1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Commit Graph

54 Commits

Author SHA1 Message Date
9cea4ea89b Update golangci-lint version in CI workflow 2021-02-17 20:25:37 +00:00
42f6cef7d6 Improve OIDC error handling 2020-12-21 16:53:05 -08:00
eb56f24d6d Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
74ac4274c6 Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
26ed080bed Cleanup method name refactors missed in comments 2020-11-29 14:18:14 -08:00
57a8ef06b4 Fix method renaming in comments and tests 2020-11-28 10:25:12 -08:00
22f60e9b63 Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
3e9717d489 Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
e9f787957e Standardize provider interface method names 2020-11-28 10:25:11 -08:00
1b3b00443a Streamline ErrMissingCode in provider Redeem methods 2020-11-12 11:18:59 -08:00
eb58ea2ed9 Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
e7ac793044 Replace ValidateGroup with Authorize for Provider 2020-11-12 11:17:06 -08:00
d9c141ae7c Remove GetUserName method from Provider 2020-10-19 14:09:46 -07:00
2b9e1bbba0 Add EnrichSessionState as main post-Redeem session updater 2020-10-19 14:09:45 -07:00
0bd8eb3191 Setup provider.ErrNotImplemented sentinel error 2020-10-19 14:09:02 -07:00
3fa42edb73 Fix import path for v7 (#800)
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-09-29 17:44:42 +01:00
74918c40d8 Refactor makeLoginURL to accept extraParams
And don't require the caller to know how to use the returned params.
2020-09-28 12:15:06 +02:00
4eb9612679 Move DefaultGetLoginURL into util.go 2020-09-28 12:15:06 +02:00
fde09bea4e Move azure specific resource parameter handling into azure provider 2020-09-28 12:15:06 +02:00
97e95fd4ff Move actual implementation of default provider GetLoginURL into DefaultGetLoginURL
This allows us to reuse code from different providers in case slight
modifications to the URL are needed.
2020-09-28 12:15:06 +02:00
8cbf9219bc Pass resource parameter in login url 2020-09-28 12:15:06 +02:00
3371284a36 Remove GetPreferredUsername method from Provider interface
It isn't used in any providers and we have future plans
to remove the specialness of PreferredUsername and make it
an optional field in the session.

User, Email & Groups will eventually be the only first class
fields on the session that are always set.
2020-09-24 10:49:50 -07:00
eb234011eb Integrate sessions middlewares 2020-07-19 17:24:12 +01:00
de9e65a63a Migrate all requests to result pattern 2020-07-06 20:38:00 +01:00
53142455b6 Migrate all requests to new builder pattern 2020-07-06 18:31:09 +01:00
c2c1caa404 Set User = Subject in ExtraJWTBearer sessions 2020-06-19 11:48:23 -07:00
3aeca4368c ACR values should not be automatically added when blank (#598)
* ACR values should not be automatically added when blank

* Added changelog
2020-06-02 18:17:27 +01:00
f7b28cb1d3 Improvements to Session State code (#536)
* Drop SessionStateJSON wrapper
* Use EncrpytInto/DecryptInto to reduce sessionstate

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-30 08:53:38 +01:00
d228d5a928 Refactor the utils package to other areas (#538)
* Refactor the utils package to other areas

Move cookieSession functions to cookie session store
& align the double implementation of SecretBytes to be
united and housed under encryption

* Remove unused Provider SessionFromCookie/CookieForSession

These implementations aren't used, these are handled in the cookie store.

* Add changelog entry for session/utils refactor
2020-05-14 10:16:35 +01:00
e642daef4e Support context in providers (#519)
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-10 13:34:59 +01:00
1961424561 Feature/configurable userid claim minimal (#499)
* Add -user-id-claim to support other claims than email

Fix #431 - This is a minimal change to allow the user to configure which claim is
the source of the "user ID".

- Add the option `user-id-claim` (defaults to email)
- OIDC extracts this claim into session.Email (to be renamed later)
- providers: add `CreateSessionStateFromBearerToken` with a default impl taken from
  `GetJwtSession` and overridden by oidc to respect `user-id-claim`

Once #466 is merged, I can continue to rename SessionState.Email to .UserID
and add HTTP headers with a corresponding name.

* Apply suggestions from code review

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Review feedback: Don't extract claims manually

Instead, parse them twice - it might be sligtly slower but less bug-prone as the code evolves.

* Fix indentation

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-28 07:46:46 +01:00
dd05e7ff0b Add new linters (#486)
* add new linters and fix issues

* fix deprecated warnings

* simplify return

* update CHANGELOG

* fix staticcheck issues

* remove a deprecated linter, minor fixes of variable initialization
2020-04-14 09:36:44 +01:00
802754caad Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
3108f765a5 Fix #381, expose acr_values to all providers (#445) 2020-03-17 17:57:33 +00:00
b1c81e2abe Support prompt in addition to auth-prompt (#444)
Fix #380
2020-03-14 09:53:43 +00:00
d934309b44 Add preferred_username support (OIDC provider) (#420)
* Add support for preferred username.

* Add missing TOC entries.

* Add note about preferred_username support.

* Adjust tests.

* Check on not implemented error for GetPreferredUsername() call.

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-01 15:02:51 +00:00
f2661c47ba Support for client secret file. (#355)
* added ClientSecretFile in ProviderData

* add documentation notes on client secret file

* added Changelog entry for Client Secret File PR

* fixing configuration.md

* addressing PR issue of ClientSecret property naming

* Update providers/provider_data.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* corrected changelog entry

* fixed typo in GetClientSecret

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 13:44:39 +00:00
d1ef14becc Move cookie to pkg/encryption 2019-06-15 11:33:57 +02:00
34cbe0497c Add CreatedAt to SessionState 2019-05-20 11:26:09 +02:00
2ab8a7d95d Move SessionState to its own package 2019-05-18 13:09:56 +02:00
e200bd5c20 Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00
8ee802d4e5 Lint for non-comment linter errors 2018-11-29 14:26:41 +00:00
847cf25228 Move imports from bitly to pusher 2018-11-27 11:45:05 +00:00
731fa9f8e0 Github provider: use login as user
- Save both user and email in session state:
    Encoding/decoding methods save both email and user
    field in session state, for use cases when User is not derived from
    email's local-parth, like for GitHub provider.

    For retrocompatibility, if no user is obtained by the provider,
    (e.g. User is an empty string) the encoding/decoding methods fall back
    to the previous behavior and use the email's local-part

    Updated also related tests and added two more tests to show behavior
    when session contains a non-empty user value.

- Added first basic GitHub provider tests

- Added GetUserName method to Provider interface
    The new GetUserName method is intended to return the User
    value when this is not the email's local-part.

    Added also the default implementation to provider_default.go

- Added call to GetUserName in redeemCode

    the new GetUserName method is used in redeemCode
    to get SessionState User value.

    For backward compatibility, if GetUserName error is
    "not implemented", the error is ignored.

- Added GetUserName method and tests to github provider.
2017-11-20 20:02:27 +01:00
55085d9697 csrf protection; always set state 2017-03-29 09:31:10 -04:00
289a6ccf46 add check for //.* to prevent open redirect during oauth 2017-03-28 21:12:33 -04:00
10f47e325b Add Azure Provider 2016-01-20 03:57:17 -05:00
51a2e4e48c *: rename Url to URL everywhere
Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
2015-11-09 00:47:44 +01:00
3fd8f911c2 google: Support restricting access to a specific group(s) 2015-09-09 02:10:32 -07:00
33045a792b Add a flag to set the value of "approval_prompt".
By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
2015-07-31 00:43:47 -07:00