1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-24 08:52:25 +02:00

Merge pull request #50 from pusher/release-v3.1.0

Update release notes for v3.1.0
This commit is contained in:
Joel Speed 2019-02-09 10:13:09 +00:00 committed by GitHub
commit ec4444fa3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 10 deletions

View File

@ -1,5 +1,28 @@
# Vx.x.x (Pre-release) # Vx.x.x (Pre-release)
## Changes since v3.1.0
# v3.1.0
## Release highlights
- Introduction of ARM releases and and general improvements to Docker builds
- Improvements to OIDC provider allowing pass-through of ID Tokens
- Multiple redirect domains can now be whitelisted
- Streamed responses are now flushed periodically
## Important notes
- If you have been using [#bitly/621](https://github.com/bitly/oauth2_proxy/pull/621)
and have cookies larger than the 4kb limit,
the cookie splitting pattern has changed and now uses `_` in place of `-` when
indexing cookies.
This will force users to reauthenticate the first time they use `v3.1.0`.
- Streamed responses will now be flushed every 1 second by default.
Previously streamed responses were flushed only when the buffer was full.
To retain the old behaviour set `--flush-interval=0`.
See [#23](https://github.com/pusher/oauth2_proxy/pull/23) for further details.
## Changes since v3.0.0 ## Changes since v3.0.0
- [#14](https://github.com/pusher/oauth2_proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) - [#14](https://github.com/pusher/oauth2_proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed)
@ -7,12 +30,12 @@
- Implement token refreshing in OIDC provider - Implement token refreshing in OIDC provider
- Split cookies larger than 4k limit into multiple cookies - Split cookies larger than 4k limit into multiple cookies
- Implement token validation in OIDC provider - Implement token validation in OIDC provider
- [#15](https://github.com/pusher/oauth2_proxy/pull/21) WhitelistDomains (@joelspeed) - [#15](https://github.com/pusher/oauth2_proxy/pull/15) WhitelistDomains (@joelspeed)
- Add `--whitelist-domain` flag to allow redirection to approved domains after OAuth flow - Add `--whitelist-domain` flag to allow redirection to approved domains after OAuth flow
- [#21](https://github.com/pusher/oauth2_proxy/pull/21) Docker Improvement (@yaegashi) - [#21](https://github.com/pusher/oauth2_proxy/pull/21) Docker Improvement (@yaegashi)
- Move Docker base image from debian to alpine - Move Docker base image from debian to alpine
- Install ca-certificates in docker image - Install ca-certificates in docker image
- [#23](https://github.com/pusher/oauth2_proxy/pull/21) Flushed streaming responses - [#23](https://github.com/pusher/oauth2_proxy/pull/23) Flushed streaming responses
- Long-running upstream responses will get flushed every <timeperiod> (1 second by default) - Long-running upstream responses will get flushed every <timeperiod> (1 second by default)
- [#24](https://github.com/pusher/oauth2_proxy/pull/24) Redirect fix (@agentgonzo) - [#24](https://github.com/pusher/oauth2_proxy/pull/24) Redirect fix (@agentgonzo)
- After a successful login, you will be redirected to your original URL rather than / - After a successful login, you will be redirected to your original URL rather than /

View File

@ -19,17 +19,17 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md).
1. Choose how to deploy: 1. Choose how to deploy:
a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v3.0.0`) a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v3.1.0`)
b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin`
c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available)
Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`.
``` ```
sha256sum -c sha256sum.txt 2>&1 | grep OK sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-3.0.0.linux-amd64: OK oauth2_proxy-3.1.0.linux-amd64: OK
``` ```
2. Select a Provider and Register an OAuth Application with a Provider 2. Select a Provider and Register an OAuth Application with a Provider
@ -201,6 +201,7 @@ Usage of oauth2_proxy:
-custom-templates-dir string: path to custom html templates -custom-templates-dir string: path to custom html templates
-display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true) -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
-email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
-flush-interval: period between flushing response buffers when streaming responses (default "1s")
-footer string: custom footer string. Use "-" to disable default footer. -footer string: custom footer string. Use "-" to disable default footer.
-github-org string: restrict logins to members of this organisation -github-org string: restrict logins to members of this organisation
-github-team string: restrict logins to members of any of these teams (slug), separated by a comma -github-team string: restrict logins to members of any of these teams (slug), separated by a comma
@ -427,19 +428,19 @@ server {
auth_request_set $auth_cookie $upstream_http_set_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie; add_header Set-Cookie $auth_cookie;
# When using the --set-authorization flag, some provider's cookies can exceed the 4kb # When using the --set-authorization flag, some provider's cookies can exceed the 4kb
# limit and so the OAuth2 Proxy splits these into multiple parts. # limit and so the OAuth2 Proxy splits these into multiple parts.
# Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
# so if your cookies are larger than 4kb, you will need to extract additional cookies manually. # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;
# Extract the Cookie attributes from the first Set-Cookie header and append them # Extract the Cookie attributes from the first Set-Cookie header and append them
# to the second part ($upstream_cookie_* variables only contain the raw cookie content) # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
if ($auth_cookie ~* "(; .*)") { if ($auth_cookie ~* "(; .*)") {
set $auth_cookie_name_0 $auth_cookie; set $auth_cookie_name_0 $auth_cookie;
set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1"; set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
} }
# Send both Set-Cookie headers now if there was a second part # Send both Set-Cookie headers now if there was a second part
if ($auth_cookie_name_upstream_1) { if ($auth_cookie_name_upstream_1) {
add_header Set-Cookie $auth_cookie_name_0; add_header Set-Cookie $auth_cookie_name_0;