1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-07 01:17:14 +02:00

Merge pull request #464 from oauth2-proxy/migration

Migrate to oauth2-proxy/oauth2-proxy
This commit is contained in:
Joel Speed
2020-03-29 16:32:39 +01:00
committed by GitHub
73 changed files with 324 additions and 311 deletions

7
.github/CODEOWNERS vendored
View File

@ -1,10 +1,9 @@
# Default owner should be a Pusher cloud-team member or another maintainer # Default owner should be a core maintainer unless overridden by later rules in this file
# unless overridden by later rules in this file * @syscll @steakunderscore @JoelSpeed
* @pusher/cloud-team @syscll @steakunderscore @JoelSpeed
# login.gov provider # login.gov provider
# Note: If @timothy-spencer terms out of his appointment, your best bet # Note: If @timothy-spencer terms out of his appointment, your best bet
# for finding somebody who can test the oauth2_proxy would be to ask somebody # for finding somebody who can test the oauth2-proxy would be to ask somebody
# in the login.gov team (https://login.gov/developers/), the cloud.gov team # in the login.gov team (https://login.gov/developers/), the cloud.gov team
# (https://cloud.gov/docs/help/), or the 18F org (https://18f.gsa.gov/contact/ # (https://cloud.gov/docs/help/), or the 18F org (https://18f.gsa.gov/contact/
# or the public devops channel at https://chat.18f.gov/). # or the public devops channel at https://chat.18f.gov/).

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
oauth2_proxy oauth2-proxy
vendor vendor
dist dist
release release

View File

@ -6,8 +6,19 @@
## Breaking Changes ## Breaking Changes
- Migration from Pusher to independent org may have introduced breaking changes for your environment.
- See the changes listed below for PR [#464](https://github.com/oauth2-proxy/oauth2-proxy/pull/464) for full details
- Binaries renamed from `oauth2_proxy` to `oauth2-proxy`
## Changes since v5.1.0 ## Changes since v5.1.0
- [#464](https://github.com/oauth2-proxy/oauth2-proxy/pull/464) Migrate to oauth2-proxy/oauth2-proxy (@JoelSpeed)
- Project renamed from `pusher/oauth2_proxy` to `oauth2-proxy`
- Move Go import path from `github.com/pusher/oauth2_proxy` to `github.com/oauth2-proxy/oauth2-proxy`
- Remove Pusher Cloud Team from CODEOWNERS
- Release images moved to `quay.io/oauth2-proxy/oauth2-proxy`
- Binaries renamed from `oauth2_proxy` to `oauth2-proxy`
# v5.1.0 # v5.1.0
## Release Hightlights ## Release Hightlights
@ -24,21 +35,21 @@ N/A
## Changes since v5.0.0 ## Changes since v5.0.0
- [#450](https://github.com/pusher/oauth2_proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo) - [#450](https://github.com/oauth2-proxy/oauth2-proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo)
- [#445](https://github.com/pusher/oauth2_proxy/pull/445) Expose `acr_values` to all providers (@holyjak) - [#445](https://github.com/oauth2-proxy/oauth2-proxy/pull/445) Expose `acr_values` to all providers (@holyjak)
- [#419](https://github.com/pusher/oauth2_proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo) - [#419](https://github.com/oauth2-proxy/oauth2-proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo)
- [#444](https://github.com/pusher/oauth2_proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak) - [#444](https://github.com/oauth2-proxy/oauth2-proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak)
- [#435](https://github.com/pusher/oauth2_proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco) - [#435](https://github.com/oauth2-proxy/oauth2-proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco)
- [#400](https://github.com/pusher/oauth2_proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton) - [#400](https://github.com/oauth2-proxy/oauth2-proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton)
- [#385](https://github.com/pusher/oauth2_proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw) - [#385](https://github.com/oauth2-proxy/oauth2-proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw)
- [#372](https://github.com/pusher/oauth2_proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec) - [#372](https://github.com/oauth2-proxy/oauth2-proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec)
- [#335](https://github.com/pusher/oauth2_proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat) - [#335](https://github.com/oauth2-proxy/oauth2-proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat)
- [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) - [#363](https://github.com/oauth2-proxy/oauth2-proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf)
- [#353](https://github.com/pusher/oauth2_proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster) - [#353](https://github.com/oauth2-proxy/oauth2-proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster)
- [#355](https://github.com/pusher/oauth2_proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r) - [#355](https://github.com/oauth2-proxy/oauth2-proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r)
- [#401](https://github.com/pusher/oauth2_proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel) - [#401](https://github.com/oauth2-proxy/oauth2-proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel)
- [#405](https://github.com/pusher/oauth2_proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo) - [#405](https://github.com/oauth2-proxy/oauth2-proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo)
- [#434](https://github.com/pusher/oauth2_proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz) - [#434](https://github.com/oauth2-proxy/oauth2-proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz)
# v5.0.0 # v5.0.0
@ -49,23 +60,23 @@ N/A
- DigitalOcean provider support added - DigitalOcean provider support added
## Important Notes ## Important Notes
- (Security) Fix for [open redirect vulnerability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain - (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain
## Breaking Changes ## Breaking Changes
- [#321](https://github.com/pusher/oauth2_proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted. - [#321](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted.
This defaults to false. **Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse proxy IP address**. This defaults to false. **Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse proxy IP address**.
## Changes since v4.1.0 ## Changes since v4.1.0
- [#331](https://github.com/pusher/oauth2_proxy/pull/331) Add reverse proxy setting (@martin-css) - [#331](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy setting (@martin-css)
- [#365](https://github.com/pusher/oauth2_proxy/pull/365) Build with CGO=0 (@tomelliff) - [#365](https://github.com/oauth2-proxy/oauth2-proxy/pull/365) Build with CGO=0 (@tomelliff)
- [#339](https://github.com/pusher/oauth2_proxy/pull/339) Add configuration for cookie 'SameSite' value. (@pgroudas) - [#339](https://github.com/oauth2-proxy/oauth2-proxy/pull/339) Add configuration for cookie 'SameSite' value. (@pgroudas)
- [#347](https://github.com/pusher/oauth2_proxy/pull/347) Update keycloak provider configuration documentation. (@sushiMix) - [#347](https://github.com/oauth2-proxy/oauth2-proxy/pull/347) Update keycloak provider configuration documentation. (@sushiMix)
- [#325](https://github.com/pusher/oauth2_proxy/pull/325) dist.sh: use sha256sum (@syscll) - [#325](https://github.com/oauth2-proxy/oauth2-proxy/pull/325) dist.sh: use sha256sum (@syscll)
- [#179](https://github.com/pusher/oauth2_proxy/pull/179) Add Nextcloud provider (@Ramblurr) - [#179](https://github.com/oauth2-proxy/oauth2-proxy/pull/179) Add Nextcloud provider (@Ramblurr)
- [#280](https://github.com/pusher/oauth2_proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7) - [#280](https://github.com/oauth2-proxy/oauth2-proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7)
- [#351](https://github.com/pusher/oauth2_proxy/pull/351) Add DigitalOcean Auth provider (@kamaln7) - [#351](https://github.com/oauth2-proxy/oauth2-proxy/pull/351) Add DigitalOcean Auth provider (@kamaln7)
# v4.1.0 # v4.1.0
@ -84,29 +95,29 @@ N/A
N/A N/A
## Changes since v4.0.0 ## Changes since v4.0.0
- [#292](https://github.com/pusher/oauth2_proxy/pull/292) Added bash >= 4.0 dependency to configure script (@jmfrank63) - [#292](https://github.com/oauth2-proxy/oauth2-proxy/pull/292) Added bash >= 4.0 dependency to configure script (@jmfrank63)
- [#227](https://github.com/pusher/oauth2_proxy/pull/227) Add Keycloak provider (@Ofinka) - [#227](https://github.com/oauth2-proxy/oauth2-proxy/pull/227) Add Keycloak provider (@Ofinka)
- [#259](https://github.com/pusher/oauth2_proxy/pull/259) Redirect to HTTPS (@jmickey) - [#259](https://github.com/oauth2-proxy/oauth2-proxy/pull/259) Redirect to HTTPS (@jmickey)
- [#273](https://github.com/pusher/oauth2_proxy/pull/273) Support Go 1.13 (@dio) - [#273](https://github.com/oauth2-proxy/oauth2-proxy/pull/273) Support Go 1.13 (@dio)
- [#275](https://github.com/pusher/oauth2_proxy/pull/275) docker: build from debian buster (@syscll) - [#275](https://github.com/oauth2-proxy/oauth2-proxy/pull/275) docker: build from debian buster (@syscll)
- [#258](https://github.com/pusher/oauth2_proxy/pull/258) Add IDToken for Azure provider (@leyshon) - [#258](https://github.com/oauth2-proxy/oauth2-proxy/pull/258) Add IDToken for Azure provider (@leyshon)
- This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://pusher.github.io/oauth2_proxy/configuration#redis-storage) - This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://oauth2-proxy.github.io/oauth2-proxy/configuration#redis-storage)
- [#286](https://github.com/pusher/oauth2_proxy/pull/286) Requests.go updated with useful error messages (@biotom) - [#286](https://github.com/oauth2-proxy/oauth2-proxy/pull/286) Requests.go updated with useful error messages (@biotom)
- [#274](https://github.com/pusher/oauth2_proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina) - [#274](https://github.com/oauth2-proxy/oauth2-proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina)
- [#302](https://github.com/pusher/oauth2_proxy/pull/302) Rewrite dist script (@syscll) - [#302](https://github.com/oauth2-proxy/oauth2-proxy/pull/302) Rewrite dist script (@syscll)
- [#304](https://github.com/pusher/oauth2_proxy/pull/304) Add new Logo! :tada: (@JoelSpeed) - [#304](https://github.com/oauth2-proxy/oauth2-proxy/pull/304) Add new Logo! :tada: (@JoelSpeed)
- [#300](https://github.com/pusher/oauth2_proxy/pull/300) Added userinfo endpoint (@kbabuadze) - [#300](https://github.com/oauth2-proxy/oauth2-proxy/pull/300) Added userinfo endpoint (@kbabuadze)
- [#309](https://github.com/pusher/oauth2_proxy/pull/309) Added support for custom CA when connecting to Redis cache (@lleszczu) - [#309](https://github.com/oauth2-proxy/oauth2-proxy/pull/309) Added support for custom CA when connecting to Redis cache (@lleszczu)
- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard) - [#248](https://github.com/oauth2-proxy/oauth2-proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard)
- [#314](https://github.com/pusher/oauth2_proxy/pull/314) Add redirect capability to sign_out (@costelmoraru) - [#314](https://github.com/oauth2-proxy/oauth2-proxy/pull/314) Add redirect capability to sign_out (@costelmoraru)
- [#265](https://github.com/pusher/oauth2_proxy/pull/265) Add upstream with static response (@cgroschupp) - [#265](https://github.com/oauth2-proxy/oauth2-proxy/pull/265) Add upstream with static response (@cgroschupp)
- [#317](https://github.com/pusher/oauth2_proxy/pull/317) Add build for FreeBSD (@fnkr) - [#317](https://github.com/oauth2-proxy/oauth2-proxy/pull/317) Add build for FreeBSD (@fnkr)
- [#296](https://github.com/pusher/oauth2_proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster) - [#296](https://github.com/oauth2-proxy/oauth2-proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster)
# v4.0.0 # v4.0.0
## Release Highlights ## Release Highlights
- Documentation is now on a [microsite](https://pusher.github.io/oauth2_proxy/) - Documentation is now on a [microsite](https://oauth2-proxy.github.io/oauth2-proxy/)
- Health check logging can now be disabled for quieter logs - Health check logging can now be disabled for quieter logs
- Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users - Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users
- Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing) - Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing)
@ -118,11 +129,11 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly.
## Breaking Changes ## Breaking Changes
- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Rework GitLab provider - [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Rework GitLab provider
- This PR changes the configuration options for the GitLab provider to use - This PR changes the configuration options for the GitLab provider to use
a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than
explicit `-login-url`, `-redeem-url` and `-validate-url` parameters. explicit `-login-url`, `-redeem-url` and `-validate-url` parameters.
- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent - [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent
- This PR changes configuration options so that all flags have a config counterpart - This PR changes configuration options so that all flags have a config counterpart
of the same name but with underscores (`_`) in place of hyphens (`-`). of the same name but with underscores (`_`) in place of hyphens (`-`).
This change affects the following flags: This change affects the following flags:
@ -138,34 +149,34 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly.
This change affects the following existing environment variables: This change affects the following existing environment variables:
- The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`. - The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`.
- The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`. - The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`.
- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field - [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field
- This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain - This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain
a username. a username.
In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains
the user's full email address instead. the user's full email address instead.
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Pre-built binary tarballs changed format - [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Pre-built binary tarballs changed format
- The pre-built binary tarballs again match the format of the [bitly](https://github.com/bitly/oauth2_proxy) repository, where the unpacked directory - The pre-built binary tarballs again match the format of the [bitly](https://github.com/bitly/oauth2_proxy) repository, where the unpacked directory
has the same name as the tarball and the binary is always named `oauth2_proxy`. This was done to restore compatibility with third-party automation has the same name as the tarball and the binary is always named `oauth2_proxy`. This was done to restore compatibility with third-party automation
recipes like https://github.com/jhoblitt/puppet-oauth2_proxy. recipes like https://github.com/jhoblitt/puppet-oauth2_proxy.
## Changes since v3.2.0 ## Changes since v3.2.0
- [#234](https://github.com/pusher/oauth2_proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger) - [#234](https://github.com/oauth2-proxy/oauth2-proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger)
- [#224](https://github.com/pusher/oauth2_proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant) - [#224](https://github.com/oauth2-proxy/oauth2-proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant)
- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv) - [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv)
- [#226](https://github.com/pusher/oauth2_proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg) - [#226](https://github.com/oauth2-proxy/oauth2-proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg)
- [#178](https://github.com/pusher/oauth2_proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes) - [#178](https://github.com/oauth2-proxy/oauth2-proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes)
- [#209](https://github.com/pusher/oauth2_proxy/pull/209) Improve docker build caching of layers (@dekimsey) - [#209](https://github.com/oauth2-proxy/oauth2-proxy/pull/209) Improve docker build caching of layers (@dekimsey)
- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed) - [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent (@JoelSpeed)
- [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) - [#187](https://github.com/oauth2-proxy/oauth2-proxy/pull/187) Move root packages to pkg folder (@JoelSpeed)
- [#65](https://github.com/pusher/oauth2_proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via - [#65](https://github.com/oauth2-proxy/oauth2-proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via
the `-skip-jwt-bearer-token` options. (@brianv0) the `-skip-jwt-bearer-token` options. (@brianv0)
- Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL - Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL
(e.g. `https://example.com/.well-known/jwks.json`). (e.g. `https://example.com/.well-known/jwks.json`).
- [#180](https://github.com/pusher/oauth2_proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg). - [#180](https://github.com/oauth2-proxy/oauth2-proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg).
- [#175](https://github.com/pusher/oauth2_proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). - [#175](https://github.com/oauth2-proxy/oauth2-proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg).
- Includes fix for potential signature checking issue when OIDC discovery is skipped. - Includes fix for potential signature checking issue when OIDC discovery is skipped.
- [#155](https://github.com/pusher/oauth2_proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed) - [#155](https://github.com/oauth2-proxy/oauth2-proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed)
- Implement flags to configure the redis session store - Implement flags to configure the redis session store
- `-session-store-type=redis` Sets the store type to redis - `-session-store-type=redis` Sets the store type to redis
- `-redis-connection-url` Sets the Redis connection URL - `-redis-connection-url` Sets the Redis connection URL
@ -175,18 +186,18 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly.
- Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret. - Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret.
- Redis Sessions are stored encrypted with a per-session secret - Redis Sessions are stored encrypted with a per-session secret
- Added tests for server based session stores - Added tests for server based session stores
- [#168](https://github.com/pusher/oauth2_proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed) - [#168](https://github.com/oauth2-proxy/oauth2-proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed)
- [#169](https://github.com/pusher/oauth2_proxy/pull/169) Update Alpine to 3.9 (@kskewes) - [#169](https://github.com/oauth2-proxy/oauth2-proxy/pull/169) Update Alpine to 3.9 (@kskewes)
- [#148](https://github.com/pusher/oauth2_proxy/pull/148) Implement SessionStore interface within proxy (@JoelSpeed) - [#148](https://github.com/oauth2-proxy/oauth2-proxy/pull/148) Implement SessionStore interface within proxy (@JoelSpeed)
- [#147](https://github.com/pusher/oauth2_proxy/pull/147) Add SessionStore interfaces and initial implementation (@JoelSpeed) - [#147](https://github.com/oauth2-proxy/oauth2-proxy/pull/147) Add SessionStore interfaces and initial implementation (@JoelSpeed)
- Allows for multiple different session storage implementations including client and server side - Allows for multiple different session storage implementations including client and server side
- Adds tests suite for interface to ensure consistency across implementations - Adds tests suite for interface to ensure consistency across implementations
- Refactor some configuration options (around cookies) into packages - Refactor some configuration options (around cookies) into packages
- [#114](https://github.com/pusher/oauth2_proxy/pull/114), [#154](https://github.com/pusher/oauth2_proxy/pull/154) Documentation is now available live at our [docs website](https://pusher.github.io/oauth2_proxy/) (@JoelSpeed, @icelynjennings) - [#114](https://github.com/oauth2-proxy/oauth2-proxy/pull/114), [#154](https://github.com/oauth2-proxy/oauth2-proxy/pull/154) Documentation is now available live at our [docs website](https://oauth2-proxy.github.io/oauth2-proxy/) (@JoelSpeed, @icelynjennings)
- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath) - [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath)
- [#144](https://github.com/pusher/oauth2_proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes) - [#144](https://github.com/oauth2-proxy/oauth2-proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes)
- [#142](https://github.com/pusher/oauth2_proxy/pull/142) ARM Docker USER fix (@kskewes) - [#142](https://github.com/oauth2-proxy/oauth2-proxy/pull/142) ARM Docker USER fix (@kskewes)
- [#52](https://github.com/pusher/oauth2_proxy/pull/52) Logging Improvements (@MisterWil) - [#52](https://github.com/oauth2-proxy/oauth2-proxy/pull/52) Logging Improvements (@MisterWil)
- Implement flags to configure file logging - Implement flags to configure file logging
- `-logging-filename` Defines the filename to log to - `-logging-filename` Defines the filename to log to
- `-logging-max-size` Defines the maximum - `-logging-max-size` Defines the maximum
@ -200,21 +211,21 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly.
- Implement two new flags to customize the logging format - Implement two new flags to customize the logging format
- `-standard-logging-format` Sets the format for standard logging - `-standard-logging-format` Sets the format for standard logging
- `-auth-logging-format` Sets the format for auth logging - `-auth-logging-format` Sets the format for auth logging
- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer) - [#111](https://github.com/oauth2-proxy/oauth2-proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha) - [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas) - [#185](https://github.com/oauth2-proxy/oauth2-proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas)
- [#141](https://github.com/pusher/oauth2_proxy/pull/141) Check google group membership based on email address (@bchess) - [#141](https://github.com/oauth2-proxy/oauth2-proxy/pull/141) Check google group membership based on email address (@bchess)
- Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized. - Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized.
- [#195](https://github.com/pusher/oauth2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore) - [#195](https://github.com/oauth2-proxy/oauth2-proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore)
- [#198](https://github.com/pusher/oauth2_proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore) - [#198](https://github.com/oauth2-proxy/oauth2-proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore)
- [#159](https://github.com/pusher/oauth2_proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay) - [#159](https://github.com/oauth2-proxy/oauth2-proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay)
- [#210](https://github.com/pusher/oauth2_proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore) - [#210](https://github.com/oauth2-proxy/oauth2-proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore)
- [#201](https://github.com/pusher/oauth2_proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d) - [#201](https://github.com/oauth2-proxy/oauth2-proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d)
- Implement flags to enable Bitbucket authentication: - Implement flags to enable Bitbucket authentication:
- `-bitbucket-repository` Restrict authorization to users that can access this repository - `-bitbucket-repository` Restrict authorization to users that can access this repository
- `-bitbucket-team` Restrict authorization to users that are part of this Bitbucket team - `-bitbucket-team` Restrict authorization to users that are part of this Bitbucket team
- [#211](https://github.com/pusher/oauth2_proxy/pull/211) Switch from dep to go modules (@steakunderscore) - [#211](https://github.com/oauth2-proxy/oauth2-proxy/pull/211) Switch from dep to go modules (@steakunderscore)
- [#145](https://github.com/pusher/oauth2_proxy/pull/145) Add support for OIDC UserInfo endpoint email verification (@rtluckie) - [#145](https://github.com/oauth2-proxy/oauth2-proxy/pull/145) Add support for OIDC UserInfo endpoint email verification (@rtluckie)
# v3.2.0 # v3.2.0
@ -234,25 +245,25 @@ instead of returning an error
## Changes since v3.1.0 ## Changes since v3.1.0
- [#96](https://github.com/bitly/oauth2_proxy/pull/96) Check if email is verified on GitHub (@caarlos0) - [#96](https://github.com/bitly/oauth2_proxy/pull/96) Check if email is verified on GitHub (@caarlos0)
- [#110](https://github.com/pusher/oauth2_proxy/pull/110) Added GCP healthcheck option (@timothy-spencer) - [#110](https://github.com/oauth2-proxy/oauth2-proxy/pull/110) Added GCP healthcheck option (@timothy-spencer)
- [#112](https://github.com/pusher/oauth2_proxy/pull/112) Improve websocket support (@gyson) - [#112](https://github.com/oauth2-proxy/oauth2-proxy/pull/112) Improve websocket support (@gyson)
- [#63](https://github.com/pusher/oauth2_proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi) - [#63](https://github.com/oauth2-proxy/oauth2-proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi)
- Use JSON to encode session state to be stored in browser cookies - Use JSON to encode session state to be stored in browser cookies
- Implement legacy decode function to support existing cookies generated by older versions - Implement legacy decode function to support existing cookies generated by older versions
- Add detailed table driven tests in session_state_test.go - Add detailed table driven tests in session_state_test.go
- [#120](https://github.com/pusher/oauth2_proxy/pull/120) Encrypting user/email from cookie (@costelmoraru) - [#120](https://github.com/oauth2-proxy/oauth2-proxy/pull/120) Encrypting user/email from cookie (@costelmoraru)
- [#55](https://github.com/pusher/oauth2_proxy/pull/55) Added login.gov provider (@timothy-spencer) - [#55](https://github.com/oauth2-proxy/oauth2-proxy/pull/55) Added login.gov provider (@timothy-spencer)
- [#55](https://github.com/pusher/oauth2_proxy/pull/55) Added environment variables for all config options (@timothy-spencer) - [#55](https://github.com/oauth2-proxy/oauth2-proxy/pull/55) Added environment variables for all config options (@timothy-spencer)
- [#70](https://github.com/pusher/oauth2_proxy/pull/70) Fix handling of splitted cookies (@einfachchr) - [#70](https://github.com/oauth2-proxy/oauth2-proxy/pull/70) Fix handling of splitted cookies (@einfachchr)
- [#92](https://github.com/pusher/oauth2_proxy/pull/92) Merge websocket proxy feature from openshift/oauth-proxy (@butzist) - [#92](https://github.com/oauth2-proxy/oauth2-proxy/pull/92) Merge websocket proxy feature from openshift/oauth-proxy (@butzist)
- [#57](https://github.com/pusher/oauth2_proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius) - [#57](https://github.com/oauth2-proxy/oauth2-proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius)
- [#85](https://github.com/pusher/oauth2_proxy/pull/85) Use non-root user in docker images (@kskewes) - [#85](https://github.com/oauth2-proxy/oauth2-proxy/pull/85) Use non-root user in docker images (@kskewes)
- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove) - [#68](https://github.com/oauth2-proxy/oauth2-proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove)
- [#41](https://github.com/pusher/oauth2_proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery - [#41](https://github.com/oauth2-proxy/oauth2-proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery
- [#83](https://github.com/pusher/oauth2_proxy/pull/83) Add `id_token` refresh to Google provider (@leki75) - [#83](https://github.com/oauth2-proxy/oauth2-proxy/pull/83) Add `id_token` refresh to Google provider (@leki75)
- [#10](https://github.com/pusher/oauth2_proxy/pull/10) fix redirect url param handling (@dt-rush) - [#10](https://github.com/oauth2-proxy/oauth2-proxy/pull/10) fix redirect url param handling (@dt-rush)
- [#122](https://github.com/pusher/oauth2_proxy/pull/122) Expose -cookie-path as configuration parameter (@costelmoraru) - [#122](https://github.com/oauth2-proxy/oauth2-proxy/pull/122) Expose -cookie-path as configuration parameter (@costelmoraru)
- [#124](https://github.com/pusher/oauth2_proxy/pull/124) Use Go 1.12 for testing and build environments (@syscll) - [#124](https://github.com/oauth2-proxy/oauth2-proxy/pull/124) Use Go 1.12 for testing and build environments (@syscll)
# v3.1.0 # v3.1.0
@ -273,27 +284,27 @@ instead of returning an error
- Streamed responses will now be flushed every 1 second by default. - Streamed responses will now be flushed every 1 second by default.
Previously streamed responses were flushed only when the buffer was full. Previously streamed responses were flushed only when the buffer was full.
To retain the old behaviour set `--flush-interval=0`. To retain the old behaviour set `--flush-interval=0`.
See [#23](https://github.com/pusher/oauth2_proxy/pull/23) for further details. See [#23](https://github.com/oauth2-proxy/oauth2-proxy/pull/23) for further details.
## Changes since v3.0.0 ## Changes since v3.0.0
- [#14](https://github.com/pusher/oauth2_proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) - [#14](https://github.com/oauth2-proxy/oauth2-proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed)
- Implement `pass-authorization-header` and `set-authorization-header` flags - Implement `pass-authorization-header` and `set-authorization-header` flags
- Implement token refreshing in OIDC provider - Implement token refreshing in OIDC provider
- Split cookies larger than 4k limit into multiple cookies - Split cookies larger than 4k limit into multiple cookies
- Implement token validation in OIDC provider - Implement token validation in OIDC provider
- [#15](https://github.com/pusher/oauth2_proxy/pull/15) WhitelistDomains (@joelspeed) - [#15](https://github.com/oauth2-proxy/oauth2-proxy/pull/15) WhitelistDomains (@joelspeed)
- Add `--whitelist-domain` flag to allow redirection to approved domains after OAuth flow - Add `--whitelist-domain` flag to allow redirection to approved domains after OAuth flow
- [#21](https://github.com/pusher/oauth2_proxy/pull/21) Docker Improvement (@yaegashi) - [#21](https://github.com/oauth2-proxy/oauth2-proxy/pull/21) Docker Improvement (@yaegashi)
- Move Docker base image from debian to alpine - Move Docker base image from debian to alpine
- Install ca-certificates in docker image - Install ca-certificates in docker image
- [#23](https://github.com/pusher/oauth2_proxy/pull/23) Flushed streaming responses - [#23](https://github.com/oauth2-proxy/oauth2-proxy/pull/23) Flushed streaming responses
- Long-running upstream responses will get flushed every <timeperiod> (1 second by default) - Long-running upstream responses will get flushed every <timeperiod> (1 second by default)
- [#24](https://github.com/pusher/oauth2_proxy/pull/24) Redirect fix (@agentgonzo) - [#24](https://github.com/oauth2-proxy/oauth2-proxy/pull/24) Redirect fix (@agentgonzo)
- After a successful login, you will be redirected to your original URL rather than / - After a successful login, you will be redirected to your original URL rather than /
- [#35](https://github.com/pusher/oauth2_proxy/pull/35) arm and arm64 binary releases (@kskewes) - [#35](https://github.com/oauth2-proxy/oauth2-proxy/pull/35) arm and arm64 binary releases (@kskewes)
- Add armv6 and arm64 to Makefile `release` target - Add armv6 and arm64 to Makefile `release` target
- [#37](https://github.com/pusher/oauth2_proxy/pull/37) cross build arm and arm64 docker images (@kskewes) - [#37](https://github.com/oauth2-proxy/oauth2-proxy/pull/37) cross build arm and arm64 docker images (@kskewes)
# v3.0.0 # v3.0.0
@ -303,7 +314,7 @@ v2.2 as released by Bitly.
## Changes since v2.2: ## Changes since v2.2:
- [#7](https://github.com/pusher/oauth2_proxy/pull/7) Migration to Pusher (@joelspeed) - [#7](https://github.com/oauth2-proxy/oauth2-proxy/pull/7) Migration to Pusher (@joelspeed)
- Move automated build to debian base image - Move automated build to debian base image
- Add Makefile - Add Makefile
- Update CI to run `make test` - Update CI to run `make test`

View File

@ -7,8 +7,8 @@ Download the dependencies using `go mod download`.
```bash ```bash
cd $GOPATH/src/github.com # Create this directory if it doesn't exist cd $GOPATH/src/github.com # Create this directory if it doesn't exist
git clone git@github.com:<YOUR_FORK>/oauth2_proxy pusher/oauth2_proxy git clone git@github.com:<YOUR_FORK>/oauth2-proxy oauth2-proxy/oauth2-proxy
cd pusher/oauth2_proxy cd oauth2-proxy/oauth2-proxy
./configure # Setup your environment variables ./configure # Setup your environment variables
go mod download go mod download
``` ```

View File

@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
# Fetch dependencies # Fetch dependencies
COPY go.mod go.sum ./ COPY go.mod go.sum ./
@ -25,9 +25,9 @@ RUN ./configure && make build && touch jwt_signing_key.pem
FROM alpine:3.11 FROM alpine:3.11
COPY nsswitch.conf /etc/nsswitch.conf COPY nsswitch.conf /etc/nsswitch.conf
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
USER 2000:2000 USER 2000:2000
ENTRYPOINT ["/bin/oauth2_proxy"] ENTRYPOINT ["/bin/oauth2-proxy"]

View File

@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
# Fetch dependencies # Fetch dependencies
COPY go.mod go.sum ./ COPY go.mod go.sum ./
@ -25,9 +25,9 @@ RUN ./configure && GOARCH=arm64 make build && touch jwt_signing_key.pem
FROM arm64v8/alpine:3.11 FROM arm64v8/alpine:3.11
COPY nsswitch.conf /etc/nsswitch.conf COPY nsswitch.conf /etc/nsswitch.conf
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
USER 2000:2000 USER 2000:2000
ENTRYPOINT ["/bin/oauth2_proxy"] ENTRYPOINT ["/bin/oauth2-proxy"]

View File

@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
# Fetch dependencies # Fetch dependencies
COPY go.mod go.sum ./ COPY go.mod go.sum ./
@ -25,9 +25,9 @@ RUN ./configure && GOARCH=arm GOARM=6 make build && touch jwt_signing_key.pem
FROM arm32v6/alpine:3.11 FROM arm32v6/alpine:3.11
COPY nsswitch.conf /etc/nsswitch.conf COPY nsswitch.conf /etc/nsswitch.conf
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
USER 2000:2000 USER 2000:2000
ENTRYPOINT ["/bin/oauth2_proxy"] ENTRYPOINT ["/bin/oauth2-proxy"]

View File

@ -1,8 +1,8 @@
include .env include .env
BINARY := oauth2_proxy BINARY := oauth2-proxy
VERSION := $(shell git describe --always --dirty --tags 2>/dev/null || echo "undefined") VERSION := $(shell git describe --always --dirty --tags 2>/dev/null || echo "undefined")
# Allow to override image registry. # Allow to override image registry.
REGISTRY ?= quay.io/pusher REGISTRY ?= quay.io/oauth2-proxy
.NOTPARALLEL: .NOTPARALLEL:
.PHONY: all .PHONY: all
@ -25,35 +25,35 @@ lint:
build: clean $(BINARY) build: clean $(BINARY)
$(BINARY): $(BINARY):
GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/pusher/oauth2_proxy GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy
.PHONY: docker .PHONY: docker
docker: docker:
docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:latest . docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest .
.PHONY: docker-all .PHONY: docker-all
docker-all: docker docker-all: docker
docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:latest-amd64 . docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest-amd64 .
docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:${VERSION} . docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:${VERSION} .
docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:${VERSION}-amd64 . docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 .
docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2_proxy:latest-arm64 . docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2-proxy:latest-arm64 .
docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2_proxy:${VERSION}-arm64 . docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2-proxy:${VERSION}-arm64 .
docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2_proxy:latest-armv6 . docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2-proxy:latest-armv6 .
docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2_proxy:${VERSION}-armv6 . docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 .
.PHONY: docker-push .PHONY: docker-push
docker-push: docker-push:
docker push $(REGISTRY)/oauth2_proxy:latest docker push $(REGISTRY)/oauth2-proxy:latest
.PHONY: docker-push-all .PHONY: docker-push-all
docker-push-all: docker-push docker-push-all: docker-push
docker push $(REGISTRY)/oauth2_proxy:latest-amd64 docker push $(REGISTRY)/oauth2-proxy:latest-amd64
docker push $(REGISTRY)/oauth2_proxy:${VERSION} docker push $(REGISTRY)/oauth2-proxy:${VERSION}
docker push $(REGISTRY)/oauth2_proxy:${VERSION}-amd64 docker push $(REGISTRY)/oauth2-proxy:${VERSION}-amd64
docker push $(REGISTRY)/oauth2_proxy:latest-arm64 docker push $(REGISTRY)/oauth2-proxy:latest-arm64
docker push $(REGISTRY)/oauth2_proxy:${VERSION}-arm64 docker push $(REGISTRY)/oauth2-proxy:${VERSION}-arm64
docker push $(REGISTRY)/oauth2_proxy:latest-armv6 docker push $(REGISTRY)/oauth2-proxy:latest-armv6
docker push $(REGISTRY)/oauth2_proxy:${VERSION}-armv6 docker push $(REGISTRY)/oauth2-proxy:${VERSION}-armv6
.PHONY: test .PHONY: test
test: lint test: lint

View File

@ -1,8 +1,8 @@
![OAuth2 Proxy](/docs/logos/OAuth2_Proxy_horizontal.svg) ![OAuth2 Proxy](/docs/logos/OAuth2_Proxy_horizontal.svg)
[![Build Status](https://secure.travis-ci.org/pusher/oauth2_proxy.svg?branch=master)](http://travis-ci.org/pusher/oauth2_proxy) [![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy)
[![Go Report Card](https://goreportcard.com/badge/github.com/pusher/oauth2_proxy)](https://goreportcard.com/report/github.com/pusher/oauth2_proxy) [![Go Report Card](https://goreportcard.com/badge/github.com/oauth2-proxy/oauth2-proxy)](https://goreportcard.com/report/github.com/oauth2-proxy/oauth2-proxy)
[![GoDoc](https://godoc.org/github.com/pusher/oauth2_proxy?status.svg)](https://godoc.org/github.com/pusher/oauth2_proxy) [![GoDoc](https://godoc.org/github.com/oauth2-proxy/oauth2-proxy?status.svg)](https://godoc.org/github.com/oauth2-proxy/oauth2-proxy)
[![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](./LICENSE) [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](./LICENSE)
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)
@ -12,37 +12,40 @@ to validate accounts by email, domain or group.
Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork.
A list of changes can be seen in the [CHANGELOG](CHANGELOG.md). A list of changes can be seen in the [CHANGELOG](CHANGELOG.md).
**Note:** This project was formerly hosted as `pusher/oauth2_proxy` but has been renamed as of 29/03/2020 to `oauth2-proxy/oauth2-proxy`.
Going forward, all images shall be available at `quay.io/oauth2-proxy/oauth2-proxy` and binaries wiil been named `oauth2-proxy`.
![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png) ![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png)
## Installation ## Installation
1. Choose how to deploy: 1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.0.0`) a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.0`)
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin`
c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available) c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, ARMv6 and ARM64 tags available)
Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`.
``` ```
sha256sum -c sha256sum.txt 2>&1 | grep OK sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-4.0.0.linux-amd64: OK oauth2-proxy-x.y.z.linux-amd64: OK
``` ```
2. [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration) 2. [Select a Provider and Register an OAuth Application with a Provider](https://oauth2-proxy.github.io/oauth2-proxy/auth-configuration)
3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://pusher.github.io/oauth2_proxy/configuration) 3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://oauth2-proxy.github.io/oauth2-proxy/configuration)
4. [Configure SSL or Deploy behind a SSL endpoint](https://pusher.github.io/oauth2_proxy/tls-configuration) (example provided for Nginx) 4. [Configure SSL or Deploy behind a SSL endpoint](https://oauth2-proxy.github.io/oauth2-proxy/tls-configuration) (example provided for Nginx)
## Security ## Security
If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv) If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv)
## Docs ## Docs
Read the docs on our [Docs site](https://pusher.github.io/oauth2_proxy). Read the docs on our [Docs site](https://oauth2-proxy.github.io/oauth2-proxy).
![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png) ![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png)

View File

@ -1,6 +1,6 @@
# Release # Release
Here's how OAuth2_Proxy releases are created. Here's how OAuth2 Proxy releases are created.
## Schedule ## Schedule
@ -44,4 +44,4 @@ Note this uses `v4.1.0` as an example release number.
``` ```
Note: Ensure the docker tags don't include `-dirty`. This means you have uncommitted changes. Note: Ensure the docker tags don't include `-dirty`. This means you have uncommitted changes.
12. Verify everything looks good at [quay](https://quay.io/repository/pusher/oauth2_proxy?tag=latest&tab=tags) and [github](https://github.com/pusher/oauth2_proxy/releases) 12. Verify everything looks good at [quay](https://quay.io/repository/oauth2-proxy/oauth2-proxy?tag=latest&tab=tags) and [github](https://github.com/oauth2-proxy/oauth2-proxy/releases)

View File

@ -1,5 +1,5 @@
## OAuth2 Proxy Config File ## OAuth2 Proxy Config File
## https://github.com/pusher/oauth2_proxy ## https://github.com/oauth2-proxy/oauth2-proxy
## <addr>:<port> to listen on for HTTP/HTTPS clients ## <addr>:<port> to listen on for HTTP/HTTPS clients
# http_address = "127.0.0.1:4180" # http_address = "127.0.0.1:4180"

View File

@ -1,10 +1,10 @@
# Systemd service file for oauth2_proxy daemon # Systemd service file for oauth2-proxy daemon
# #
# Date: Feb 9, 2016 # Date: Feb 9, 2016
# Author: Srdjan Grubor <sgnn7@sgnn7.org> # Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Unit] [Unit]
Description=oauth2_proxy daemon service Description=oauth2-proxy daemon service
After=syslog.target network.target After=syslog.target network.target
[Service] [Service]
@ -12,7 +12,7 @@ After=syslog.target network.target
User=www-data User=www-data
Group=www-data Group=www-data
ExecStart=/usr/local/bin/oauth2_proxy -config=/etc/oauth2_proxy.cfg ExecStart=/usr/local/bin/oauth2-proxy -config=/etc/oauth2-proxy.cfg
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
KillMode=process KillMode=process

View File

@ -1,12 +1,12 @@
# #
# Autocompletion for oauth2_proxy # Autocompletion for oauth2-proxy
# #
# To install this, copy/move this file to /etc/bash.completion.d/ # To install this, copy/move this file to /etc/bash.completion.d/
# or add a line to your ~/.bashrc | ~/.bash_profile that says ". /path/to/oauth2_proxy/contrib/oauth2_proxy_autocomplete.sh" # or add a line to your ~/.bashrc | ~/.bash_profile that says ". /path/to/oauth2-proxy/contrib/oauth2-proxy_autocomplete.sh"
# #
_oauth2_proxy() { _oauth2_proxy() {
_oauth2_proxy_commands=$(oauth2_proxy -h 2>&1 | sed -n '/^\s*-/s/ \+/ /gp' | awk '{print $1}' | tr '\n' ' ') _oauth2_proxy_commands=$(oauth2-proxy -h 2>&1 | sed -n '/^\s*-/s/ \+/ /gp' | awk '{print $1}' | tr '\n' ' ')
local cur prev local cur prev
COMPREPLY=() COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}" cur="${COMP_WORDS[COMP_CWORD]}"
@ -27,4 +27,4 @@ _oauth2_proxy() {
COMPREPLY=( $(compgen -W "${_oauth2_proxy_commands}" -- ${cur}) ) COMPREPLY=( $(compgen -W "${_oauth2_proxy_commands}" -- ${cur}) )
return 0; return 0;
} }
complete -F _oauth2_proxy oauth2_proxy complete -F _oauth2_proxy oauth2-proxy

View File

@ -28,10 +28,10 @@ for ARCH in "${ARCHS[@]}"; do
# Create architecture specific binaries # Create architecture specific binaries
if [[ ${GO_ARCH} == "armv6" ]]; then if [[ ${GO_ARCH} == "armv6" ]]; then
GO111MODULE=on GOOS=${GO_OS} GOARCH=arm GOARM=6 CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ GO111MODULE=on GOOS=${GO_OS} GOARCH=arm GOARM=6 CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \
-o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/pusher/oauth2_proxy -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/oauth2-proxy/oauth2-proxy
else else
GO111MODULE=on GOOS=${GO_OS} GOARCH=${GO_ARCH} CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ GO111MODULE=on GOOS=${GO_OS} GOARCH=${GO_ARCH} CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \
-o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/pusher/oauth2_proxy -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/oauth2-proxy/oauth2-proxy
fi fi
cd release cd release

View File

@ -14,7 +14,7 @@ to validate accounts by email, domain or group.
Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork.
A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md). A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md).
[![Build Status](https://secure.travis-ci.org/pusher/oauth2_proxy.svg?branch=master)](http://travis-ci.org/pusher/oauth2_proxy) [![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy)
![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png) ![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png)

View File

@ -9,17 +9,17 @@ nav_order: 1
1. Choose how to deploy: 1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v4.0.0`) a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.0`)
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin`
c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available) c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, ARMv6 and ARM64 tags available)
Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`.
``` ```
$ sha256sum -c sha256sum.txt 2>&1 | grep OK $ sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-4.0.0.linux-amd64: OK oauth2-proxy-x.y.z.linux-amd64: OK
``` ```
2. [Select a Provider and Register an OAuth Application with a Provider](auth-configuration) 2. [Select a Provider and Register an OAuth Application with a Provider](auth-configuration)

View File

@ -7,7 +7,7 @@ nav_order: 2
## OAuth Provider Configuration ## OAuth Provider Configuration
You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2_proxy` on. You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2-proxy` on.
Valid providers are : Valid providers are :
@ -67,8 +67,8 @@ https://www.googleapis.com/auth/admin.directory.user.readonly
7. Create or choose an existing administrative email address on the Gmail domain to assign to the `google-admin-email` flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. 7. Create or choose an existing administrative email address on the Gmail domain to assign to the `google-admin-email` flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why.
8. Create or choose an existing email group and set that email to the `google-group` flag. You can pass multiple instances of this flag with different groups 8. Create or choose an existing email group and set that email to the `google-group` flag. You can pass multiple instances of this flag with different groups
and the user will be checked against all the provided groups. and the user will be checked against all the provided groups.
9. Lock down the permissions on the json file downloaded from step 1 so only oauth2_proxy is able to read the file and set the path to the file in the `google-service-account-json` flag. 9. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the `google-service-account-json` flag.
10. Restart oauth2_proxy. 10. Restart oauth2-proxy.
Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ). Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ).
@ -163,12 +163,12 @@ Take note of your `TenantId` if applicable for your situation. The `TenantId` ca
OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example.
1. Launch a Dex instance using the [getting started guide](https://github.com/coreos/dex/blob/master/Documentation/getting-started.md). 1. Launch a Dex instance using the [getting started guide](https://github.com/coreos/dex/blob/master/Documentation/getting-started.md).
2. Setup oauth2_proxy with the correct provider and using the default ports and callbacks. 2. Setup oauth2-proxy with the correct provider and using the default ports and callbacks.
3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args: 3. Login with the fixture use in the dex guide and run the oauth2-proxy with the following args:
-provider oidc -provider oidc
-provider-display-name "My OIDC Provider" -provider-display-name "My OIDC Provider"
-client-id oauth2_proxy -client-id oauth2-proxy
-client-secret proxy -client-secret proxy
-redirect-url http://127.0.0.1:4180/oauth2/callback -redirect-url http://127.0.0.1:4180/oauth2/callback
-oidc-issuer-url http://127.0.0.1:5556 -oidc-issuer-url http://127.0.0.1:5556
@ -222,7 +222,7 @@ The `oidc_issuer_url` is based on URL from your **Authorization Server**'s **Iss
The `client_id` and `client_secret` are configured in the application settings. The `client_id` and `client_secret` are configured in the application settings.
Generate a unique `client_secret` to encrypt the cookie. Generate a unique `client_secret` to encrypt the cookie.
Then you can start the oauth2_proxy with `./oauth2_proxy -config /etc/example.cfg` Then you can start the oauth2-proxy with `./oauth2-proxy -config /etc/example.cfg`
### login.gov Provider ### login.gov Provider
@ -251,7 +251,7 @@ First, register your application in the dashboard. The important bits are:
Now start the proxy up with the following options: Now start the proxy up with the following options:
``` ```
./oauth2_proxy -provider login.gov \ ./oauth2-proxy -provider login.gov \
-client-id=${LOGINGOV_ISSUER} \ -client-id=${LOGINGOV_ISSUER} \
-redirect-url=http://localhost:4180/oauth2/callback \ -redirect-url=http://localhost:4180/oauth2/callback \
-oidc-issuer-url=https://idp.int.identitysandbox.gov/ \ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \
@ -282,13 +282,13 @@ proxy, and you would use real hostnames everywhere.
#### Skip OIDC discovery #### Skip OIDC discovery
Some providers do not support OIDC discovery via their issuer URL, so oauth2_proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata.
In this case, you can set the `-skip-oidc-discovery` option, and supply those required endpoints manually: In this case, you can set the `-skip-oidc-discovery` option, and supply those required endpoints manually:
``` ```
-provider oidc -provider oidc
-client-id oauth2_proxy -client-id oauth2-proxy
-client-secret proxy -client-secret proxy
-redirect-url http://127.0.0.1:4180/oauth2/callback -redirect-url http://127.0.0.1:4180/oauth2/callback
-oidc-issuer-url http://127.0.0.1:5556 -oidc-issuer-url http://127.0.0.1:5556
@ -330,7 +330,7 @@ Note: in *all* cases the validate-url will *not* have the `index.php`.
1. [Create a new OAuth application](https://cloud.digitalocean.com/account/api/applications) 1. [Create a new OAuth application](https://cloud.digitalocean.com/account/api/applications)
* You can fill in the name, homepage, and description however you wish. * You can fill in the name, homepage, and description however you wish.
* In the "Application callback URL" field, enter: `https://oauth-proxy/oauth2/callback`, substituting `oauth2-proxy` with the actual hostname that oauth2_proxy is running on. The URL must match oauth2_proxy's configured redirect URL. * In the "Application callback URL" field, enter: `https://oauth-proxy/oauth2/callback`, substituting `oauth2-proxy` with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL.
2. Note the Client ID and Client Secret. 2. Note the Client ID and Client Secret.
To use the provider, pass the following options: To use the provider, pass the following options:
@ -346,7 +346,7 @@ To use the provider, pass the following options:
### Bitbucket Auth Provider ### Bitbucket Auth Provider
1. [Add a new OAuth consumer](https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html) 1. [Add a new OAuth consumer](https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html)
* In "Callback URL" use `https://<oauth2-proxy>/oauth2/callback`, substituting `<oauth2-proxy>` with the actual hostname that oauth2_proxy is running on. * In "Callback URL" use `https://<oauth2-proxy>/oauth2/callback`, substituting `<oauth2-proxy>` with the actual hostname that oauth2-proxy is running on.
* In Permissions section select: * In Permissions section select:
* Account -> Email * Account -> Email
* Team membership -> Read * Team membership -> Read
@ -372,5 +372,5 @@ To authorize by email domain use `--email-domain=yourcompany.com`. To authorize
Follow the examples in the [`providers` package]({{ site.gitweb }}/providers/) to define a new Follow the examples in the [`providers` package]({{ site.gitweb }}/providers/) to define a new
`Provider` instance. Add a new `case` to `Provider` instance. Add a new `case` to
[`providers.New()`]({{ site.gitweb }}/providers/providers.go) to allow `oauth2_proxy` to use the [`providers.New()`]({{ site.gitweb }}/providers/providers.go) to allow `oauth2-proxy` to use the
new `Provider`. new `Provider`.

View File

@ -11,10 +11,10 @@ There are two recommended configurations.
1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert-file=/path/to/cert.pem` and `--tls-key-file=/path/to/cert.key`. 1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert-file=/path/to/cert.pem` and `--tls-key-file=/path/to/cert.key`.
The command line to run `oauth2_proxy` in this configuration would look like this: The command line to run `oauth2-proxy` in this configuration would look like this:
```bash ```bash
./oauth2_proxy \ ./oauth2-proxy \
--email-domain="yourcompany.com" \ --email-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \ --upstream=http://127.0.0.1:8080/ \
--tls-cert-file=/path/to/cert.pem \ --tls-cert-file=/path/to/cert.pem \
@ -28,12 +28,12 @@ There are two recommended configurations.
2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... 2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or ....
Because `oauth2_proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an Because `oauth2-proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an
external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or
`--http-address="http://:4180"`. `--http-address="http://:4180"`.
Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2_proxy` on port `4180`. Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2-proxy` on port `4180`.
`oauth2_proxy` will then authenticate requests for an upstream application. The external endpoint for this example `oauth2-proxy` will then authenticate requests for an upstream application. The external endpoint for this example
would be `https://internal.yourcompany.com/`. would be `https://internal.yourcompany.com/`.
An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL
@ -59,10 +59,10 @@ There are two recommended configurations.
} }
``` ```
The command line to run `oauth2_proxy` in this configuration would look like this: The command line to run `oauth2-proxy` in this configuration would look like this:
```bash ```bash
./oauth2_proxy \ ./oauth2-proxy \
--email-domain="yourcompany.com" \ --email-domain="yourcompany.com" \
--upstream=http://127.0.0.1:8080/ \ --upstream=http://127.0.0.1:8080/ \
--cookie-secret=... \ --cookie-secret=... \

View File

@ -20,7 +20,7 @@ OAuth2 Proxy responds directly to the following endpoints. All other endpoints w
### Sign out ### Sign out
To sign the user out, redirect them to `/oauth2/sign_out`. This endpoint only removes oauth2_proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the `rd` query parameter, i.e. redirect the user to something like (notice the url-encoding!): To sign the user out, redirect them to `/oauth2/sign_out`. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the `rd` query parameter, i.e. redirect the user to something like (notice the url-encoding!):
``` ```
/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page

View File

@ -1,7 +1,7 @@
# Docs # Docs
This folder contains our Jekyll based docs site which is hosted at This folder contains our Jekyll based docs site which is hosted at
https://pusher.github.io/oauth2_proxy. https://oauth2-proxy.github.io/oauth2-proxy.
When making changes to this docs site, please test your changes locally: When making changes to this docs site, please test your changes locally:

View File

@ -13,13 +13,13 @@
# you will see them accessed via {{ site.title }}, {{ site.email }}, and so on. # you will see them accessed via {{ site.title }}, {{ site.email }}, and so on.
# You can create any custom variable you would like, and they will be accessible # You can create any custom variable you would like, and they will be accessible
# in the templates via {{ site.myvariable }}. # in the templates via {{ site.myvariable }}.
title: OAuth2_Proxy title: OAuth2 Proxy
logo: /logos/OAuth2_Proxy_horizontal.svg logo: /logos/OAuth2_Proxy_horizontal.svg
description: >- # this means to ignore newlines until "baseurl:" description: >- # this means to ignore newlines until "baseurl:"
OAuth2_Proxy documentation site OAuth2-Proxy documentation site
baseurl: "/oauth2_proxy" # the subpath of your site, e.g. /blog baseurl: "/oauth2-proxy" # the subpath of your site, e.g. /blog
url: "https://pusher.github.io" # the base hostname & protocol for your site, e.g. http://example.com url: "https://oauth2-proxy.github.io" # the base hostname & protocol for your site, e.g. http://example.com
gitweb: "https://github.com/pusher/oauth2_proxy/blob/master" gitweb: "https://github.com/oauth2-proxy/oauth2-proxy/blob/master"
# Build settings # Build settings
markdown: kramdown markdown: kramdown
@ -28,8 +28,8 @@ search_enabled: true
# Aux links for the upper right navigation # Aux links for the upper right navigation
aux_links: aux_links:
"OAuth2_Proxy on GitHub": "OAuth2 Proxy on GitHub":
- "https://github.com/pusher/oauth2_proxy" - "https://github.com/oauth2-proxy/oauth2-proxy"
# Exclude from processing. # Exclude from processing.
# The following items will not be processed, by default. Create a custom list # The following items will not be processed, by default. Create a custom list

View File

@ -8,7 +8,7 @@ nav_order: 3
## Configuration ## Configuration
`oauth2_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables). `oauth2-proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables).
To generate a strong cookie secret use `python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(16)).decode())'` To generate a strong cookie secret use `python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(16)).decode())'`
@ -16,7 +16,7 @@ To generate a strong cookie secret use `python -c 'import os,base64; print(base6
Every command line argument can be specified in a config file by replacing hypens (-) with underscores (\_). If the argument can be specified multiple times, the config option should be plural (trailing s). Every command line argument can be specified in a config file by replacing hypens (-) with underscores (\_). If the argument can be specified multiple times, the config option should be plural (trailing s).
An example [oauth2_proxy.cfg]({{ site.gitweb }}/contrib/oauth2_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2_proxy.cfg` An example [oauth2-proxy.cfg]({{ site.gitweb }}/contrib/oauth2-proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2-proxy.cfg`
### Command Line Options ### Command Line Options
@ -127,9 +127,9 @@ See below for provider specific options
### Upstreams Configuration ### Upstreams Configuration
`oauth2_proxy` supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as `http://127.0.0.1:8080/` for the upstream parameter, this will forward all authenticated requests to the upstream server. If you instead provide `http://127.0.0.1:8080/some/path/` then it will only be requests that start with `/some/path/` which are forwarded to the upstream. `oauth2-proxy` supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as `http://127.0.0.1:8080/` for the upstream parameter, this will forward all authenticated requests to the upstream server. If you instead provide `http://127.0.0.1:8080/some/path/` then it will only be requests that start with `/some/path/` which are forwarded to the upstream.
Static file paths are configured as a file:// URL. `file:///var/www/static/` will serve the files from that directory at `http://[oauth2_proxy url]/var/www/static/`, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at. `file:///var/www/static/#/static/` will ie. make `/var/www/static/` available at `http://[oauth2_proxy url]/static/`. Static file paths are configured as a file:// URL. `file:///var/www/static/` will serve the files from that directory at `http://[oauth2-proxy url]/var/www/static/`, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at. `file:///var/www/static/#/static/` will ie. make `/var/www/static/` available at `http://[oauth2-proxy url]/static/`.
Multiple upstreams can either be configured by supplying a comma separated list to the `-upstream` parameter, supplying the parameter multiple times or provinding a list in the [config file](#config-file). When multiple upstreams are used routing to them will be based on the path they are set up with. Multiple upstreams can either be configured by supplying a comma separated list to the `-upstream` parameter, supplying the parameter multiple times or provinding a list in the [config file](#config-file). When multiple upstreams are used routing to them will be based on the path they are set up with.
@ -246,7 +246,7 @@ Available variables for standard logging:
## <a name="nginx-auth-request"></a>Configuring for use with the Nginx `auth_request` directive ## <a name="nginx-auth-request"></a>Configuring for use with the Nginx `auth_request` directive
The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) allows Nginx to authenticate requests via the oauth2_proxy's `/auth` endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) allows Nginx to authenticate requests via the oauth2-proxy's `/auth` endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example:
```nginx ```nginx
server { server {

View File

@ -4,7 +4,7 @@ import (
"os" "os"
"testing" "testing"
proxy "github.com/pusher/oauth2_proxy" proxy "github.com/oauth2-proxy/oauth2-proxy"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

2
go.mod
View File

@ -1,4 +1,4 @@
module github.com/pusher/oauth2_proxy module github.com/oauth2-proxy/oauth2-proxy
go 1.14 go 1.14

View File

@ -7,7 +7,7 @@ import (
"io" "io"
"os" "os"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )

View File

@ -7,7 +7,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// Server represents an HTTP server // Server represents an HTTP server

View File

@ -10,7 +10,7 @@ import (
"net/http" "net/http"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP status // responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP status

View File

@ -9,7 +9,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
func TestLoggingHandler_ServeHTTP(t *testing.T) { func TestLoggingHandler_ServeHTTP(t *testing.T) {

View File

@ -12,12 +12,12 @@ import (
"github.com/BurntSushi/toml" "github.com/BurntSushi/toml"
options "github.com/mreiferson/go-options" options "github.com/mreiferson/go-options"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
func main() { func main() {
logger.SetFlags(logger.Lshortfile) logger.SetFlags(logger.Lshortfile)
flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError) flagSet := flag.NewFlagSet("oauth2-proxy", flag.ExitOnError)
emailDomains := StringArray{} emailDomains := StringArray{}
whitelistDomains := StringArray{} whitelistDomains := StringArray{}
@ -145,7 +145,7 @@ func main() {
flagSet.Parse(os.Args[1:]) flagSet.Parse(os.Args[1:])
if *showVersion { if *showVersion {
fmt.Printf("oauth2_proxy %s (built with %s)\n", VERSION, runtime.Version()) fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version())
return return
} }

View File

@ -19,11 +19,11 @@ import (
"github.com/coreos/go-oidc" "github.com/coreos/go-oidc"
"github.com/mbland/hmacauth" "github.com/mbland/hmacauth"
sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/cookies" "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/providers" "github.com/oauth2-proxy/oauth2-proxy/providers"
"github.com/yhat/wsutil" "github.com/yhat/wsutil"
) )

View File

@ -18,10 +18,10 @@ import (
"github.com/coreos/go-oidc" "github.com/coreos/go-oidc"
"github.com/mbland/hmacauth" "github.com/mbland/hmacauth"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/sessions/cookie" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
"github.com/pusher/oauth2_proxy/providers" "github.com/oauth2-proxy/oauth2-proxy/providers"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"golang.org/x/net/websocket" "golang.org/x/net/websocket"

View File

@ -17,12 +17,12 @@ import (
oidc "github.com/coreos/go-oidc" oidc "github.com/coreos/go-oidc"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/mbland/hmacauth" "github.com/mbland/hmacauth"
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
"github.com/pusher/oauth2_proxy/providers" "github.com/oauth2-proxy/oauth2-proxy/providers"
"gopkg.in/natefinch/lumberjack.v2" "gopkg.in/natefinch/lumberjack.v2"
) )

View File

@ -1,6 +1,6 @@
package options package options
import "github.com/pusher/oauth2_proxy/pkg/encryption" import "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
// SessionOptions contains configuration options for the SessionStore providers. // SessionOptions contains configuration options for the SessionStore providers.
type SessionOptions struct { type SessionOptions struct {

View File

@ -7,7 +7,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
) )
// SessionState is used to store information about the currently authenticated user session // SessionState is used to store information about the currently authenticated user session

View File

@ -5,8 +5,8 @@ import (
"testing" "testing"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -7,8 +7,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// MakeCookie constructs a cookie from the given parameters, // MakeCookie constructs a cookie from the given parameters,

View File

@ -7,7 +7,7 @@ import (
"net/http" "net/http"
"github.com/bitly/go-simplejson" "github.com/bitly/go-simplejson"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// Request parses the request body into a simplejson.Json object // Request parses the request body into a simplejson.Json object

View File

@ -8,11 +8,11 @@ import (
"strings" "strings"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/cookies" "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/pusher/oauth2_proxy/pkg/sessions/utils" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils"
) )
const ( const (

View File

@ -15,11 +15,11 @@ import (
"time" "time"
"github.com/go-redis/redis" "github.com/go-redis/redis"
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/cookies" "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// TicketData is a structure representing the ticket used in server session storage // TicketData is a structure representing the ticket used in server session storage

View File

@ -3,10 +3,10 @@ package sessions
import ( import (
"fmt" "fmt"
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/sessions/cookie" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
"github.com/pusher/oauth2_proxy/pkg/sessions/redis" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"
) )
// NewSessionStore creates a SessionStore from the provided configuration // NewSessionStore creates a SessionStore from the provided configuration

View File

@ -11,16 +11,16 @@ import (
"time" "time"
miniredis "github.com/alicebob/miniredis/v2" miniredis "github.com/alicebob/miniredis/v2"
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
cookiesapi "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies"
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
sessionscookie "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
"github.com/pusher/oauth2_proxy/pkg/apis/options"
sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions"
cookiesapi "github.com/pusher/oauth2_proxy/pkg/cookies"
"github.com/pusher/oauth2_proxy/pkg/encryption"
"github.com/pusher/oauth2_proxy/pkg/sessions"
sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie"
"github.com/pusher/oauth2_proxy/pkg/sessions/redis"
"github.com/pusher/oauth2_proxy/pkg/sessions/utils"
) )
func TestSessionStore(t *testing.T) { func TestSessionStore(t *testing.T) {

View File

@ -3,8 +3,8 @@ package utils
import ( import (
"encoding/base64" "encoding/base64"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
) )
// CookieForSession serializes a session state for storage in a cookie // CookieForSession serializes a session state for storage in a cookie

View File

@ -5,7 +5,7 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
) )
var authorizedAccessToken = "imaginary_access_token" var authorizedAccessToken = "imaginary_access_token"

View File

@ -11,9 +11,9 @@ import (
"time" "time"
"github.com/bitly/go-simplejson" "github.com/bitly/go-simplejson"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// AzureProvider represents an Azure based Identity Provider // AzureProvider represents an Azure based Identity Provider

View File

@ -5,9 +5,9 @@ import (
"net/url" "net/url"
"strings" "strings"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// BitbucketProvider represents an Bitbucket based Identity Provider // BitbucketProvider represents an Bitbucket based Identity Provider

View File

@ -9,7 +9,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
) )
func testBitbucketProvider(hostname, team string, repository string) *BitbucketProvider { func testBitbucketProvider(hostname, team string, repository string) *BitbucketProvider {

View File

@ -6,8 +6,8 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// DigitalOceanProvider represents a DigitalOcean based Identity Provider // DigitalOceanProvider represents a DigitalOcean based Identity Provider

View File

@ -6,7 +6,7 @@ import (
"net/url" "net/url"
"testing" "testing"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -6,8 +6,8 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// FacebookProvider represents an Facebook based Identity Provider // FacebookProvider represents an Facebook based Identity Provider

View File

@ -11,8 +11,8 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// GitHubProvider represents an GitHub based Identity Provider // GitHubProvider represents an GitHub based Identity Provider

View File

@ -6,7 +6,7 @@ import (
"net/url" "net/url"
"testing" "testing"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -10,7 +10,7 @@ import (
"time" "time"
oidc "github.com/coreos/go-oidc" oidc "github.com/coreos/go-oidc"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )

View File

@ -6,7 +6,7 @@ import (
"net/url" "net/url"
"testing" "testing"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -13,8 +13,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
admin "google.golang.org/api/admin/directory/v1" admin "google.golang.org/api/admin/directory/v1"

View File

@ -5,8 +5,8 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// stripToken is a helper function to obfuscate "access_token" // stripToken is a helper function to obfuscate "access_token"

View File

@ -7,7 +7,7 @@ import (
"net/url" "net/url"
"testing" "testing"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -4,9 +4,9 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
type KeycloakProvider struct { type KeycloakProvider struct {

View File

@ -7,7 +7,7 @@ import (
"testing" "testing"
"github.com/bmizerany/assert" "github.com/bmizerany/assert"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
) )
func testKeycloakProvider(hostname, group string) *KeycloakProvider { func testKeycloakProvider(hostname, group string) *KeycloakProvider {

View File

@ -6,8 +6,8 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// LinkedInProvider represents an LinkedIn based Identity Provider // LinkedInProvider represents an LinkedIn based Identity Provider

View File

@ -6,7 +6,7 @@ import (
"net/url" "net/url"
"testing" "testing"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -13,7 +13,7 @@ import (
"time" "time"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2"
) )

View File

@ -4,9 +4,9 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// NextcloudProvider represents an Nextcloud based Identity Provider // NextcloudProvider represents an Nextcloud based Identity Provider

View File

@ -6,7 +6,7 @@ import (
"net/url" "net/url"
"testing" "testing"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -10,8 +10,8 @@ import (
oidc "github.com/coreos/go-oidc" oidc "github.com/coreos/go-oidc"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
) )
// OIDCProvider represents an OIDC based Identity Provider // OIDCProvider represents an OIDC based Identity Provider

View File

@ -20,7 +20,7 @@ import (
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
) )
const accessToken = "access_token" const accessToken = "access_token"

View File

@ -5,7 +5,7 @@ import (
"io/ioutil" "io/ioutil"
"net/url" "net/url"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// ProviderData contains information required to configure all implementations // ProviderData contains information required to configure all implementations

View File

@ -10,8 +10,8 @@ import (
"net/url" "net/url"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
) )
// Redeem provides a default implementation of the OAuth2 token redemption process // Redeem provides a default implementation of the OAuth2 token redemption process

View File

@ -4,7 +4,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )

View File

@ -1,8 +1,8 @@
package providers package providers
import ( import (
"github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
) )
// Provider represents an upstream identity provider implementation // Provider represents an upstream identity provider implementation

View File

@ -4,7 +4,7 @@ import (
"html/template" "html/template"
"path" "path"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
func loadTemplates(dir string) *template.Template { func loadTemplates(dir string) *template.Template {
@ -149,7 +149,7 @@ func getTemplates() *template.Template {
<footer> <footer>
{{ if eq .Footer "-" }} {{ if eq .Footer "-" }}
{{ else if eq .Footer ""}} {{ else if eq .Footer ""}}
Secured with <a href="https://github.com/pusher/oauth2_proxy#oauth2_proxy">OAuth2 Proxy</a> version {{.Version}} Secured with <a href="https://github.com/oauth2-proxy/oauth2-proxy#oauth2_proxy">OAuth2 Proxy</a> version {{.Version}}
{{ else }} {{ else }}
{{.Footer}} {{.Footer}}
{{ end }} {{ end }}

View File

@ -8,7 +8,7 @@ import (
"sync/atomic" "sync/atomic"
"unsafe" "unsafe"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
) )
// UserMap holds information from the authenticated emails file // UserMap holds information from the authenticated emails file

View File

@ -7,7 +7,7 @@ import (
"path/filepath" "path/filepath"
"time" "time"
"github.com/pusher/oauth2_proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
fsnotify "gopkg.in/fsnotify/fsnotify.v1" fsnotify "gopkg.in/fsnotify/fsnotify.v1"
) )

View File

@ -2,7 +2,7 @@
package main package main
import "github.com/pusher/oauth2_proxy/pkg/logger" import "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
func WatchForUpdates(filename string, done <-chan bool, action func()) { func WatchForUpdates(filename string, done <-chan bool, action func()) {
logger.Printf("file watching not implemented on this platform") logger.Printf("file watching not implemented on this platform")