660,5],[9695,5],[9712,5],[9763,5],[9840,5],[9854,5],[9876,5],[9911,5],[9969,5],[9992,5],[10023,5],[10087,5],[10122,5],[10139,5],[10173,5],[10228,5],[10249,5],[10302,5],[10388,5],[10409,5],[10443,5],[10469,5],[10527,5],[10562,5],[10594,5],[10627,5],[10686,5],[10720,5],[10762,5],[10809,5],[10857,5],[10966,5],[11015,5],[11767,5]]},"290":{"position":[[326,5]]},"294":{"position":[[4,5],[57,6],[606,5],[711,5],[1421,5],[1565,5],[2635,5],[2698,5],[2726,5],[2817,5],[2874,5],[2937,5],[2970,5],[3016,5],[3119,5],[3174,5],[3237,5],[3267,5],[3323,5],[3370,5],[3418,5],[3531,5],[3580,5]]},"302":{"position":[[474,5]]}}}],["redirect",{"_index":91,"t":{"157":{"position":[[276,10]]},"222":{"position":[[245,10]]},"224":{"position":[[123,8]]},"226":{"position":[[703,8]]},"228":{"position":[[232,8]]},"232":{"position":[[95,8]]},"236":{"position":[[174,8]]},"238":{"position":[[97,8],[928,8],[2343,8]]},"240":{"position":[[322,8],[625,8],[703,8],[1318,8]]},"242":{"position":[[217,8]]},"246":{"position":[[1054,8],[2720,8],[3969,8],[4029,8]]},"248":{"position":[[1379,8],[1619,8],[3610,8]]},"250":{"position":[[448,12]]},"252":{"position":[[315,8],[562,8],[680,8]]},"256":{"position":[[87,8],[267,8]]},"268":{"position":[[127,11],[2716,9],[3277,8],[3366,9],[9398,8],[9428,8],[11511,8],[15155,11],[16022,8]]},"282":{"position":[[490,8],[591,8]]},"288":{"position":[[0,8],[372,9],[561,8],[572,9],[781,11],[849,8],[1894,9],[2059,9]]},"302":{"position":[[816,8]]},"304":{"position":[[22,8],[269,8],[380,8],[550,8],[585,8],[646,9],[873,8],[1006,8]]}}}],["redis.conf",{"_index":1354,"t":{"268":{"position":[[10898,10]]},"294":{"position":[[3463,10]]}}}],["redis://host[:port",{"_index":1348,"t":{"268":{"position":[[9591,21],[9740,20],[10339,21]]}}}],["reduc",{"_index":972,"t":{"238":{"position":[[5311,6]]},"274":{"position":[[828,8]]}}}],["refer",{"_index":226,"t":{"165":{"position":[[552,9],[853,9]]},"167":{"position":[[94,9]]},"212":{"position":[[57,10]]},"238":{"position":[[5549,5],[6695,5]]},"248":{"position":[[930,5],[1284,8]]},"250":{"position":[[367,5]]}}}],["refresh",{"_index":770,"t":{"226":{"position":[[886,7],[940,7],[3079,9]]},"246":{"position":[[2830,7],[4138,7]]},"268":{"position":[[1719,7],[1736,7],[15847,8]]},"282":{"position":[[1494,8]]},"292":{"position":[[734,10]]},"294":{"position":[[1053,7],[1070,7],[1249,7],[1403,7],[1453,7],[1534,7],[1608,8],[1659,7],[1736,10],[1801,7],[1859,7],[1962,9],[2007,7],[2403,7],[2552,7]]}}}],["refresh/access/id",{"_index":1599,"t":{"294":{"position":[[787,17]]}}}],["refreshes.default",{"_index":541,"t":{"204":{"position":[[712,17]]}}}],["regardless",{"_index":1634,"t":{"298":{"position":[[679,10]]}}}],["regex",{"_index":74,"t":{"157":{"position":[[70,6]]},"268":{"position":[[12715,5]]}}}],["regist",{"_index":52,"t":{"155":{"position":[[613,8]]},"224":{"position":[[17,8]]},"228":{"position":[[404,9]]},"248":{"position":[[453,8],[765,8]]}}}],["registr",{"_index":740,"t":{"226":{"position":[[16,12]]},"228":{"position":[[94,13],[130,13],[469,13],[1147,12]]},"242":{"position":[[18,12]]}}}],["regular",{"_index":178,"t":{"163":{"position":[[365,7]]},"202":{"position":[[432,7],[814,7]]},"218":{"position":[[417,7]]},"220":{"position":[[534,7]]}}}],["releas",{"_index":6,"t":{"155":{"position":[[59,7],[490,7]]},"163":{"position":[[493,8],[661,9]]},"176":{"position":[[298,8]]},"204":{"position":[[764,8]]},"238":{"position":[[754,7]]}}}],["relev",{"_index":1614,"t":{"294":{"position":[[2282,8]]}}}],["reload",{"_index":1573,"t":{"288":{"position":[[2336,6]]}}}],["remain",{"_index":676,"t":{"220":{"position":[[711,9]]},"238":{"position":[[2133,9]]},"242":{"position":[[300,9]]}}}],["remot",{"_index":1394,"t":{"268":{"position":[[15581,6]]}}}],["remote_addr",{"_index":1483,"t":{"282":{"position":[[409,13],[747,13]]},"300":{"position":[[1045,13]]}}}],["remote_address",{"_index":1427,"t":{"276":{"position":[[181,16]]},"278":{"position":[[62,16]]}}}],["remov",{"_index":208,"t":{"165":{"position":[[211,8]]},"167":{"position":[[255,7]]},"169":{"position":[[368,6],[429,7]]},"171":{"position":[[1467,6]]},"238":{"position":[[737,7]]},"304":{"position":[[76,7]]}}}],["renam",{"_index":209,"t":{"165":{"position":[[220,7]]}}}],["replac",{"_index":220,"t":{"165":{"position":[[479,7]]},"266":{"position":[[65,9]]},"272":{"position":[[129,9]]}}}],["replace(\"/\",\"_",{"_index":1232,"t":{"264":{"position":[[550,19]]}}}],["repo",{"_index":411,"t":{"186":{"position":[[176,4],[188,4]]},"234":{"position":[[1076,8]]},"248":{"position":[[2497,4]]},"268":{"position":[[3718,4]]}}}],["report",{"_index":1456,"t":{"276":{"position":[[1381,8]]},"278":{"position":[[1453,8]]}}}],["repositori",{"_index":373,"t":{"180":{"position":[[108,10],[126,10],[186,10]]},"186":{"position":[[239,10],[304,10],[360,10]]},"234":{"position":[[329,11],[953,11],[1018,10],[1056,11],[1126,10],[1236,10],[1320,11],[1445,10]]},"254":{"position":[[245,12],[696,10]]},"268":{"position":[[3771,10],[3862,10],[3917,11]]}}}],["repository=/index.php/apps/oauth2/api/v1/token",{"_index":1174,"t":{"250":{"position":[[714,40]]}}}],["url>/index.php/apps/oauth2/author",{"_index":1173,"t":{"250":{"position":[[647,37]]}}}],["url>/ocs/v2.php/cloud/user?format=json",{"_index":1175,"t":{"250":{"position":[[786,39]]}}}],["url]/stat",{"_index":1415,"t":{"270":{"position":[[984,13]]}}}],["url]/var/www/stat",{"_index":1411,"t":{"270":{"position":[[629,21]]}}}],["urldefault",{"_index":531,"t":{"204":{"position":[[457,10]]}}}],["urleg",{"_index":521,"t":{"204":{"position":[[102,6],[1006,6]]}}}],["urlparameterrul",{"_index":513,"t":{"202":{"position":[[1297,18]]},"218":{"position":[[32,16]]}}}],["us",{"_index":19,"t":{"155":{"position":[[196,5],[322,5],[682,5]]},"157":{"position":[[761,6]]},"161":{"position":[[550,4]]},"163":{"position":[[3,3],[361,3]]},"165":{"position":[[293,3],[659,5]]},"167":{"position":[[3,3],[141,5],[182,5]]},"169":{"position":[[64,5],[473,5]]},"171":{"position":[[100,5],[1352,3]]},"176":{"position":[[394,4],[626,4],[861,4],[953,4],[963,5],[1217,4],[1433,3],[1539,4],[1741,3],[1842,4]]},"178":{"position":[[233,4]]},"182":{"position":[[517,4]]},"186":{"position":[[285,3]]},"190":{"position":[[391,3]]},"192":{"position":[[183,4]]},"194":{"position":[[738,4]]},"196":{"position":[[210,5]]},"198":{"position":[[98,4],[193,4]]},"200":{"position":[[542,4]]},"202":{"position":[[941,3]]},"204":{"position":[[902,3],[1478,4]]},"206":{"position":[[467,4],[1738,4],[1826,4]]},"208":{"position":[[55,4]]},"220":{"position":[[316,4],[462,4],[528,5],[730,3],[2058,4]]},"224":{"position":[[390,5]]},"226":{"position":[[1144,5],[1577,5],[1709,3],[1812,3]]},"228":{"position":[[1042,3],[1947,5],[2287,5]]},"230":{"position":[[435,5]]},"234":{"position":[[1426,3],[1686,5]]},"236":{"position":[[47,3],[1135,4],[1440,5]]},"238":{"position":[[1377,5],[1842,3],[1883,5],[3126,3],[3932,5],[4239,5],[4739,5],[4828,5],[5249,6],[5417,5]]},"240":{"position":[[160,5],[1042,5]]},"244":{"position":[[175,4]]},"246":{"position":[[194,3],[263,4],[566,5],[1484,5],[1617,5],[4707,3]]},"248":{"position":[[2172,3],[3211,3]]},"250":{"position":[[105,5],[276,5]]},"252":{"position":[[370,3],[670,3]]},"254":{"position":[[43,3],[307,3],[555,3],[707,3]]},"258":{"position":[[29,3],[105,3],[209,3]]},"260":{"position":[[139,3]]},"264":{"position":[[35,3]]},"266":{"position":[[286,4]]},"268":{"position":[[900,3],[1181,4],[1542,3],[2414,3],[2658,3],[3427,3],[3507,3],[3843,3],[4686,3],[4727,3],[5448,5],[5571,3],[5936,4],[6113,4],[7271,4],[7655,3],[7741,3],[7809,4],[8331,4],[8420,4],[8517,4],[8614,4],[8701,4],[8809,4],[9204,4],[9613,4],[9646,3],[10048,4],[10116,3],[10201,4],[10234,3],[10361,4],[10394,3],[10415,3],[10502,3],[10533,3],[10661,3],[10932,5],[11095,3],[11503,4],[11938,7],[11980,4],[12148,7],[12256,7],[12430,3],[13702,5],[13818,5],[14108,4],[14255,5],[15731,3],[15890,5],[16308,3]]},"270":{"position":[[830,4],[1214,4]]},"272":{"position":[[299,6]]},"274":{"position":[[111,5],[735,5]]},"276":{"position":[[889,3]]},"278":{"position":[[744,3]]},"282":{"position":[[1651,5],[2677,3],[2719,3],[3589,3]]},"288":{"position":[[55,3],[330,3],[2299,3]]},"290":{"position":[[115,4]]},"292":{"position":[[78,4],[287,5]]},"294":{"position":[[992,4],[2306,4],[2625,5],[2864,3],[2880,3],[3125,3],[3243,3],[3273,3],[3497,5]]},"298":{"position":[[752,4],[942,4],[992,5]]},"300":{"position":[[218,5],[301,3],[670,3]]},"302":{"position":[[375,3],[751,4],[877,4],[1007,4],[1156,3],[1252,4]]},"304":{"position":[[345,5]]},"306":{"position":[[97,5]]}}}],["us/azure/act",{"_index":856,"t":{"228":{"position":[[2185,15]]}}}],["usag",{"_index":324,"t":{"176":{"position":[[62,5]]},"294":{"position":[[2613,6]]}}}],["use.typ",{"_index":634,"t":{"216":{"position":[[218,13],[314,13]]}}}],["useapplicationdefaultcredenti",{"_index":427,"t":{"190":{"position":[[296,32],[334,32]]}}}],["used.list",{"_index":648,"t":{"216":{"position":[[678,9]]}}}],["user",{"_index":88,"t":{"157":{"position":[[248,4],[643,4]]},"171":{"position":[[385,4],[1059,4]]},"176":{"position":[[92,5],[436,4]]},"180":{"position":[[161,4]]},"186":{"position":[[371,5],[386,5],[399,5]]},"196":{"position":[[173,5]]},"204":{"position":[[1120,4],[1220,4],[1321,4]]},"206":{"position":[[1635,5]]},"220":{"position":[[795,5]]},"226":{"position":[[397,6],[2710,4],[2978,4]]},"234":{"position":[[436,4],[463,5],[971,5],[1196,5],[1286,4],[1481,4],[1619,8]]},"238":{"position":[[288,6],[3575,4],[3800,5],[4198,4],[4592,4],[4597,5],[5188,5],[5263,4],[6511,4],[6828,5],[6965,4]]},"242":{"position":[[119,4]]},"246":{"position":[[2949,5]]},"250":{"position":[[58,5]]},"254":{"position":[[659,5]]},"268":{"position":[[3938,4],[3966,5],[4972,4],[5043,5],[6972,4],[7529,5],[7635,4],[7863,4],[7959,4],[7994,5],[8658,4],[8678,4],[8746,4],[11833,5],[14916,5]]},"274":{"position":[[748,4]]},"276":{"position":[[94,4],[356,4],[425,4],[1367,4]]},"278":{"position":[[1439,4]]},"282":{"position":[[1013,4],[1115,5],[1237,4],[1242,6]]},"290":{"position":[[138,4]]},"292":{"position":[[790,5]]},"294":{"position":[[184,4]]},"302":{"position":[[258,4]]},"304":{"position":[[12,4],[121,4],[282,4],[393,4]]}}}],["user'",{"_index":337,"t":{"176":{"position":[[760,6],[1148,6]]},"238":{"position":[[3864,6],[5218,6]]},"268":{"position":[[6894,6]]},"290":{"position":[[17,6]]},"302":{"position":[[1022,6]]}}}],["user/prefer_email_to_us",{"_index":267,"t":{"171":{"position":[[598,25]]}}}],["user/settings/appl",{"_index":1191,"t":{"256":{"position":[[52,28]]}}}],["user@domain.com",{"_index":1428,"t":{"276":{"position":[[215,17]]},"278":{"position":[[96,17]]}}}],["user_ag",{"_index":1461,"t":{"278":{"position":[[195,14]]}}}],["userag",{"_index":1455,"t":{"276":{"position":[[1346,9]]},"278":{"position":[[548,14],[1418,9]]}}}],["useridclaim",{"_index":555,"t":{"204":{"position":[[1255,11],[1274,11]]}}}],["userinfo",{"_index":924,"t":{"236":{"position":[[1376,8]]}}}],["usernam",{"_index":388,"t":{"182":{"position":[[475,8]]},"186":{"position":[[416,9]]},"194":{"position":[[696,8]]},"234":{"position":[[1506,8],[1644,9]]},"238":{"position":[[4606,8]]},"268":{"position":[[2484,8],[3984,8],[7579,8],[7684,8],[7745,8],[8064,8],[11912,8]]},"276":{"position":[[63,8],[708,13],[1416,8],[1457,8]]},"278":{"position":[[444,13],[1488,8],[1529,8]]}}}],["username@email.com",{"_index":1457,"t":{"276":{"position":[[1425,18]]},"278":{"position":[[1497,18]]}}}],["usptream",{"_index":705,"t":{"220":{"position":[[1683,8]]}}}],["utc",{"_index":1318,"t":{"268":{"position":[[5631,3]]}}}],["util",{"_index":589,"t":{"206":{"position":[[1200,7]]}}}],["uuid",{"_index":1451,"t":{"276":{"position":[[1217,4]]},"278":{"position":[[1080,4]]}}}],["v1",{"_index":839,"t":{"228":{"position":[[1319,2]]}}}],["v19.0.0",{"_index":944,"t":{"238":{"position":[[1305,8]]}}}],["v2",{"_index":847,"t":{"228":{"position":[[1617,2]]},"286":{"position":[[12,2]]},"288":{"position":[[93,2]]}}}],["v2.0",{"_index":837,"t":{"228":{"position":[[1046,4],[1953,4]]}}}],["v3.0.0",{"_index":46,"t":{"155":{"position":[[520,7]]}}}],["v7.5.0",{"_index":7,"t":{"155":{"position":[[70,7]]}}}],["valid",{"_index":35,"t":{"155":{"position":[[382,9]]},"163":{"position":[[231,8]]},"171":{"position":[[966,8]]},"184":{"position":[[254,5]]},"206":{"position":[[2299,10]]},"208":{"position":[[109,5]]},"216":{"position":[[691,5]]},"218":{"position":[[172,5]]},"224":{"position":[[189,5]]},"226":{"position":[[962,9]]},"232":{"position":[[83,5]]},"234":{"position":[[1910,8]]},"236":{"position":[[168,5],[827,8]]},"238":{"position":[[262,8],[922,5],[2337,5],[3794,5]]},"250":{"position":[[756,8],[849,8]]},"256":{"position":[[595,8]]},"264":{"position":[[572,5]]},"268":{"position":[[180,6],[13660,10],[13776,10],[14269,5],[15014,8],[15047,10],[16016,5]]},"294":{"position":[[1795,5],[1928,6],[2082,5],[2250,8]]},"298":{"position":[[1017,5]]}}}],["validateurl",{"_index":609,"t":{"206":{"position":[[2248,11],[2267,11]]}}}],["valu",{"_index":322,"t":{"174":{"position":[[117,5]]},"176":{"position":[[723,6],[798,6],[1111,6],[1186,6]]},"178":{"position":[[143,5],[296,5]]},"182":{"position":[[62,5],[191,5],[292,5],[433,5],[538,6]]},"192":{"position":[[330,6],[533,6],[554,6],[582,6]]},"194":{"position":[[60,5],[110,5],[139,5],[152,5],[190,6],[337,6],[412,5],[513,5],[654,5],[759,6]]},"200":{"position":[[215,5],[224,6],[521,5],[732,5]]},"202":{"position":[[117,6],[144,6],[158,6],[174,6],[281,6],[326,6],[342,6],[412,6],[1226,5],[1235,6]]},"206":{"position":[[186,5],[319,5],[1388,5]]},"212":{"position":[[89,6],[184,5],[197,5],[235,6],[382,6]]},"218":{"position":[[250,5],[320,5],[335,5],[373,5],[481,6],[560,6],[610,5]]},"220":{"position":[[259,5]]},"224":{"position":[[423,6]]},"228":{"position":[[1264,5]]},"236":{"position":[[1539,5]]},"238":{"position":[[1731,6]]},"268":{"position":[[38,6],[4353,5]]},"270":{"position":[[795,5]]},"276":{"position":[[979,5]]},"278":{"position":[[834,5]]},"294":{"position":[[203,5],[1204,5],[1617,5]]}}}],["values.nam",{"_index":434,"t":{"192":{"position":[[204,12]]}}}],["values/acr_valu",{"_index":293,"t":{"171":{"position":[[1041,17]]}}}],["var/www/stat",{"_index":1414,"t":{"270":{"position":[[933,16]]}}}],["variabl",{"_index":62,"t":{"155":{"position":[[738,9]]},"171":{"position":[[61,9]]},"194":{"position":[[255,9]]},"212":{"position":[[300,9]]},"248":{"position":[[2157,10],[2303,9],[2366,9],[2747,9]]},"250":{"position":[[192,9]]},"262":{"position":[[69,9],[183,9],[209,9]]},"272":{"position":[[63,8],[238,8]]},"274":{"position":[[613,10]]},"276":{"position":[[776,9],[804,8]]},"278":{"position":[[628,9],[659,8]]},"280":{"position":[[500,9],[532,8]]},"282":{"position":[[2202,9],[2838,9],[3826,8]]},"302":{"position":[[189,9]]}}}],["verif",{"_index":529,"t":{"204":{"position":[[364,12],[1487,13],[1598,12]]},"220":{"position":[[1543,12]]},"268":{"position":[[6427,12],[6785,13],[7150,12],[9808,12]]}}}],["verifi",{"_index":38,"t":{"155":{"position":[[419,9]]},"186":{"position":[[294,9]]},"204":{"position":[[530,9],[1424,8]]},"234":{"position":[[1435,9]]},"238":{"position":[[3715,9]]},"268":{"position":[[3852,9],[6384,8],[6600,9],[9787,6],[13247,8],[13643,6],[13759,6]]}}}],["verifieddefault",{"_index":527,"t":{"204":{"position":[[260,15]]}}}],["verify/ssl_upstream_insecure_skip_verifi",{"_index":254,"t":{"171":{"position":[[252,40]]}}}],["version",{"_index":45,"t":{"155":{"position":[[512,7]]},"161":{"position":[[679,8]]},"216":{"position":[[123,7],[404,7],[466,7]]},"238":{"position":[[628,7],[765,7]]},"240":{"position":[[50,7],[111,7]]},"268":{"position":[[14392,7],[14419,7],[15069,7],[15087,7]]},"298":{"position":[[581,7],[670,8],[705,7],[772,8],[950,7]]}}}],["version=tls1.3",{"_index":1633,"t":{"298":{"position":[[615,15]]}}}],["via",{"_index":311,"t":{"171":{"position":[[1377,3],[1390,3]]},"200":{"position":[[382,3]]},"202":{"position":[[1397,3]]},"248":{"position":[[3308,3]]},"250":{"position":[[161,3]]},"262":{"position":[[31,3]]},"268":{"position":[[470,3],[7229,3],[7434,3],[10568,3]]},"276":{"position":[[1027,3]]},"282":{"position":[[71,3],[1007,3],[2944,3],[3755,3]]},"286":{"position":[[78,3]]},"294":{"position":[[717,3],[2720,3]]},"300":{"position":[[733,3]]}}}],["visit",{"_index":1044,"t":{"246":{"position":[[1351,8]]}}}],["volum",{"_index":1425,"t":{"274":{"position":[[841,7]]}}}],["vulner",{"_index":133,"t":{"161":{"position":[[37,13],[606,13]]},"163":{"position":[[75,16],[308,15]]}}}],["wait",{"_index":729,"t":{"220":{"position":[[2541,4]]},"268":{"position":[[14725,4]]}}}],["want",{"_index":658,"t":{"218":{"position":[[574,4]]},"228":{"position":[[307,4]]},"238":{"position":[[5303,4]]},"246":{"position":[[1739,4]]},"248":{"position":[[580,4]]},"270":{"position":[[677,5]]},"294":{"position":[[2856,4]]},"304":{"position":[[865,4]]}}}],["warn",{"_index":213,"t":{"165":{"position":[[251,8]]},"268":{"position":[[12372,9],[15597,8]]}}}],["way",{"_index":467,"t":{"200":{"position":[[328,4]]},"234":{"position":[[217,4]]},"248":{"position":[[1086,3]]}}}],["web",{"_index":758,"t":{"226":{"position":[[533,4]]},"228":{"position":[[266,3]]},"246":{"position":[[1259,3],[2591,3],[3802,3],[3921,3]]}}}],["websocket",{"_index":725,"t":{"220":{"position":[[2428,10]]},"268":{"position":[[9048,10],[9072,9]]}}}],["websockets/proxy_websocket",{"_index":252,"t":{"171":{"position":[[197,27]]}}}],["well",{"_index":631,"t":{"216":{"position":[[91,4]]},"268":{"position":[[2958,5],[2996,5]]},"294":{"position":[[2686,4],[2907,4],[3070,5]]}}}],["whenstream",{"_index":717,"t":{"220":{"position":[[2172,13]]}}}],["whether",{"_index":429,"t":{"190":{"position":[[380,7]]},"192":{"position":[[318,7]]},"218":{"position":[[155,7]]},"220":{"position":[[2281,7]]},"240":{"position":[[144,7]]},"250":{"position":[[241,7]]},"268":{"position":[[11405,7]]}}}],["whitelist",{"_index":1387,"t":{"268":{"position":[[15104,9],[15900,9],[16251,11]]},"304":{"position":[[954,9]]}}}],["whole",{"_index":660,"t":{"218":{"position":[[594,5]]},"286":{"position":[[236,5]]},"294":{"position":[[939,5]]}}}],["whose",{"_index":303,"t":{"171":{"position":[[1258,5]]}}}],["wide_authority_to_your_service_account",{"_index":784,"t":{"226":{"position":[[1475,38]]}}}],["window",{"_index":869,"t":{"230":{"position":[[45,7]]}}}],["wish",{"_index":1053,"t":{"246":{"position":[[1839,4],[2271,4],[2364,4],[2969,4]]},"252":{"position":[[95,5]]}}}],["within",{"_index":134,"t":{"161":{"position":[[51,6]]},"165":{"position":[[131,6]]},"176":{"position":[[230,6]]},"182":{"position":[[81,6]]},"192":{"position":[[234,6]]},"212":{"position":[[112,6]]},"220":{"position":[[912,6]]},"226":{"position":[[1763,6]]},"234":{"position":[[703,6]]},"246":{"position":[[4737,6]]},"292":{"position":[[568,6]]}}}],["without",{"_index":211,"t":{"165":{"position":[[237,7]]},"176":{"position":[[307,7]]},"282":{"position":[[184,7]]},"286":{"position":[[215,7]]},"288":{"position":[[43,7]]}}}],["wizard",{"_index":872,"t":{"230":{"position":[[221,6]]}}}],["wo",{"_index":1568,"t":{"288":{"position":[[846,2],[2056,2]]}}}],["won't",{"_index":834,"t":{"228":{"position":[[897,5]]}}}],["work",{"_index":118,"t":{"159":{"position":[[61,4]]},"240":{"position":[[102,4],[546,4]]},"246":{"position":[[1236,7],[1940,5],[2437,4]]},"248":{"position":[[210,4]]},"268":{"position":[[14973,5]]},"282":{"position":[[1528,4]]}}}],["workload",{"_index":776,"t":{"226":{"position":[[1184,8],[1204,8],[1623,8],[1643,8],[1930,8],[1981,8],[2030,8]]},"268":{"position":[[4805,8]]}}}],["write",{"_index":893,"t":{"234":{"position":[[1300,5]]}}}],["x",{"_index":923,"t":{"236":{"position":[[1289,1]]},"268":{"position":[[7233,1],[7314,1],[7517,1],[7535,1],[7557,1],[7982,1],[8000,1],[8020,1],[8042,1],[9293,1],[9310,1],[9324,1],[9340,1],[11128,1],[11426,1],[11460,1],[11818,1],[11839,1],[11862,1],[11887,1],[12011,1],[13080,1]]},"276":{"position":[[897,1]]},"278":{"position":[[752,1]]},"282":{"position":[[399,1],[440,1],[475,1],[576,1],[737,1],[778,1],[1011,1],[1022,1],[1235,1],[1266,1],[1445,1]]},"288":{"position":[[337,1],[2001,1],[2177,1]]},"300":{"position":[[1035,1],[1076,1]]},"304":{"position":[[570,1]]}}}],["x.y.z.linux",{"_index":49,"t":{"155":{"position":[[569,11]]}}}],["x509",{"_index":1118,"t":{"248":{"position":[[1117,4]]}}}],["xauthrequest",{"_index":1331,"t":{"268":{"position":[[7287,12],[11796,12]]},"282":{"position":[[1080,12]]}}}],["xauthrequest/set_xauthrequest",{"_index":264,"t":{"171":{"position":[[502,29]]}}}],["xxx\"client_secret",{"_index":1091,"t":{"246":{"position":[[4580,18]]}}}],["xxxxx\"client_secret",{"_index":1064,"t":{"246":{"position":[[3263,20]]}}}],["yaml",{"_index":219,"t":{"165":{"position":[[464,4]]},"167":{"position":[[47,4]]},"169":{"position":[[295,4]]},"202":{"position":[[677,4]]},"286":{"position":[[288,6]]}}}],["you'd",{"_index":892,"t":{"234":{"position":[[1166,5]]}}}],["you'r",{"_index":775,"t":{"226":{"position":[[1133,6]]},"228":{"position":[[997,6]]}}}],["yourcompany.com",{"_index":962,"t":{"238":{"position":[[3680,17]]},"268":{"position":[[1107,18]]}}}],["yourself",{"_index":662,"t":{"218":{"position":[[635,8]]}}}],["yyy\"pass_access_token",{"_index":1092,"t":{"246":{"position":[[4601,22]]}}}],["yyyyy\"pass_access_token",{"_index":1065,"t":{"246":{"position":[[3286,24]]}}}],["zero",{"_index":1351,"t":{"268":{"position":[[10797,5]]},"294":{"position":[[3358,5]]}}}],["zzz\"cookie_secur",{"_index":1093,"t":{"246":{"position":[[4646,18]]}}}],["zzzzz\"skip_provider_button",{"_index":1067,"t":{"246":{"position":[[3333,27]]}}}]],"pipeline":["stemmer"]}}] \ No newline at end of file diff --git a/search/index.html b/search/index.html index e2b31b46..96fd5278 100644 --- a/search/index.html +++ b/search/index.html @@ -4,13 +4,13 @@ Search the documentation - +

    Search the documentation

    Copyright © 2023 OAuth2 Proxy.
    - + \ No newline at end of file