go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-21 17:57:04 +02:00
Code Issues Releases Activity
2,072 Commits 27 Branches 34 Tags 79 MiB
master
Commit Graph

2072 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ciffelia
ef8ba75987
docs: fix insecure Caddy configuration example (#2827) 
The original example only protected the root (`/`) path, leaving other routes unsecured.
* docs: add syntax highlighting for nginx config
* docs: fix headings in `configuration/integration` page
* docs: fix redirect in caddy configuraion example
 2024-11-11 10:04:04 +01:00
renovate[bot]
5042203625 chore(deps): update docker-compose 2024-11-11 09:44:08 +01:00
renovate[bot]
bc1224291c chore(deps): update gomod 2024-11-10 22:43:42 +01:00
Jacek J. Łakis
05b91f310a chore: extend test cases for oidc provider and documentation regarding implicit setting of the groups scope when no scope was specified in the config 
Co-authored-by: Jan Larwig <jan@larwig.com>
 2024-11-09 15:48:29 +01:00
renovate[bot]
2fd2f8c63d chore(deps): update gomod 2024-11-06 16:56:57 +01:00
Vish (Ishaya) Abrams
4e2013e6ba
fix: update code_verifier to use recommended method (#2620) 
The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
says that a code verifier just uses unreserved characters, but the
recommended method is that it is a base64-urlencoded 32-octet url. Some
implementations of PKCE (most notably the one used by salesforce)
require that this is a valid base64 encoded string[1], so this patch
switches to using the recommended approach to make it more compatible.

[1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
 2024-11-06 15:16:39 +01:00
Ondrej Sika
3ceef0cff4
feat: add CF-Connecting-IP as supported real ip header (#2821) 2024-11-04 23:28:08 +01:00
Reto Kupferschmid
64e736f668
fix: websocket path rewrite (#2300) 2024-11-04 23:12:35 +01:00
renovate[bot]
96f0288a36
chore(deps): update alpine docker tag to v3.20.3 (#2682) 2024-11-04 22:30:56 +01:00
renovate[bot]
0bc8dd98e2
chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] (#2831) 2024-11-04 22:22:03 +01:00
renovate[bot]
50ec7fa902
chore(deps): update dependency node to v22 (#2836) 2024-11-04 22:16:30 +01:00
Benjamin Cremer
b4f7e0603e
doc: fix relative URLs to configuration page (#2818) 2024-10-29 16:21:43 +01:00
Joel Speed
4d2b5c30a1
Merge pull request #1985 from isodude/systemd-socket 
Add support for systemd socket
 2024-10-28 03:56:05 +07:00
renovate[bot]
5ec03ab0e9
chore(deps): update module github.com/go-jose/go-jose/v3 to v4 (#2598) 2024-10-27 17:25:27 +01:00
Jan Larwig
9945b68a06
doc: readme overhaul and azure sponsorship (#2826) 
* new readme structure

* add adopters file

* add microsoft sponsorship

* add reference to adopter file

* add gopher slack invite link

* slightly rephrase nightly image section

* add sponsor request for action

* better formatting for contributor wall

* add longer wait time for stale PRs and issues and allow for exemption through bug and high-priority labels

* apply review suggestion

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2024-10-27 12:12:46 +00:00
Josef Johansson
6743a9cc89 Add support for systemd.socket 
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.

This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.

Does not support TLS yet.

nginx
```
server {
    location /oauth2/ {
      proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```

oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```

Start oauth2-proxy with the parameter `--http-address=fd:3`.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 09:35:47 +02:00
Josef Johansson
bc8e7162db Allow parsing remote address headers over unix sockets 
When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 07:48:54 +02:00
Konstantin Shalygin
e00c7a7edd
fix(contrib): revamped systemd service example (#2655) 2024-10-13 20:00:54 +02:00
bjencks
66f1063722
feat: add X-Envoy-External-Address as supported header (#2755) 2024-10-13 19:55:47 +02:00
renovate[bot]
798b846643 chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.45.0 2024-10-13 19:43:24 +02:00
Josh Cox
c555f5f6d5
chore: removed duplicate image line in docker-compose (#2817) 2024-10-13 19:37:26 +02:00
Chad Miller
defc456ba0
doc: expand on --upstream URL matching and trailing slash behaviour (#2813) 2024-10-12 18:57:21 +02:00
Gavin Mogan
ab448cf38e
doc: add standard opencontainer docker labels (#2800) 2024-10-09 15:01:36 +02:00
Joel Speed
6fb020149a
Merge pull request #2807 from oauth2-proxy/release/v7.7.1 
release v7.7.1
 2024-10-08 17:38:38 +01:00
github-actions[bot]
055a63432c
update to release version v7.7.1 2024-10-08 14:41:41 +02:00
Nuno Miguel Micaelo Borges
ff761d2523
fix: runtime error: index out of range (0) with length 0 (#2328) 
* Issue 2311: runtime error: index out of range [0] with length 0 while extracting state of of the csrf

---------

Co-authored-by: tuunit <jan@larwig.com>
 2024-10-08 14:40:41 +02:00
rd-danny-fleer
642ba174d4
fix: unable to use hyphen in JSON path for oidc-groups-claim option (#2619) 2024-10-07 20:08:44 +02:00
Joel Speed
d68336dcf4
Merge pull request #2803 from tuunit/bugfix/self-signed-certificate-handling 
fix: self signed certificate handling in v7.7.0
 2024-10-07 11:54:22 +01:00
tuunit
4bd920b208
add changelog entry 2024-10-06 21:55:45 +02:00
tuunit
bae168f06a
better handling of default transport modification 2024-10-06 21:43:38 +02:00
tuunit
8fd7312a90
fix: self signed certificate handling 2024-10-05 17:29:37 +02:00
Joel Speed
cda641473f
Merge pull request #2798 from oauth2-proxy/release/v7.7.0 
fix(ci): testing full release cycle before release branches can be merged
 2024-10-02 15:17:25 +01:00
tuunit
07230ead91
fix(ci): testing full release cycle before release branches can be merged 2024-10-02 16:03:13 +02:00
Joel Speed
f5d36705fa
Merge pull request #2792 from oauth2-proxy/release/v7.7.0 
release v7.7.0
 2024-10-02 13:52:47 +01:00
tuunit
1dd4a412b0
add new loop var linter for go1.22 and remove unnecessary exportloopref linter 2024-10-01 11:15:48 +02:00
tuunit
3c7dadcbd2
add v7.7.0 release highlights 2024-10-01 11:15:48 +02:00
tuunit
6e32bd6e38
fix missing 'changes since' section logic 2024-10-01 11:15:47 +02:00
tuunit
f0fe33e032
enforce go 1.22.7 2024-10-01 11:15:47 +02:00
tuunit
715995843c
fix golangci-lint version in pipelines 2024-10-01 11:15:47 +02:00
github-actions[bot]
f432cf79e2
update to release version v7.7.0 2024-10-01 11:15:46 +02:00
github-actions[bot]
f978388e28
add new docs version 7.7.x 2024-10-01 11:15:41 +02:00
Johann
65e83fc3cc
fix(csrf): possible infinite loop (#2607) 2024-09-30 18:20:43 +02:00
Joel Speed
021d940dcd
Merge pull request #2790 from oauth2-proxy/chore/update-all-dependencies 
chore(deps): update all golang dependencies
 2024-09-25 09:52:27 +01:00
tuunit
ad3ee0f66c
update relase pipeline 2024-09-25 10:34:28 +02:00
tuunit
41c8d5bfce chore(deps): update all golang dependencies 2024-09-23 16:38:40 +02:00
dabde
fff5dd358f
doc: add example for caddy v2 forward_auth (#2759) 
---------

Co-authored-by: Denis Dabischa <34655672+dabde@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
 2024-09-23 16:34:08 +02:00
Bastian Oppermann
bc034454f6
fix go version in DevContainer and contibution guide (#2768) 
* Remove trailing whitespaces in contribution.md

They make the pre-commit hook "trailing-whitespace" fail.

* Correct Go version in DevContainer and Contibution guide
 2024-09-23 16:23:27 +02:00
mikolajtkaczyk64
d365d5fc41
doc: fix toml key for provider ca certs (#2780) 
* Fixed toml key of --provider-ca-file flag
 2024-09-17 12:46:55 +02:00
yudrywet
4fe0d5659b chore: fix function names in comment 
Signed-off-by: yudrywet <yudeyao@yeah.net>
 2024-09-15 09:34:15 +02:00
Edvard Gjessing Bakken
e91f09875a Update docker-compose-nginx.yaml 
working nginx example. docker-compose-nginx was missing some configuration to run out of the box.
 2024-09-15 09:28:42 +02:00