go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity
2,176 Commits 24 Branches 40 Tags
5808f5376a3d141df88ad57e18e341d7d0af5bdc
Commit Graph

2176 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joel Speed
1f992b3f87 Integrate new provider verifier into providers 2022-02-19 15:37:57 +00:00
Joel Speed
e3678aaaff Add ProviderVerifier to providers/oidc 2022-02-19 15:37:56 +00:00
Joel Speed
3bb9621f5d Add DiscoveryProvider to perform OIDC discovery 2022-02-19 15:37:55 +00:00
Joel Speed
ed3892296e Move OIDC IDToken verifier behind interface 2022-02-19 15:37:54 +00:00
Joel Speed
979c3e8cbc Move internal OIDC package to providers package 2022-02-19 15:37:53 +00:00
Joel Speed
1578d90d0b Merge pull request #1563 from oauth2-proxy/fix-profile-url 
Ensure claim extractor does not attempt profile call when URL is empty
 2022-02-19 15:37:18 +00:00
Joel Speed
25ef843115 Ensure claim extractor does not attempt profile call when URL is empty 2022-02-19 15:33:30 +00:00
Joel Speed
07aba7db09 Tidy go mod file 2022-02-19 15:32:04 +00:00
Joel Speed
74e2f5069c Merge pull request #1561 from mgiessing/mgiessing-patch-1 
Add ppc64le support
 2022-02-19 15:20:53 +00:00
mgiessing
515d0f255e Update CHANGELOG.md 
Add ppc64le support
 2022-02-18 14:20:25 +01:00
mgiessing
873ce3f1c3 Update README.md 
Add ppc64le support
 2022-02-17 23:19:26 +01:00
mgiessing
ac3b36f57a Update Makefile 2022-02-17 23:08:53 +01:00
mgiessing
e4c32df61e Update dist.sh 
Add ppc64le support
 2022-02-17 22:59:11 +01:00
mgiessing
24c826c883 Update Makefile 
Add ppc64le support
 2022-02-17 22:57:54 +01:00
mgiessing
f9fb530c11 Update Dockerfile 
Add ppc64le support
 2022-02-17 22:55:57 +01:00
Joel Speed
263a5df820 Merge pull request #1286 from instadeepai/allowed_email_domains-on-auth_request-endpoint 
Add allowed_email_domains on auth_request endpoint
 2022-02-17 17:10:43 +00:00
Joel Speed
ceda5329eb Merge pull request #1560 from oauth2-proxy/fix-provider-initialisation 
Fix provider data initialisation
 2022-02-17 09:56:00 +00:00
Joel Speed
4eb2a35aa8 Fix provider data initialisation 2022-02-16 16:53:43 +00:00
Joel Speed
f6aa7600ea Merge pull request #1555 from oauth2-proxy/provider-options 
Refactor provider configuration into providers package
 2022-02-16 11:50:39 +00:00
Joel Speed
eda5eb9243 Add changelog entry for provider refactor 2022-02-16 11:46:32 +00:00
Joel Speed
0791aef8cc Integrate new provider constructor in main 2022-02-16 10:38:07 +00:00
Joel Speed
2e15f57b70 Remove provider configuration from validation package 2022-02-16 10:38:06 +00:00
Joel Speed
d162b018a8 Move provider initialisation into providers package 2022-02-16 10:38:05 +00:00
Joel Speed
95dd2745c7 Remove options dependency on providers package 2022-02-16 10:38:04 +00:00
Joel Speed
9832844c8a Merge pull request #1394 from oauth2-proxy/claim-extractor 
Add generic claim extractor to get claims from ID Tokens
 2022-02-16 10:37:20 +00:00
Joel Speed
edb1bc1a11 Add changelog entry for generic claim extractor 2022-02-16 10:31:30 +00:00
Joel Speed
967051314e Integrate claim extractor into providers 2022-02-16 10:28:33 +00:00
Joel Speed
537e596904 Add claim extractor provider util 2022-02-16 10:28:32 +00:00
Joel Speed
44dc3cad77 Merge pull request #1468 from oauth2-proxy/session-refresh-using-lock 
Implement session locking with session state lock
 2022-02-16 10:23:34 +00:00
Joel Speed
da92648e54 Add changelog entry for session locking 2022-02-16 10:16:14 +00:00
Joel Speed
54d42c5829 Implement refresh relying on obtaining lock 2022-02-16 10:16:13 +00:00
Kevin Kreitner
e2c7ff6ddd Use session to lock to protect concurrent refreshes 2022-02-16 10:16:12 +00:00
Michael Hienle
dc5d2a5cd7 Fix table (#1556) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2022-02-15 16:39:16 +00:00
Kevin Schu
25371ea4af improved audience handling to support client credentials access tokens without aud claims (#1204) 
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
 2022-02-15 16:12:22 +00:00
Valentin Pichard
2b4c8a9846 Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain. 
Signed-off-by: Valentin Pichard <github@w3st.fr>
 2022-02-14 18:03:20 +01:00
Joel Speed
c5a98c6d03 Merge pull request #1550 from mhienle/patch-1 
Fix broken link
 2022-02-11 10:17:45 +00:00
Michael Hienle
590b7a612e Fix broken link 2022-02-11 10:28:30 +01:00
Joel Speed
ad4f7bcb0e Merge pull request #1545 from andytson/feature/qs-allowed-groups-bypass 
Fix issue with query string allowed group panic on skip methods
 2022-02-10 14:08:45 +00:00
Andy Thompson
05ebaf5158 Update changelog 2022-02-10 12:40:42 +00:00
Andy Thompson
c1b01b5bc0 Fix issue with query string allowed group panic on skip methods 2022-02-10 12:39:32 +00:00
Joel Speed
433b93d08a Merge pull request #1474 from polarctos/feature/tls-min-version-options 
Add option to specify the tls.Config.MinVersion for the server to be able to restrict it to TLS 1.3
 2022-02-09 19:29:53 +00:00
polarctos
cbbecb81bd Add changelog entry for tls-min-version 2022-02-09 20:20:03 +01:00
polarctos
e03cf87dd8 Add option to specify the tls-min-version for the server 2022-02-09 20:19:01 +01:00
Preston Sheldon
11699a822a Add ValidateSession function to LoginGovProvder to include Auth Header (#1509) 
* Add ValidateSession function to LoginGovProvder to include Auth Header

* Update CHANGELOG for PR 1509

* Update logingov_test to include ValidationURL
 2022-02-04 09:22:33 +00:00
Joel Speed
88709d8b69 Merge pull request #1489 from oauth2-proxy/fix-docker-push 
Fix Docker Buildx push to include build version
 2022-02-03 21:56:43 +00:00
Joel Speed
bd0c4a3296 Fix Docker Buildx push to include build version 2022-02-03 19:23:22 +00:00
ThomasKalten
4f5efd4074 Update auth.md (#1518) 2022-01-18 13:54:52 +00:00
ThomasKalten
92c4ca9c58 Update auth.md (#1519) 2022-01-18 13:54:35 +00:00
Magnus Lübeck
dede6fd531 Fixing a typo, pointing to correct compose file (#1493) 
Fixing a typo for the docker-compose-alpha-config.yaml
 2021-12-29 19:50:36 +00:00
Ole-Martin Bratteng
0e10fb8967 Remove the information about Microsoft Azure AD in the provider documentation (#1477) 
* Remove the information about `Microsoft Azure AD`

* Put `proxy_buffer_size` in a code tag

* Update `CHANGELOG.md`

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-12-23 17:24:31 +00:00