1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-12-10 11:10:27 +02:00
Commit Graph

175 Commits

Author SHA1 Message Date
Ashish Kulkarni
fe44b89f57 update documentation for Nginx auth_request mode 2017-03-29 21:28:55 +05:30
Jehiah Czebotar
dcf62d06df option for skipping OAuth provider SSL verification 2017-03-29 10:57:07 -04:00
Omar Elazhary
24f91a0b60 Allow to pass user headers only (issue #205)
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
  to control whether X-Forwarded-User and X-Forwarded-Email
  headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
  X-Forwarded-User is needed but HTTP BASIC auth fails
  (password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility

[1] http://docs.grafana.org/installation/configuration/#authproxy
2017-01-24 11:11:58 +01:00
ReadmeCritic
4203c26d7c Correct the spelling of GitHub in README 2016-11-18 09:31:22 -08:00
Mark Herhold
116b84906e Adding skip-provider-button docs 2016-07-30 22:34:28 -04:00
Nick Semenkovich
17f412e407 docs: working nginx auth_request example (#273) 2016-07-05 09:38:34 -04:00
Nick Semenkovich
56bf3f8add Fix documentation for auth_request directive
The correct endpoint is /oauth2/auth
2016-06-27 20:10:22 -05:00
Jehiah Czebotar
671f00e60e
cookie secret: give helper command for generating a secret 2016-06-23 09:42:32 -04:00
Jehiah Czebotar
3bba24ab31
Bump verison to 2.1 2016-06-23 09:35:33 -04:00
Jehiah Czebotar
a0763477c5
Facebook Authentication Provider
* will not re-prompt if the email permission is denied, or if you previously authorized the same FB app without the email scope.
2016-06-23 08:43:21 -04:00
Jehiah Czebotar
bcb8064831
github: fix github enterprise support 2016-06-20 08:15:07 -04:00
Joakim Gustin
60a59ce7b1 Fix typo 2016-04-12 07:26:13 +02:00
Mike Bland
87d80d6d22 OAUTH2_PROXY_SIGNATURE_KEY env var, README update 2016-02-24 08:23:31 -05:00
Jehiah Czebotar
293d674e14 Merge pull request #214 from raphink/github_multiple_teams
github provider: allow multiple teams
2016-02-17 17:24:50 -05:00
Raphaël Pinson
338e99773a github provider: allow multiple teams 2016-02-17 23:17:08 +01:00
Jehiah Czebotar
bfb8dc13bf Merge pull request #211 from pmosbach/gitlab-provider
Add GitLab provider
2016-02-17 09:04:07 -05:00
pmosbach
034612bf8b Add GitLab provider 2016-02-17 06:19:52 -06:00
Robert Hencke
51dbc9fb9b Fix small typo in README.md. 2016-02-16 17:07:26 -05:00
Alex
c0a18a5cb3 fixed formatting 2016-02-13 01:41:10 -06:00
Jehiah Czebotar
36128e971f Merge pull request #197 from ruta-goomba/enterprise-github
use Github provider with GitHub enterprise
2016-02-06 13:24:48 -06:00
Ruta Sakalauskaite
79b548dae6 modifying README to add information about use with enterprise github 2016-01-21 21:54:29 +00:00
Eelco Cramer
10f47e325b Add Azure Provider 2016-01-20 03:57:17 -05:00
funkymrrogers
0fad1da1df Google UI changes
Google changed to developer console UI, updated walkthrough to match new UI.
2015-12-16 19:10:38 -06:00
Mike Bland
e4626c1360 Sign Upstream requests with HMAC. closes #147 2015-11-15 22:09:30 -05:00
Mike Bland
d247274b06 Add nginx auth_request config to README 2015-11-09 11:00:18 -05:00
Mike Bland
e61fc9e7a6 Add /auth endpoint to support Nginx's auth_request
Closes #152.
2015-11-09 10:31:41 -05:00
Jeppe Toustrup
ffeccfe552 Add support for serving static files from a directory
The path should be provided as a file:// url with the full operating system path.
An alias to where the directory is available as can be specified by appending
a fragment (ie. "#/static/") at the end of the URL.
2015-09-24 15:37:45 +02:00
Justin Burnham
3fd8f911c2 google: Support restricting access to a specific group(s) 2015-09-09 02:10:32 -07:00
Jehiah Czebotar
d1c0208824 Merge pull request #131 from ebardsley/master
Allow passing the value of "approval_prompt" as a flag or option.
2015-08-27 07:33:07 -04:00
Srivatsa Ray
85fcd66be6 Google auth configuration screen flow has changed 2015-08-09 12:08:21 -07:00
Ed Bardsley
33045a792b Add a flag to set the value of "approval_prompt".
By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.
2015-07-31 00:43:47 -07:00
Sharif Nassar
f3353c0eea Fix spelling
*snicker*
*titter*
*giggle*
2015-07-24 14:31:25 -07:00
Justin Burnham
7dd5d299e1 Add support for setting the basic auth password.
For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.
2015-07-24 09:17:43 +00:00
Jehiah Czebotar
3a792555f1 tag v2.0.1 2015-07-02 23:29:25 -04:00
Jehiah Czebotar
51852c045a Doc updates clarifying external Load Balancer config 2015-07-02 23:21:59 -04:00
Jehiah Czebotar
aa0a725a3a Readme: doc updates 2015-06-23 14:01:05 -04:00
Jehiah Czebotar
d78aa13464 v2.0 & cleanup changes
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
2015-06-12 13:07:26 -04:00
Jehiah Czebotar
f5b2b20f67 support TLS directly 2015-06-07 23:14:48 -04:00
Jehiah Czebotar
f5db2e1ff7 More complete HTTP error logging 2015-06-07 21:03:53 -04:00
Jehiah Czebotar
56d19b1c84 disable email validation; rename email-domain argument
This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers
2015-06-06 14:37:54 -04:00
tonymeng
c5ccd43767 Enable specific oauth2proxy path; change cookie name to _oauth2proxy 2015-06-06 14:21:42 -04:00
Jehiah Czebotar
a80aad04f7 Readme Updates 2015-05-21 09:54:21 -04:00
Jehiah Czebotar
b96a078839 Project Rename -> oauth2_proxy 2015-05-21 02:55:04 -04:00
Jehiah Czebotar
37b38dd2f4 Github provider 2015-05-21 02:21:19 -04:00
Jehiah Czebotar
9047920e90 Merge pull request #88 from 18F/auto-refresh
Auto refresh auth token
2015-05-11 22:24:50 -04:00
Mike Bland
2808ba7beb Update cookie-refresh doc string 2015-05-11 09:55:07 -04:00
Mike Bland
5b07d9fcef Provide a robots.txt that denies all crawlers 2015-05-10 15:15:52 -04:00
Mike Bland
082b7c0ec8 Set cookie-refresh flag = 0; update README, config 2015-05-09 17:36:17 -04:00
Darren Lee
5bc77b0ee8 LinkedIn OAuth support. 2015-04-17 17:35:40 -07:00
Mike Bland
ad3c9a886f Pass the access token to the upstream client
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
2015-04-03 15:32:01 -04:00
Mike Bland
291a0b76b9 Add alternate provider information to README 2015-03-31 15:31:22 -04:00
Jehiah Czebotar
b9b5e817fc improve request logging (closer to Apache Common Log) 2015-03-19 22:34:01 -04:00
Jehiah Czebotar
de04e0c519 rename cookie secure flag 2015-03-19 14:08:17 -04:00
Jehiah Czebotar
ebae065b11 make redirect_uri optional 2015-03-19 14:03:05 -04:00
Jehiah Czebotar
2b2324e410 support (optional) custom templates 2015-03-17 18:11:58 -04:00
Jehiah Czebotar
263e16eeea add --proxy-host-header option 2015-03-17 15:53:01 -04:00
David Howden
975c7173c2 Added scheme parsing to http-address param
Can now listen for HTTP clients on unix sockets (and any other Go-supported stream oriented network - see golang.org/pkg/net/#Listen).  Default behaviour is unchanged, any http-address without a scheme is given the default of tcp.

Amended the README so that the usage output is up to date.
2015-02-11 14:51:57 +11:00
Rhommel Lamas
942245f93d Fix typo 2014-12-29 11:24:46 +01:00
Jehiah Czebotar
ba7aee91d6 update install steps; show login img 2014-11-09 22:06:40 -05:00
Jehiah Czebotar
9060feb436 better environment parsing 2014-11-09 21:12:36 -05:00
Jehiah Czebotar
d4fe9a4f57 Add config file support 2014-11-09 20:33:12 -05:00
Jehiah Czebotar
bc26835076 always set httponly (there is no good reason not to); simplify httponly and expire flags 2014-11-08 14:32:35 -05:00
Jason Swank
8702ad2e52 Add /ping endpoint 2014-10-14 16:22:38 -04:00
Justin Downing
e52a86d027 Update README with new Google Developers workflow
The Google Developers Console has a new interface and workflow. Updated the **OAuth Configuration** section with the correct steps, including a few notes on potential missteps.
2014-06-20 16:00:34 -04:00
Kevin Lamontagne
7dc5b691e7 secrets as environment variables. closes #5 2013-07-30 17:32:27 -04:00
Jehiah Czebotar
e3002667fc readme example updates 2012-12-26 21:53:02 +00:00
Jehiah Czebotar
4fd712566a simpler binary install steps 2012-12-26 20:02:26 +00:00
Jehiah Czebotar
37ca0fba18 readme updates 2012-12-26 18:26:07 +00:00
Jehiah Czebotar
7eb17ba9e0 enable travis
add travis badge
2012-12-26 18:26:05 +00:00
Jehiah Czebotar
c459806ab0 promote basic auth to cookie 2012-12-26 10:35:02 -05:00
Jehiah Czebotar
4177e94a09 Update README.md
fix markdown syntax
2012-12-17 13:04:48 -05:00
Jehiah Czebotar
4861cb8e65 update readme 2012-12-17 13:03:34 -05:00
Jehiah Czebotar
1f4eb9f534 add example nginx config 2012-12-10 21:11:24 -05:00
Jehiah Czebotar
fb636396a3 initial code import 2012-12-10 20:59:23 -05:00
Jehiah Czebotar
c6f07d54d7 initial import 2012-12-10 20:34:58 -05:00