go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-06 22:42:56 +02:00
Code Issues Releases Activity
2,197 Commits 24 Branches 40 Tags
release/v7.11.0
Commit Graph

2197 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
f2ce83b154 doc: add new docs version 7.8.x 2025-01-13 16:41:19 +01:00
renovate[bot]
f400e6f340 chore(deps): update gitea/gitea docker tag to v1.23.1 2025-01-12 20:33:51 +01:00
renovate[bot]
c90487926c chore(deps): update alpine docker tag to v3.21.2 2025-01-12 18:46:57 +01:00
renovate[bot]
f5631a657c chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.47.0 (#2911) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-12 18:42:40 +01:00
Joel Speed
01b01d82a1 Merge pull request #2376 from tuunit/feature/static-public-keys-support 
feature: static public keys file support for oidc provider
 2025-01-11 17:58:26 +00:00
axel7083
e28603f7af feature: static public keys file support for oidc provider 
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: JJ Łakis <jacek.lakis@checkatrade.com>
 2025-01-11 12:09:23 +00:00
JJ Łakis
ae8fb08a89 feat(entra): add Workload Identity support for Entra ID (#2902) 2025-01-11 11:12:41 +00:00
Jon Newton
60570cc60e doc: fix formatting issue in Google provider doc (#2907) 
A missing line break caused subsequent list items to be squished into a single paragraph.
 2025-01-09 01:51:20 +01:00
renovate[bot]
5df6053280 chore(deps): update helmv3 2025-01-08 21:42:59 +01:00
renovate[bot]
75a1099a8f chore(deps): update docker-compose 2025-01-08 21:32:34 +01:00
renovate[bot]
1c3bc31665 chore(deps): update dependency golangci/golangci-lint to v1.63.4 2025-01-08 20:57:15 +01:00
Vinay Chandrasekharan
5260633103 doc: fix dex helm chart values for k8s example (#2880) 
---------

Co-authored-by: vinay chandrasekharan <vinay.cn@gmail.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-01-04 19:09:36 +01:00
renovate[bot]
507d63e05b chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.46.0 2025-01-04 19:02:37 +01:00
renovate[bot]
140674e492 chore(deps): update alpine docker tag to v3.21.0 (#2877) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-04 18:57:30 +01:00
Joel Speed
cdcc62014d Merge pull request #2894 from oauth2-proxy/fix-lint 
Fix linting after updating golangci-lint to 1.62.2
 2024-12-31 19:19:57 +07:00
Joel Speed
f41a686b43 Fix linting after updating golangci-lint to 1.62.2 2024-12-31 13:14:39 +01:00
Joel Speed
c1a21aa877 Merge pull request #2872 from oauth2-proxy/renovate/golangci-golangci-lint-1.x 
chore(deps): update dependency golangci/golangci-lint to v1.62.2
 2024-12-31 19:00:30 +07:00
renovate[bot]
1346ae6079 chore(deps): update dependency golangci/golangci-lint to v1.62.2 2024-12-31 11:53:30 +00:00
Joel Speed
fe6f8ddb65 Merge pull request #2878 from oauth2-proxy/renovate/golang-1.x 
chore(deps): update dependency golang to v1.23.4
 2024-12-31 18:52:56 +07:00
renovate[bot]
5edff8fe1a chore(deps): update dependency golang to v1.23.4 2024-12-31 11:46:50 +00:00
JJ Łakis
5f188e5b6b Microsoft Entra ID provider (#2390) 
* Microsoft Entra ID Provider

* fix typo in function name

* documentation tweaks

* documentation and comment tweak

* docs tweaks

* final tweaks

* refactor: drop flag for skipping graph groups

* update legacy / deprecated provider page and sort provider overview

* reformat

* move entra-id provider into switch (treat like every other provider

* fix test case and reformat

* fix sidebar configuration

* apply review suggestions

* add pagination for graph api

* fix: do not error when groups unable to retrieve

* doc: number of groups fix

* restore master packages

* docs: tiny docs tweak

* address review comments

* fix codegen

---------

Co-authored-by: tuunit <jan@larwig.com>
 2024-12-31 11:46:13 +00:00
Joel Speed
c64ec1251b Merge pull request #2886 from oauth2-proxy/renovate/go-golang.org-x-net-vulnerability 
chore(deps): update module golang.org/x/net to v0.33.0 [security]
 2024-12-23 17:38:28 +07:00
renovate[bot]
47638db231 chore(deps): update module golang.org/x/net to v0.33.0 [security] 2024-12-19 02:01:45 +00:00
Joel Speed
bcf20346cf Merge pull request #2884 from oauth2-proxy/renovate/go-golang.org-x-crypto-vulnerability 
chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
 2024-12-17 15:02:49 +07:00
renovate[bot]
0dca9af6d7 chore(deps): update module golang.org/x/crypto to v0.31.0 [security] 2024-12-12 00:59:31 +00:00
ciffelia
ef8ba75987 docs: fix insecure Caddy configuration example (#2827) 
The original example only protected the root (`/`) path, leaving other routes unsecured.
* docs: add syntax highlighting for nginx config
* docs: fix headings in `configuration/integration` page
* docs: fix redirect in caddy configuraion example
 2024-11-11 10:04:04 +01:00
renovate[bot]
5042203625 chore(deps): update docker-compose 2024-11-11 09:44:08 +01:00
renovate[bot]
bc1224291c chore(deps): update gomod 2024-11-10 22:43:42 +01:00
Jacek J. Łakis
05b91f310a chore: extend test cases for oidc provider and documentation regarding implicit setting of the groups scope when no scope was specified in the config 
Co-authored-by: Jan Larwig <jan@larwig.com>
 2024-11-09 15:48:29 +01:00
renovate[bot]
2fd2f8c63d chore(deps): update gomod 2024-11-06 16:56:57 +01:00
Vish (Ishaya) Abrams
4e2013e6ba fix: update code_verifier to use recommended method (#2620) 
The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
says that a code verifier just uses unreserved characters, but the
recommended method is that it is a base64-urlencoded 32-octet url. Some
implementations of PKCE (most notably the one used by salesforce)
require that this is a valid base64 encoded string[1], so this patch
switches to using the recommended approach to make it more compatible.

[1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
 2024-11-06 15:16:39 +01:00
Ondrej Sika
3ceef0cff4 feat: add CF-Connecting-IP as supported real ip header (#2821) 2024-11-04 23:28:08 +01:00
Reto Kupferschmid
64e736f668 fix: websocket path rewrite (#2300) 2024-11-04 23:12:35 +01:00
renovate[bot]
96f0288a36 chore(deps): update alpine docker tag to v3.20.3 (#2682) 2024-11-04 22:30:56 +01:00
renovate[bot]
0bc8dd98e2 chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] (#2831) 2024-11-04 22:22:03 +01:00
renovate[bot]
50ec7fa902 chore(deps): update dependency node to v22 (#2836) 2024-11-04 22:16:30 +01:00
Benjamin Cremer
b4f7e0603e doc: fix relative URLs to configuration page (#2818) 2024-10-29 16:21:43 +01:00
Joel Speed
4d2b5c30a1 Merge pull request #1985 from isodude/systemd-socket 
Add support for systemd socket
 2024-10-28 03:56:05 +07:00
renovate[bot]
5ec03ab0e9 chore(deps): update module github.com/go-jose/go-jose/v3 to v4 (#2598) 2024-10-27 17:25:27 +01:00
Jan Larwig
9945b68a06 doc: readme overhaul and azure sponsorship (#2826) 
* new readme structure

* add adopters file

* add microsoft sponsorship

* add reference to adopter file

* add gopher slack invite link

* slightly rephrase nightly image section

* add sponsor request for action

* better formatting for contributor wall

* add longer wait time for stale PRs and issues and allow for exemption through bug and high-priority labels

* apply review suggestion

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2024-10-27 12:12:46 +00:00
Josef Johansson
6743a9cc89 Add support for systemd.socket 
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.

This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.

Does not support TLS yet.

nginx
```
server {
    location /oauth2/ {
      proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```

oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```

Start oauth2-proxy with the parameter `--http-address=fd:3`.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 09:35:47 +02:00
Josef Johansson
bc8e7162db Allow parsing remote address headers over unix sockets 
When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 07:48:54 +02:00
Konstantin Shalygin
e00c7a7edd fix(contrib): revamped systemd service example (#2655) 2024-10-13 20:00:54 +02:00
bjencks
66f1063722 feat: add X-Envoy-External-Address as supported header (#2755) 2024-10-13 19:55:47 +02:00
renovate[bot]
798b846643 chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.45.0 2024-10-13 19:43:24 +02:00
Josh Cox
c555f5f6d5 chore: removed duplicate image line in docker-compose (#2817) 2024-10-13 19:37:26 +02:00
Chad Miller
defc456ba0 doc: expand on --upstream URL matching and trailing slash behaviour (#2813) 2024-10-12 18:57:21 +02:00
Gavin Mogan
ab448cf38e doc: add standard opencontainer docker labels (#2800) 2024-10-09 15:01:36 +02:00
Joel Speed
6fb020149a Merge pull request #2807 from oauth2-proxy/release/v7.7.1 
release v7.7.1
v7.7.1 		2024-10-08 17:38:38 +01:00
github-actions[bot]
055a63432c update to release version v7.7.1 2024-10-08 14:41:41 +02:00