go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Code Issues Releases Activity
1,704 Commits 24 Branches 38 Tags
cleanup-scope
Commit Graph

1704 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joel Speed
d162b018a8 Move provider initialisation into providers package 2022-02-16 10:38:05 +00:00
Joel Speed
95dd2745c7 Remove options dependency on providers package 2022-02-16 10:38:04 +00:00
Joel Speed
9832844c8a Merge pull request #1394 from oauth2-proxy/claim-extractor 
Add generic claim extractor to get claims from ID Tokens
 2022-02-16 10:37:20 +00:00
Joel Speed
edb1bc1a11 Add changelog entry for generic claim extractor 2022-02-16 10:31:30 +00:00
Joel Speed
967051314e Integrate claim extractor into providers 2022-02-16 10:28:33 +00:00
Joel Speed
537e596904 Add claim extractor provider util 2022-02-16 10:28:32 +00:00
Joel Speed
44dc3cad77 Merge pull request #1468 from oauth2-proxy/session-refresh-using-lock 
Implement session locking with session state lock
 2022-02-16 10:23:34 +00:00
Joel Speed
da92648e54 Add changelog entry for session locking 2022-02-16 10:16:14 +00:00
Joel Speed
54d42c5829 Implement refresh relying on obtaining lock 2022-02-16 10:16:13 +00:00
Kevin Kreitner
e2c7ff6ddd Use session to lock to protect concurrent refreshes 2022-02-16 10:16:12 +00:00
Michael Hienle
dc5d2a5cd7 Fix table (#1556) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2022-02-15 16:39:16 +00:00
Kevin Schu
25371ea4af improved audience handling to support client credentials access tokens without aud claims (#1204) 
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
 2022-02-15 16:12:22 +00:00
Valentin Pichard
2b4c8a9846 Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain. 
Signed-off-by: Valentin Pichard <github@w3st.fr>
 2022-02-14 18:03:20 +01:00
Joel Speed
c5a98c6d03 Merge pull request #1550 from mhienle/patch-1 
Fix broken link
 2022-02-11 10:17:45 +00:00
Michael Hienle
590b7a612e Fix broken link 2022-02-11 10:28:30 +01:00
Joel Speed
ad4f7bcb0e Merge pull request #1545 from andytson/feature/qs-allowed-groups-bypass 
Fix issue with query string allowed group panic on skip methods
 2022-02-10 14:08:45 +00:00
Andy Thompson
05ebaf5158 Update changelog 2022-02-10 12:40:42 +00:00
Andy Thompson
c1b01b5bc0 Fix issue with query string allowed group panic on skip methods 2022-02-10 12:39:32 +00:00
Joel Speed
433b93d08a Merge pull request #1474 from polarctos/feature/tls-min-version-options 
Add option to specify the tls.Config.MinVersion for the server to be able to restrict it to TLS 1.3
 2022-02-09 19:29:53 +00:00
polarctos
cbbecb81bd Add changelog entry for tls-min-version 2022-02-09 20:20:03 +01:00
polarctos
e03cf87dd8 Add option to specify the tls-min-version for the server 2022-02-09 20:19:01 +01:00
Preston Sheldon
11699a822a Add ValidateSession function to LoginGovProvder to include Auth Header (#1509) 
* Add ValidateSession function to LoginGovProvder to include Auth Header

* Update CHANGELOG for PR 1509

* Update logingov_test to include ValidationURL
 2022-02-04 09:22:33 +00:00
Joel Speed
88709d8b69 Merge pull request #1489 from oauth2-proxy/fix-docker-push 
Fix Docker Buildx push to include build version
 2022-02-03 21:56:43 +00:00
Joel Speed
bd0c4a3296 Fix Docker Buildx push to include build version 2022-02-03 19:23:22 +00:00
ThomasKalten
4f5efd4074 Update auth.md (#1518) 2022-01-18 13:54:52 +00:00
ThomasKalten
92c4ca9c58 Update auth.md (#1519) 2022-01-18 13:54:35 +00:00
Magnus Lübeck
dede6fd531 Fixing a typo, pointing to correct compose file (#1493) 
Fixing a typo for the docker-compose-alpha-config.yaml
 2021-12-29 19:50:36 +00:00
Ole-Martin Bratteng
0e10fb8967 Remove the information about Microsoft Azure AD in the provider documentation (#1477) 
* Remove the information about `Microsoft Azure AD`

* Put `proxy_buffer_size` in a code tag

* Update `CHANGELOG.md`

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-12-23 17:24:31 +00:00
Joel Speed
576184924d Merge pull request #1481 from oauth2-proxy/release-v7.2.1 
Prepare changelog for release v7.2.1
v7.2.1 		2021-12-22 17:09:59 +00:00
Joel Speed
5515918436 Prepare changelog for release v7.2.1 2021-12-18 12:59:55 +00:00
Joel Speed
95839a2896 Merge pull request #1479 from polarctos/feature/go-1.17 
Update go version to 1.17
 2021-12-18 12:34:40 +00:00
polarctos
7eaf98b5fe Update go version to 1.17 
This includes the change to the pruned module graph with the converted go.mod for Go 1.17
https://go.dev/doc/go1.17#go-command
 2021-12-17 16:51:13 +01:00
Joel Speed
c278e0aa4e Merge pull request #1471 from AlexanderBabel/feature/update-aline 
[Security] Update alpine to 3.15
 2021-12-14 19:19:09 +00:00
Alex Babel
8a951b2b4a doc: update changelog 2021-12-14 02:21:28 +01:00
Alex Babel
a654c9ec24 fix(Dockerfile): bump alpine to 3.15 2021-12-14 02:09:59 +01:00
Joel Speed
5933000b86 Merge pull request #1247 from oauth2-proxy/adfs-default-claims 
Use `upn` as EmailClaim throughout ADFSProvider
 2021-12-06 14:24:41 +00:00
Nick Meves
0fa8fca276 Update ADFS to new jwt lib 2021-12-01 19:16:42 -08:00
Nick Meves
bdfca925a3 Handle UPN fallback when profileURL isn't set 2021-12-01 19:08:15 -08:00
Nick Meves
1621ea3bba ADFS supports IDToken nonce, use it 2021-12-01 19:08:15 -08:00
Nick Meves
4980f6af7d Use upn claim as a fallback in Enrich & Refresh 
Only when `email` claim is missing, fallback to `upn` claim which may have it.
 2021-12-01 19:08:10 -08:00
Nick Meves
a53198725e Use upn as EmailClaim throughout ADFSProvider 
By only overriding in the EnrichSession, any Refresh calls
would've overriden it with the `email` claim.
 2021-12-01 19:06:02 -08:00
Joel Speed
1b335a056d Merge pull request #1447 from oauth2-proxy/docker-fixes 
Fix docker build/push issues found during last release
 2021-11-24 17:31:20 +00:00
Joel Speed
ceb015ee22 Update changelog for docker fixes 2021-11-24 17:20:25 +00:00
Joel Speed
8dea8134eb Drop old makefiles in favour of buildx 2021-11-24 17:20:23 +00:00
Joel Speed
60b6dd850a Fix docker build and push for all platforms 2021-11-24 17:20:22 +00:00
Jeeva Kandasamy
6e54ac2745 Update LinkedIn provider validate URL (#1444) 
* update LinkedIn validate URL

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update changelog

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update failed unit test

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>
 2021-11-19 21:36:33 +00:00
Jack Henschel
0693856bc3 Explicitly state precedence of config sources in docs (#1439) 
I was recently looking into the order in which oauth2-proxy evaluates it configuration options from the various sources.
I think this will also be helpful for other users.
Since oauth2-proxy is using viper, the order of configuration sources is as follows [1]:
> Viper uses the following precedence order. Each item takes precedence over the item below it:
>
>    explicit call to Set
>    flag
>    env
>    config
>    key/value store
>    default

[1] https://github.com/spf13/viper/blob/master/README.md#why-viper

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-11-15 09:24:04 +00:00
Jeeva Kandasamy
7ed4e3c830 Fix docker container multi arch build issue by passing GOARCH details to make build (#1445) 
* pass GOARCH details to make process

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update changelog

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>
 2021-11-12 21:42:46 +00:00
Stephan Aßmus
2c668a52d4 Let authentication fail when session validation fails (fixes #1396) (#1433) 
* Error page for session validation failure

* Fix existing tests

* Add test-case for session validation failure

* Simplify test

* Add changelog entry for PR

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-11-12 18:36:29 +00:00
Joel Speed
9caf8c7040 Merge pull request #1419 from jangaraj/patch-1 
Keycloak OIDC config improvement
 2021-11-12 18:25:04 +00:00