go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-12-01 22:51:45 +02:00
Code Issues Releases Activity

Session aware logout, backend logout url approach (#1876)

Browse Source 
* Session aware logout, backend logout url approach

* Add CHANGELOG.md and documentation for #1876

* Proper http handling and case change for golint compliance

* Update alpha_config.md

* Fix case conformity

* Change placeholder from ${id_token} to {id_token}

As this should be specified in a URL and curly braces should be escaped as %7b and %7d, therefore using {} shouldn't be an issue

* Apply suggestions from code review

Co-authored-by: Jan Larwig <jan@larwig.com>

* Add other suggestions

* Add suggestions and move background logout to generic provider

* Changelog updated

* Update oauthproxy.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Add comment for gosec, remove sensitive data from log

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
This commit is contained in:
Damien Degois
2024-01-26 13:48:09 +01:00
committed by GitHub
parent 6c2c115d30
commit e7d20519df
8 changed files with 49 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/docs/configuration/alpha_config.md
View File

@@ -440,6 +440,7 @@ Provider holds all configuration for a single provider
| `scope` | _string_ | Scope is the OAuth scope specification |
| `allowedGroups` | _[]string_ | AllowedGroups is a list of restrict logins to members of this group |
| `code_challenge_method` | _string_ | The code challenge method |
| `backendLogoutURL` | _string_ | URL to call to perform backend logout, `{id_token}` would be replaced by the actual `id_token` if available in the session |
### ProviderType
#### (`string` alias)

1
docs/docs/configuration/overview.md
View File

@@ -74,6 +74,7 @@ An example [oauth2-proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/
| `--auth-logging-format` | string | Template for authentication log lines | see [Logging Configuration](#logging-configuration) |
| `--authenticated-emails-file` | string | authenticate against emails via file (one per line) | |
| `--azure-tenant` | string | go to a tenant-specific or common (tenant-independent) endpoint. | `"common"` |
| `--backend-logout-url` | string | URL to perform backend logout, if you use `{id_token}` in the url it will be replaced by the actual `id_token` of the user session | |
| `--basic-auth-password` | string | the password to set when passing the HTTP Basic Auth header | |
| `--client-id` | string | the OAuth Client ID, e.g. `"123456.apps.googleusercontent.com"` | |
| `--client-secret` | string | the OAuth Client Secret | |