1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-12-10 11:10:27 +02:00
Commit Graph

1430 Commits

Author SHA1 Message Date
Nick Meves
f07a5630f1
Update Keycloak documentation 2020-12-24 14:04:19 -08:00
Nick Meves
138a6b128a
Use ProfileURL for userinfo EnrichSession calls in Keycloak 2020-12-24 14:04:19 -08:00
Nick Meves
0886f8035c
Move all Keycloak unit tests to Ginkgo 2020-12-24 14:04:19 -08:00
Nick Meves
3369799853
Migrate Keycloak to EnrichSession & support multiple groups 2020-12-24 14:04:19 -08:00
Nick Meves
89e0a77a8f
Merge pull request #849 from grnhse/is-831-auth-querystring-groups
Group/Role Access Restriction support in `/oauth2/auth` endpoint
2020-12-24 12:21:40 -08:00
Nick Meves
753f6c548a
Add a detailed allowed_groups example to Important Notes 2020-12-24 12:05:12 -08:00
Nick Meves
65e15f24c1
Support only allowed_groups querystring 2020-12-24 12:05:12 -08:00
Nick Meves
025056cba0
Move AuthOnly authorize logic to a dedicated method 2020-12-24 12:05:11 -08:00
Nick Meves
44d83e5f95
Use StatusForbidden to prevent infinite redirects 2020-12-24 12:04:01 -08:00
Nick Meves
23b2355f85
Allow group authZ in AuthOnly endpoint via Querystring 2020-12-24 12:04:01 -08:00
Joel Speed
8bd2409342
Merge pull request #936 from grnhse/oidc-provider-refactor
OIDC Provider Refactor
2020-12-23 19:04:51 +00:00
Nick Meves
d2ffef2c7e
Use global OIDC fields for Gitlab 2020-12-21 16:54:12 -08:00
Nick Meves
42f6cef7d6
Improve OIDC error handling 2020-12-21 16:53:05 -08:00
Nick Meves
ea5b8cc21f
Support non-list and complex groups 2020-12-21 16:52:18 -08:00
Nick Meves
eb56f24d6d
Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Nick Meves
74ac4274c6
Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
Nick Meves
a1877434b2
Refactor OIDC to EnrichSession 2020-12-21 16:51:52 -08:00
Kirill Müller
4fda907830
Fix and enhance OIDC example (#934)
* Fix and enhance OIDC example

* Restructure

* Indent

* Add full stop.

* Add link

* Add minimalistic README

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-12-19 15:48:33 +00:00
TAGAMI Yukihiro
a5466bb96d
Fix typo and missing InjectResponseHeaders validation (#952) 2020-12-12 10:05:01 -08:00
Mathieu Lecarme
d67d6e3152
Add authorization support for Gitlab projects (#630)
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2020-12-05 10:57:33 -08:00
Joel Speed
5117f2314f
Merge pull request #943 from aimichal/patch-1
Update Slack channel name
2020-12-04 14:39:26 +00:00
Michal Guerquin
f260c3707a
Update Slack channel name 2020-12-03 15:20:31 -08:00
Joel Speed
87c67b09a7
Merge pull request #907 from oauth2-proxy/alpha-config
Introduce alpha configuration option to enable testing of structured configuration
2020-12-01 09:28:47 +00:00
Joel Speed
d749c11e73
Add changelog entry for adding alpha configuration 2020-12-01 08:57:13 +00:00
Joel Speed
b201dbb2d3
Add convert-config-to-alpha flag to convert existing configuration to alpha structure 2020-12-01 08:56:51 +00:00
Joel Speed
5b683a7631
Add local environment that uses alpha configuration 2020-12-01 08:56:50 +00:00
Joel Speed
f36dfbb494
Introduce alpha configuration loading 2020-12-01 08:56:49 +00:00
Joel Speed
5b003a5657
SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
Joel Speed
d587030019
Merge pull request #938 from grnhse/naming-refactor-tweaks
Cleanup method name refactors missed in comments
2020-11-30 19:38:43 +00:00
Nick Meves
26ed080bed
Cleanup method name refactors missed in comments 2020-11-29 14:18:14 -08:00
Nick Meves
f6ae15e8c3
Merge pull request #869 from grnhse/streamline-provider-naming
Streamline Provider Interface & Bearer Session Handlers
2020-11-28 10:30:09 -08:00
Nick Meves
57a8ef06b4
Fix method renaming in comments and tests 2020-11-28 10:25:12 -08:00
Nick Meves
5f8f856260
Remove failed bearer tokens from logs 2020-11-28 10:25:12 -08:00
Nick Meves
22f60e9b63
Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves
44fa8316a1
Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489
Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
Nick Meves
e9f787957e
Standardize provider interface method names 2020-11-28 10:25:11 -08:00
Joel Speed
2706909fe3
Merge pull request #850 from grnhse/is-834-userinfo-expansion
Add User & Groups to Userinfo
2020-11-27 16:36:41 +00:00
Nick Meves
7407fbd3a7
Add more UserInfo test cases 2020-11-25 19:00:58 -08:00
Nick Meves
2549b722d3
Add User & Groups to Userinfo 2020-11-25 18:19:48 -08:00
Nick Meves
3ff0c23a9e
Merge pull request #931 from apeschel/topic/stable-repo-url-fix
Use New Stable Chart URL
2020-11-24 20:57:28 -08:00
Aaron Peschel
527c0c311c Use New Stable Chart URL
The existing URL no longer works. This commit updates the Chart
dependencies to use the new Stable chart URL.

This will fix the "Chart not found" errors that occur if these example
resources are used.

Please keep in mind this is only a bandaid, as the repository is still
EOL, and should not be used.
2020-11-23 11:45:34 -08:00
Joel Speed
8bed7aafbd
Merge pull request #925 from oauth2-proxy/fix-basic-auth
Fix basic auth legacy header conversion
2020-11-19 20:14:44 +00:00
Joel Speed
482cd32a17
Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
eb07005a5c
Merge pull request #916 from oauth2-proxy/alpha-config-types
Add AlphaOptions struct to prepare for alpha config loading
2020-11-19 17:11:16 +00:00
Joel Speed
aed43a54da
Add DefaultUpstreamFlushInterval to replace magic time.Second value 2020-11-19 10:39:21 +00:00
Joel Speed
8e582ac02a
Add changelog entry for adding alphaoptions struct 2020-11-19 10:35:56 +00:00
Joel Speed
d353d94631
Add AlphaOptions struct and ensure that all children have valid JSON tags 2020-11-19 10:35:31 +00:00
Joel Speed
b6d6f31ac1
Introduce Duration so that marshalling works for duration strings 2020-11-19 10:35:29 +00:00
Akira Ajisaka
ed92df3537
Support TLS 1.3 (#923)
* Support TLS 1.3

* Set TLS 1.3 explicitly to fix gosec warning.

* Add an entry to changelog.

* Fix typo in the changelog.

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-19 10:25:53 +00:00