* added envsubstring package and added simple test cases.imple tests.
* added documentation
* added changelog entry
* added documentation to wrong file
.
* changed tests to ginkgo format
* update project to use better maintained library
* use defer to clear test variable after tests finished
* updated docs for the new package documentation and fixed bad english
* refactored function to "reduce" complexity.
* updated changelog for new version
updated readme
* minor formatting
---------
Co-authored-by: Haydn Evans <h.evans@douglas.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Add possibility to encode the state param as UrlEncodedBase64
* Update CHANGELOG.md
* Update oauthproxy.go
Co-authored-by: Jan Larwig <jan@larwig.com>
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add GitHub groups (orgs/teams) support
* align code of getTeams with getOrgs to support Github Enterprise Server instances with different domain
* add documentation
* add missing import after rebase
* add nightly build and push (#2297)
* add nightly build and push
* add date based nightly build tags
* only keep single multiarch image build and push
* add changelog
* add images to internal docs static files
* add docu for nightly builds
* remove unnecessary spaces
* update nightly repository
* Issue 978: Fix Custom cookie name breaks redis for session (#1949)
* Issue 978: Fix Custom cookie name breaks redis for session (see https://github.com/oauth2-proxy/oauth2-proxy/issues/978)
* Issue 978: Fix Custom cookie name breaks redis for session (see https://github.com/oauth2-proxy/oauth2-proxy/issues/978)
* Update CHANGELOG.md
* Issue 978: Fix Custom cookie name breaks redis for session
* Issue 978: Fix Custom cookie name breaks redis for session
* Issue 978: Fix Custom cookie name breaks redis for session
* Issue 978: Fix Custom cookie name breaks redis for session
* Issue 978: Fix Custom cookie name breaks redis for session
* Issue 978: Fix Custom cookie name breaks redis for session
* Update CHANGELOG.md
---------
Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Support http.AllowQuerySemicolons (#2248)
* Support http.AllowQuerySemicolons
* Docs
* Make it clear we are overriding the handler
* Update documentation for allow-query-semicolons
* Fix changelog format
* Fix formatting
---------
Co-authored-by: MickMake <github@mickmake.com>
* Add GitHub groups (orgs/teams) support
* align code of getTeams with getOrgs to support Github Enterprise Server instances with different domain
* add documentation
* fix changelog & documentation
* fix missing import
---------
Co-authored-by: Tobias Mayer <github@tobiasm.de>
Co-authored-by: Nuno Miguel Micaelo Borges <miguelborges99@gmail.com>
Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Tim White <tim.white@su.org.au>
Co-authored-by: MickMake <github@mickmake.com>
* Support http.AllowQuerySemicolons
* Docs
* Make it clear we are overriding the handler
* Update documentation for allow-query-semicolons
* Fix changelog format
* Fix formatting
---------
Co-authored-by: MickMake <github@mickmake.com>
* The `X-Forwarded-Uri` was required to bypass authentication
- Fix the `skip_auth_routes` option not working in Nginx
* Add tests for allowed requests with proxied `X-Forwarded-Uri` header
* Avoid nginx startup failure: host not found in upstream "oauth2-proxy"
* The `--reverse-proxy` option is required for nginx
* Update the change logs
* Use the authOnlyPath constant
* Remove the unused header `X-Scheme`
* Add support for unix socket as upstream
* Add CHANGELOG.md entry
* Add Unix socket documentation
* Don't export unixRoundTripper, switch from string prefix to Scheme match
* Add basic unix server mock
* Add some tests and comments
* adding append option for custom CA certs
* updated test for changed GetCertPool signature, added testing to check functionality of empty and non-empty store
* adding legacy options as well
* update associated documentation
* fixing code climate complaints - reduce number of return statements
* Apply suggestions from code review
Changes caFilesAppend (and variants) to useSystemTrustStore
Co-authored-by: Jan Larwig <jan@larwig.com>
* Apply suggestions from code review
Fixes extra whitespaces and grammar.
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
* fix indentation
* update changelog
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Update changelog for v7.5.1 release
* Create versioned docs for release v7.5.x
Created using: yarn run docusaurus docs:version 7.5.x
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Create session cookie when cookie-expire set 0
* Fix format
* add test
* fix lint error
* fix test code
* fix conflicted test case
* update test case of cookie expiration
* update tests of csrf cookies
* update docs
* Update docs/docs/configuration/overview.md
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
---------
Co-authored-by: tanuki884 <morkazuk@fsi.co.jp>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Added documentation for the keycloak-oidc provider in regard to the new Keycloak admin console "Admin2". As of v19.0.0 it is the default web console and OAuth2 proxy documentation has been updated to show end-users how to create a sample test Keycloak OIDC client to integrate with Oauth2 Proxy.
* Issue #1931
Added documentation for the keycloak-oidc provider in regard to the new Keycloak admin console "Admin2". As of v19.0.0 it is the default web console and OAuth2 proxy documentation has been updated to show end-users how to create a sample test Keycloak OIDC client to integrate with Oauth2 Proxy.
Added a link in the documentation to older keycloak-oidc pull request, as the provider currently evaluates aud from the access token and not the id token.
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* feat: readiness check
* fix: no need for query param
* docs: add a note
* chore: move the readyness check to its own endpoint
* docs(cr): add godoc
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* initial commit: add groups to azure
Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>
* fix deprecations and linting errors
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
* remove groups testing from azure provider
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
* fix test error
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
* verify-generate
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
* Add API route config
In addition to requests with Accept header `application/json` return 401 instead of 302 to login page on requests matching API paths regex.
* Update changelog
* Refactor
* Remove unnecessary comment
* Reorder checks
* Lint Api -> API
Co-authored-by: Sebastian Halder <sebastian.halder@boehringer-ingelheim.com>
* Inconsistent code-challenge-method CLI flag and config file naming
- Allow previous config option for now to prevent breaking configs
Fixes#1667
* Add changelog entry
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
The Azure AD Doc mentioned a very broad and risky permission, which is not really required by the proxy, and some Admins won't even permit.
This change recommends using the much more restricted "openid", and also warns about the consent that could still be required in certain cases.
* docs/conf/overview: Add hint about cookie prefixes to --cookie-name
Cookie Prefixes further restricts the possibilities of session attacks because supporting clients will only accept cookies with one of the prefix if certain requirements were meet, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#cookie_prefixes
* Backport cookie prefixes to older docs
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* adding IdleTimeout with the redis-connection-idle-timeout flag, to keep redis connections in valid state, when Redis option is set
* docs update - add redis idle timeout configurations
* changelog update for #1691 fix
