1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-13 01:40:48 +02:00
Commit Graph

183 Commits

Author SHA1 Message Date
7fea71a4ce Update Google Auth Provider instructions 2017-06-21 11:03:24 +01:00
c8c6b66465 Fix spelling mistake in docs 2017-06-09 12:17:24 -04:00
6d295f8446 README: nginx auth_request example refresh cookie handling
how to pass back the refreshed oauth2_proxy cookie from an nginx auth_request
2017-04-24 17:59:21 -04:00
7f5672b433 README: simplify nginx auth_request example
/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection

"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.

No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
2017-04-24 17:56:15 -04:00
b6bd878f27 Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes
The Cookie Prefixes spec disallows the use of the `domain` attribute in cookies
if the `__Host-` prefix is used
(https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2).

There's no need to set it to the host by default, so make it optional. If it is
set to a non-empty value, still output a warning if it is not a suffix of the
host, as that's likely not wanted.

Fixes #352.
2017-04-24 13:03:40 -07:00
f457a9042a Readme: update --help usage 2017-04-24 12:16:16 -04:00
3fa5635d6c Release 2.2.0 2017-04-24 12:11:23 -04:00
1e7d2a08a3 #369: Optionally allow skipping authentication for preflight requests 2017-04-07 15:01:47 +03:00
fe44b89f57 update documentation for Nginx auth_request mode 2017-03-29 21:28:55 +05:30
dcf62d06df option for skipping OAuth provider SSL verification 2017-03-29 10:57:07 -04:00
24f91a0b60 Allow to pass user headers only (issue #205)
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
  to control whether X-Forwarded-User and X-Forwarded-Email
  headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
  X-Forwarded-User is needed but HTTP BASIC auth fails
  (password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility

[1] http://docs.grafana.org/installation/configuration/#authproxy
2017-01-24 11:11:58 +01:00
4203c26d7c Correct the spelling of GitHub in README 2016-11-18 09:31:22 -08:00
116b84906e Adding skip-provider-button docs 2016-07-30 22:34:28 -04:00
17f412e407 docs: working nginx auth_request example (#273) 2016-07-05 09:38:34 -04:00
56bf3f8add Fix documentation for auth_request directive
The correct endpoint is /oauth2/auth
2016-06-27 20:10:22 -05:00
671f00e60e cookie secret: give helper command for generating a secret 2016-06-23 09:42:32 -04:00
3bba24ab31 Bump verison to 2.1 2016-06-23 09:35:33 -04:00
a0763477c5 Facebook Authentication Provider
* will not re-prompt if the email permission is denied, or if you previously authorized the same FB app without the email scope.
2016-06-23 08:43:21 -04:00
bcb8064831 github: fix github enterprise support 2016-06-20 08:15:07 -04:00
60a59ce7b1 Fix typo 2016-04-12 07:26:13 +02:00
87d80d6d22 OAUTH2_PROXY_SIGNATURE_KEY env var, README update 2016-02-24 08:23:31 -05:00
293d674e14 Merge pull request #214 from raphink/github_multiple_teams
github provider: allow multiple teams
2016-02-17 17:24:50 -05:00
338e99773a github provider: allow multiple teams 2016-02-17 23:17:08 +01:00
bfb8dc13bf Merge pull request #211 from pmosbach/gitlab-provider
Add GitLab provider
2016-02-17 09:04:07 -05:00
034612bf8b Add GitLab provider 2016-02-17 06:19:52 -06:00
51dbc9fb9b Fix small typo in README.md. 2016-02-16 17:07:26 -05:00
c0a18a5cb3 fixed formatting 2016-02-13 01:41:10 -06:00
36128e971f Merge pull request #197 from ruta-goomba/enterprise-github
use Github provider with GitHub enterprise
2016-02-06 13:24:48 -06:00
79b548dae6 modifying README to add information about use with enterprise github 2016-01-21 21:54:29 +00:00
10f47e325b Add Azure Provider 2016-01-20 03:57:17 -05:00
0fad1da1df Google UI changes
Google changed to developer console UI, updated walkthrough to match new UI.
2015-12-16 19:10:38 -06:00
e4626c1360 Sign Upstream requests with HMAC. closes #147 2015-11-15 22:09:30 -05:00
d247274b06 Add nginx auth_request config to README 2015-11-09 11:00:18 -05:00
e61fc9e7a6 Add /auth endpoint to support Nginx's auth_request
Closes #152.
2015-11-09 10:31:41 -05:00
ffeccfe552 Add support for serving static files from a directory
The path should be provided as a file:// url with the full operating system path.
An alias to where the directory is available as can be specified by appending
a fragment (ie. "#/static/") at the end of the URL.
2015-09-24 15:37:45 +02:00
3fd8f911c2 google: Support restricting access to a specific group(s) 2015-09-09 02:10:32 -07:00
d1c0208824 Merge pull request #131 from ebardsley/master
Allow passing the value of "approval_prompt" as a flag or option.
2015-08-27 07:33:07 -04:00
85fcd66be6 Google auth configuration screen flow has changed 2015-08-09 12:08:21 -07:00
33045a792b Add a flag to set the value of "approval_prompt".
By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
2015-07-31 00:43:47 -07:00
f3353c0eea Fix spelling
*snicker*
*titter*
*giggle*
2015-07-24 14:31:25 -07:00
7dd5d299e1 Add support for setting the basic auth password.
For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.
2015-07-24 09:17:43 +00:00
3a792555f1 tag v2.0.1 2015-07-02 23:29:25 -04:00
51852c045a Doc updates clarifying external Load Balancer config 2015-07-02 23:21:59 -04:00
aa0a725a3a Readme: doc updates 2015-06-23 14:01:05 -04:00
d78aa13464 v2.0 & cleanup changes
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
2015-06-12 13:07:26 -04:00
f5b2b20f67 support TLS directly 2015-06-07 23:14:48 -04:00
f5db2e1ff7 More complete HTTP error logging 2015-06-07 21:03:53 -04:00
56d19b1c84 disable email validation; rename email-domain argument
This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers
2015-06-06 14:37:54 -04:00
c5ccd43767 Enable specific oauth2proxy path; change cookie name to _oauth2proxy 2015-06-06 14:21:42 -04:00
a80aad04f7 Readme Updates 2015-05-21 09:54:21 -04:00